This course builds practical skills in reconnaissance, scanning, exploitation, and reporting techniques used by professional penetration testers. Participants will learn to approach systems with an attacker’s mindset, supported by practical labs and expert-led guidance.
Learning Outcomes:
Apply security testing methodologies and tools to conduct security audits
Analyse security testing results to highlight process gaps and non-compliance
Develop strategies to mitigate security risks
Manage the implementation of security compliance processes
Key Topics:
Core Technical Skills for Penetration Testing Compliance
Background Information Gathering and Open-Source Audit Tools
Web Penetration Testing Methodologies & Compliance
Analysis of Networking Equipment Security Compliance
Root-Cause Analysis for Web Technology Vulnerabilities
Certification preparation for CREST CPSA examination
Exam Details
This course is designed to build participants’ understanding of key concepts and domains covered in the CREST Practitioner Security Analyst (CPSA) certification.
Participants will also build the foundational competencies needed to conduct penetration testing, identify security vulnerabilities, document findings, and recommend risk mitigation strategies — all in alignment with the expectations of the CPSA exam.
To maximise success, participants are strongly encouraged to complement the course with additional self-study, revision of course materials, and dedicated practice before attempting the exam.
FUNDING INFORMATION
SkillsFuture Singapore (SSG)
Funding is available on Course Fee. Please see below for the eligibility categories available.
| Self-sponsored | Singapore Citizen & PR aged ≥ 21 years | Up to 50% funding |
| Singapore Citizen aged ≥ 40 years | Up to 70% funding | |
| Company Sponsored (Non-SME) | Singapore Citizen & PR aged ≥ 21 years | Up to 50% funding |
| Singapore Citizen aged ≥ 40 years | Up to 70% funding | |
| Company Sponsored (SME) | Singapore Citizen & PR aged ≥ 21 years | Up to 70% funding |
| Singapore Citizen aged ≥ 40 years | Up to 70% funding |
SSG Funding Requirements
- Trainees must scan their attendance twice daily using the SingPass application.
- Trainees must attain at least 75% attendance.
- Trainees must pass the in-house assessment to be eligible for funding.
- Trainee and/or sponsoring company is/are required to meet all SSG-mandated eligibility criteria and requirements for funding. For more information, please refer to SkillsFuture homepage.
Appeal Policy and Procedure
- As a candidate in this course assessment, you may appeal your results if you disagree with them.
- To do so, submit your written appeal request via email to esv_comat_cse@stengg.com within 3 working days from date of assessment.
Cancellation, Postponement and Refund Policy
- Request for cancellation or postponement must be submitted in writing more than 4 weeks before the class start date to avoid any charges.
- Written notice for cancellation or postponement received 2 to 4 weeks before class start date will incur Late Cancellation Charge - 50% of course fee.
- Written notice for cancellation or postponement received less than 2 weeks before class start date will incur Late Cancellation Charge - 100% of course fee.
- If payment has been made and ST Engineering e-Services Pte Ltd accepts the trainee's written notification to cancel or withdraw from the course, ST Engineering e-Services Pte Ltd will issue a refund, less any applicable Late Cancellation Charges.
Feedback Policy and Procedure
- You may submit feedback via email to esv_comat_cse@stengg.com or your servicing Account Manager.
- Any formal feedback will be handled within 10 working days from receipt with a written reply given. An interim reply will be provided should more time be required.
Course Topics
- Core Technical Skills for Penetration Testing Compliance
- Background Information Gathering and Open-Source Audit Tools
- Web Penetration Testing Methodologies & Compliance
- Soft Skills for Communicating Pen Testing Findings
- Analysis of Networking Equipment Security Compliance
- Web Pen Testing Techniques for Identifying Non-Compliance
- Database Security Auditing and Gap Analysis
- Root-Cause Analysis for Web Technology Vulnerabilities
- Improving Compliance in Microsoft Windows Security
- Unix Security Enhancement Strategies
- Database Security Compliance Process
- Adapting Microsoft Windows Security Assessments to Regulatory Updates
- Aligning Unix Security Assessments with Revised Standards
- Web Technologies Compliance Updates and Change Management
.png?width=50&name=Artificial%20Intelligence%20(AI).png)
-1.png?width=360&name=Server%20(4)-1.png)
/AI%20(6)-1-1.png?width=360&name=AI%20(6)-1-1.png)
/AI%20(8)-1.png?width=360&name=AI%20(8)-1.png)
-1.png?width=360&name=Automation%20RPA%20(2)-1.png)
/AI%20(5)-1.png?width=360&name=AI%20(5)-1.png)
