CREST Practitioner Security Analyst (CPSA)


CREST Practitioner Security Analyst is a multi-choice examination in which the candidate is expected to answer questions about vulnerabilities in networks, applications, databases and latest technologies.

Our course is closely aligned to syllabus defined by CREST for Security CREST Practitioner Security Analyst.  The CREST CPSA training is the required baseline qualification for a career in Penetration Testing and must be obtained before the CRT examination.

  • In this course the student will learn to develop to the maximum their capacities as professional pentester
  • The course makes a deep analysis of the phases, methodology and techniques
  • The course is oriented 100% to learn theoretical content of CREST Certifications
  • The course material includes access to the academy, support material, exercises, videos and access to laboratories
  • On-line instructors to answer questions and follow-up
  • Unlimited access to the academy and its content
  • Periodic updates



  • Basic understanding of networking: TCP/IP, Routing, Forwarding, OSI model
  • Reading and understanding C, Python, JAVA, PHP code will help although not mandatory.
  • Basic understanding of HTTP protocol, Cookies, Sessions
  • Understanding of IT Security matters and basics of Penetration Testing
  • No development skills required.


CREST Practitioner Security Analyst (CPSA)

The CREST CPSA module will prepare the candidate to pass the CPSA CREST Practitioner Security Analyst examination. The candidate must demonstrate that he can perform web infrastructure tests and basic applications and interpret the results to locate vulnerabilities.



  • +50  Pentest video on Infrastructure and +35 Pentest video on Web Applications
  • Online teachers to answer questions and follow-up
  • Multiplatform access to the academy
  • Exam multi-choose questions
  • Practical exercises and proofs of concept
  • Private access by VPN 24×7 to all laboratories
This training course is for


  • Pentesters
  • IT Professionals
  • Managers / Managers
  • Developers
  • System Administrators
  • Security enthusiasts who want to expand knowledge
You will be able to

Upon completion of this course you will be able

  • You will have the necessary knowledge to take the CSPA exam
  • Develop a personalised scope and implement commitment rules for penetration testing projects to ensure that work is focused, well defined and performed safely
  • Learn how to carry out a detailed recognition using documents metadata, search engines and other publicly available information sources to develop a technical and organizational understanding of the target environment
  • A deep knowledge in the enumeration and exploitation of windows and unix systems
  • Learn methodologies and how to write high-level executive and technical reports
  • Use Nmap to perform full network scans, port scanning, operating system fingerprints
  • Learn how to correctly execute the Nmap Scripting Engine scripts to extract detailed information from the target systems
  • Configure and deploy Nessus to discover vulnerabilities through authenticated and unauthenticated scans safely
  • Analyze the output of the scanning tools to manually verify the findings and perform a false positive reduction
  • Use the Windows and Linux command lines to loot target systems to obtain vital information that can further improve the progress of penetration tests
  • Set up the Metasploit exploit tool to scan, explode and then pivot through a deep target environment
  • Apply a detailed methodology in your web application penetration tests: recognition, application map, discovery and exploitation
  • Analyze successfully the results of the tools
  • Validate the findings, determine their impact on the business and eliminate false positives
  • Discover and exploit web vulnerabilities manually
  • Discover and exploit TOP10 failures of OWASP 2017 and determine the true risk to the organization
  • Create configurations and use tools to streamline the process
  • Explain the impact for the organization when the operation is successful.
  • Analyze the traffic between the client and the server application
Hands-on Training

Real Environment

  • Enumerate Services
  • Gathering
  • Pivoting
  • Windows Enumeration and Discover
  • Web application assessment
  • Find Vulnerable Services
  • Databases Assessment
  • Unix Assessment
  • Common passwords
  • Weak passwords
  • Missing patching
  • Methodologies

Card Payment

Corporate & Groups

An annual or personal license to build a continuous learning in iHackLabs with a Supervisor Dashboard for monitoring learner students progress and a discount for volume purchases

Fill out this field
Fill out this field
Fill out this field
Fill out this field
You need to agree with the terms to proceed


Online Option
£1800 Ex VAT
  • ONE PACK - CPSA + CRT Training


How much do the courses cost?

There is only one course that will prepare the student for both CPSA and CRT certifications.

Online training is £1800+VAT

Onsite training calendar and prices will be announced soon.

Can I take the courses separately?

iHackLabs has experience teaching cybersecurity professionals and has created one course which will prepare the student for both CPSA and CRT certifications.

We all know that put into practice the lessons learned to help us to gain a deeper understanding of the subjects, that’s why we have created an overall course that will prepare the student to pass both certifications.

What does the training include?

Unlimited access to our virtual academy for the theoretical content.

90 days of access to our virtual labs.

What do I need to connect to the laboratories?

VPN software
Your favourite pentesting tools (Kali Linux recommended)
Internet connection

it’s important to know that the laboratory time cannot be paused. One the payment has been made, the student has 90 days access to the virtual labs.

Are there any trainers to ask for help if I get stuck?

iHackLabs trainers possess the best certifications of the industry, including CREST certifications.

They love to teach, and they will be available to clarify all the student´s doubts.

I need more information

Please contact us at [email protected]

CREST Practitioner Security Analyst (CSPA) - Multi-Choice Exam

Appendix A: Soft Skills and Assessment Management
Appendix B: Core Technical Skills
Appendix C: Background Information Gathering & Open Source
Appendix D: Networking Equipment
Appendix E: Microsoft Windows Security Assessment
Appendix F: Unix Security Assessment
Appendix G: Web Technologies
Appendix H: Web Testing Methodologies
Appendix I: Web Testing Techniques
Appendix J: Databases
Preparation for the CSPA exam
Appendix A: Soft Skills and Assessment Management
    • A1 Engagement Lifecycle
    • A2 Law & Compliance
    • A3 Scoping
    • A4 Understanding Explaining and Managing Risk
    • A5 Record Keeping, Interim Reporting & Final Results
Appendix B: Core Technical Skills
  • B1 IP Protocols
  • B2 Network Architectures
  • B4 Network Mapping & Target Identification
  • B5 Interpreting Tool Output
  • B6 Filtering Avoidance Techniques
  • B8 OS Fingerprinting
  • B9 Application Fingerprinting and Evaluating Unknown Services
  • B10 Network Access Control Analysis
  • B11 Cryptography
  • B12 Applications of Cryptography
  • B13 File System Permissions
  • B14 Audit Techniques
Appendix C: Background Information Gathering & Open Source
  • C1 Registration Records
  • C2 Domain Name  Server (DNS)
  • C3 Customer Web Site Analysis
  • C4 Google Hacking and Web Enumeration
  • C5 NNTP Newsgroups and Mailing Lists
  • C6 Information Leakage from Mail & News Headers
Appendix D: Networking Equipment
  • D1 Management Protocols
  • D2 Network Traffic Analysis
  • D3 Networking Protocols
  • D4 IPSec
  • D5 VoIP
  • D6 Wireless
  • D7 Configuration Analysis
Appendix E: Microsoft Windows Security Assessment
  • E1 Domain Reconnaissance
  • E2 User Enumeration
  • E3 Active Directory
  • E4 Windows Passwords
  • E5 Windows Vulnerabilities
  • E6 Windows Patch Management Strategies
  • E7 Desktop Lockdown
  • E8 Exchange
  • E9 Common Windows Applications
Appendix F: Unix Security Assessment
  • F1 User enumeration
  • F2 Unix vulnerabilities
  • F3 FTP
  • F4 Sendmail / SMTP
  • F5 Network File System (NFS)
  • F6 R* services
  • F7 X11
  • F8 RPC services
  • F9 SSH
Appendix G: Web Technologies
  • G1 Web Server Operation
  • G2 Web Servers & their Flaws
  • G3 Web Enterprise Architectures
  • G4 Web Protocols
  • G5 Web Mark-up Languages
  • G6 Web Programming Languages
  • G7 Web Application Servers
  • G8 Web APIs
  • G9 Web SubComponents
Appendix H: Web Testing Methodologies
  • H1 Web Application Reconnaissance
  • H2 Threat Modelling and Attack Vectors
  • H3 Information Gathering from Web Mark-up
  • H4 Authentication Mechanisms
  • H5 Authorisation Mechanisms
  • H6 Input Validation
  • H8 Information Disclosure in Error Messages
  • H9 Use of Cross Site Scripting Attacks
  • H10 Use of Injection Attacks
  • H11 Session Handling
  • H12 Encryption
  • H13 Source Code Review
Appendix I: Web Testing Techniques
  • I1 Web Site Structure Discovery
  • I2 Cross Site Scripting Attacks
  • I3 SQL Injection
  • I6 Parameter Manipulation
Appendix J: Databases
  • J1 Microsoft SQL Server
  • J2 Oracle RDBMS
  • J3 Web / App / Database Connectivity
Preparation for the CSPA exam

iHackLabs has prepared test simulations based on their academy  to improve the probability of success of passing the practical CSPA exam. This part is mandatory to take CRT exam part.

iHackLabs has used the CREST notes to create a dynamic environment, where to improve the speed, the methodology and the guarantees of having all the available knowledge to successfully overcome this certification.

These examinations are delivered at a Pearson Vue centre of your choice. Please visit and follow the on-screen instructions to schedule your chosen examination

It is possible to obtain more information how is the exams in the next link of CREST