EC-Council: Difference between revisions
Undid revision 1035791436 by ArnikaCorp (talk) |
m Typo/quotemark fixes, replaced: where discovered → were discovered, ’s → 's (2) |
||
(48 intermediate revisions by 31 users not shown) | |||
Line 1: | Line 1: | ||
{{Short description|American cybersecurity training organization}} |
|||
The '''International Council of Electronic Commerce Consultants''' ('''EC-Council''') is an American organization that offers cybersecurity certification, education, training, and services in various cybersecurity skills. EC-Council is headquartered in [[Albuquerque]], [[New Mexico]], and has certified over 237,000 professionals from 145 countries.<ref>{{cite web|title=About Us|url=https://www.eccouncil.org/about/|access-date=2021-03-12|website=EC-Council|language=en-US}}</ref> |
|||
{{Infobox company |
|||
| name = EC-Council |
|||
| logo = Ec_Council_Logo.png |
|||
| alt = <!-- alt text; see [[Official logo of EC-Council]] --> |
|||
| trade_name = EC-Council (2001-present) |
|||
| type = [[Limited liability company]] |
|||
| foundation = {{Start date and years ago|2001}} |
|||
| founder = Jay Bavisi |
|||
| defunct = <!-- date of extinction, optional --> |
|||
| location = 101 Sun Ave NE <br /> [[Albuquerque]] <br /> [[New Mexico]], 87109, [[United States|U.S.]] |
|||
| num_locations = |
|||
| homepage = {{URL|https://eccouncil.org/}} |
|||
}} |
|||
'''EC-Council''' is a [[cybersecurity]] certification, education, training, and services company based in [[Albuquerque]], [[New Mexico]]. |
|||
==History== |
==History== |
||
Jay Bavisi is the Founder of EC-Council Holding Pte Ltd,<ref>{{cite web|title=Jay Bavisi, Founder and CEO of EC-Council|website=[[Business Wire]]|url=https://www.businesswire.com/news/home/20220907005072/en/EC-Council-to-Increase-Development-of-Ethical-Hackers-to-Address-Mounting-Shortage-of-Cybersecurity-Professionals|access-date=7 September 2022}}</ref><ref>{{cite web|title=EC-Council President and CEO Jay Bavisi|website=[[Business Insider]]|url=https://markets.businessinsider.com/news/stocks/ec-council-president-and-ceo-jay-bavisi-to-announce-the-next-big-thing-in-cybersecurity-in-a-live-webinar-on-september-16-1029547141|access-date=31 August 2020}}</ref> the parent company of all of EC-Council Group of Companies. The first organization of the group, International Council of Electronic Commerce Consultants (EC-Council) was founded in 2001 in response to the [[September 11 attacks]] to certify professionals who could protect against attacks on [[electronic commerce]]. |
|||
EC-Council was co-founded in 2001 by Haja Mohideen<ref>https://www.ethicalhacker.net/columns/editor-in-chief/interview-ec-council-offers-details-and-insights-on-ceh-v6/</ref> and Jay Bavisi in response to the [[September 11 attacks]] to certify professionals who could protect against attacks on electronic commerce. |
|||
EQT Private Equity invested in EC-Council in September 2021<ref>{{cite web|website=[[Bloomberg L.P.|Bloomberg]]|url=https://www.bloomberg.com/press-releases/2021-09-27/eqt-private-equity-invests-in-ec-council-a-global-leader-in-cybersecurity-training-and-certification| title=EQT Private Equity invests in EC-Council |
|||
|access-date=27 September 2021}}</ref> EC-Council is the creator of popular certification programs such as CEH,<ref>{{Cite web|url=https://www.eccouncil.org/cyber-security-seminar-empowering-students/|title=EC- Council empowers Students through a Seminar on Cyber Security|date=12 September 2013}}</ref><ref>{{cite web|url=https://www.indiainfoline.com/article/news-business/ec-council-organizes-a-seminar-on-cyber-security-113110817403_1.html|title=EC-Council organizes a seminar on cyber security|agency=[[India Infoline]]|date=2 September 2013|access-date=27 July 2021}}</ref> CHFI, ECSA/LPT and the [[Certified Ethical Hacker]] (CEH) program for [[White hat (computer security)|white hat hackers]] in 2003. EC-Council became a certifier of training courses and exams instead of founding entirely new schools, mobilizing entrepreneurs in the [[information security]] training business. CEH courses were offered in more than 60 countries by 2007, and the program expanded rapidly.<ref>{{cite web|last=Slayton|first=Rebecca|date=2017-02-14|title=Limn: The Paradoxical Authority of the Certified Ethical Hacker|url=https://limn.it/articles/the-paradoxical-authority-of-the-certified-ethical-hacker/|access-date=27 July 2021|website=Limn}}</ref> |
|||
As of 2023, the CEH certification is part of the possible certifications to some cyber-security functions within the [[United States Department of Defense]], as part of its [https://www.defense.gov/News/Releases/Release/Article/3299971/dod-cio-issues-dod-manual-8140/ Directive 8140].<ref>{{cite web|title=Persectives on Building a Cyber Force Structure|url=https://ccdcoe.org/uploads/2018/10/Starr-Perspectives-on-Building-a-Cyber-Force-Structure.pdf|access-date=27 July 2021}}</ref><ref>{{Cite web |title=DoD Approved 8570 Baseline Certifications – DoD Cyber Exchange |url=https://public.cyber.mil/wid/cwmp/dod-approved-8570-baseline-certifications/ |access-date=2023-05-18 |website=public.cyber.mil}}</ref> |
|||
In 2010, the EC-Council part of the organisations selected by the [[The Pentagon|Pentagon]] to oversee training of Department of Defense employees who work in computer security-related jobs.<ref>{{cite web|title=Pentagon trains workers to hack Defense computers|website=[[CNN]]|url=http://www.cnn.com/2010/TECH/03/10/pentagon.hacking/index.html|access-date=27 July 2021|agency=[[CNN]]}}</ref> |
|||
CEH v11{{Clarify|date=March 2021}} was released in September 2020.<ref>{{Citation|title=The Next Big Thing In Cybersecurity Skill Development|url=https://www.youtube.com/watch?v=4NtFPcE8bK4|access-date=2021-03-12}}</ref> |
|||
== Controversies, shortcomings and plagiarism == |
|||
⚫ | |||
In May 2006, the website of the EC-Council was [[Website defacement|defaced]],<ref>{{Cite web |title=EC-Council.org Defaced in 2006 |url=http://zone-h.org/mirror/id/4100630?hz=1 |access-date=2023-05-17 |website=zone-h.org}}</ref> and again in 2014, restored, then defaced, again, due to password reuse.<ref>{{Cite web |date=2015-09-24 |title="The Plague" returns to deface EC Council website {{!}} CSO Online |url=http://www.csoonline.com/article/2137027/malware-cybercrime/-the-plague--returns-to-deface-ec-council-website.html |access-date=2023-05-17 |archive-url=https://web.archive.org/web/20150924213420/http://www.csoonline.com/article/2137027/malware-cybercrime/-the-plague--returns-to-deface-ec-council-website.html |archive-date=2015-09-24 }}</ref> The attacker managed to exfiltrate sensitive data like passport pictures from the applicants, including notably [[Edward Snowden]]'s.<ref>{{Cite web |last=McCormick |first=Rich |date=2014-02-24 |title=Ethical hacking organization hacked, website defaced with Edward Snowden's passport |url=https://www.theverge.com/2014/2/24/5441386/ethical-hacking-organization-website-defaced-with-snowden-passport |access-date=2023-05-17 |website=The Verge |language=en-US}}</ref> |
|||
⚫ | EC-Council offers [[Professional certification (computer technology)|professional certifications]] for the [[IT security]] field, such as Certified Network Defender (CND), Certified Chief Information Security Officer (CCISO), and Computer Hacking Forensics Investigator (CHFI).<ref>{{ |
||
On at least two instances, the EC-Council's website has also been prone to [[Cross-site scripting]] vulnerabilities. In June of 2011, two vulnerabilities were discovered, both on the "portal" subdomain.<ref>{{Cite web |last=Nulled Byte |title=Double nibble URI decoding XSS Vulnerability on EC Council website |url=https://thehackernews.com/2011/06/double-nibble-uri-decoding-xss.html |access-date=2023-05-17 |website=The Hacker News |language=en}}</ref><ref>{{Cite web |title=EC-Council Web Site Vulnerable to Several XSS |url=https://attrition.org/errata/charlatan/ec-council/eccouncil-xss.html |access-date=2023-09-13 |website=attrition.org}}</ref> An additional vulnerability was found in May 2013.<ref>{{Cite web |title=Charlatan: EC-Council Found Vulnerable to 2nd XSS |url=https://attrition.org/errata/charlatan/ec-council/eccouncil-xss-2.html |access-date=2023-05-17 |website=attrition.org}}</ref> |
|||
==IT Security professional certifications==<!-- PLEASE RESPECT ALPHABETICAL ORDER --> |
|||
*Certified Secure Computer User (CSCU)<ref>{{Cite web|title=Certified Secure Computer User (CSCU)|url=https://www.eccouncil.org/programs/certified-secure-computer-user-cscu/|access-date=2021-03-12|website=EC-Council|language=en-US}}</ref> |
|||
During 2011, an EC-Council employee has been using [[Spam in blogs|comments spam]] to advertise the [[Certified Ethical Hacker]] certification. This was called a "fictional theory" by Jay Bavisi, President of EC-Council, despite evidences proving otherwise.<ref name=":0">{{Cite web |date=2022-07-19 |title=Who on earth would be trying to promote EC-Council University via comment spam on my website? |url=https://grahamcluley.com/ec-council-university-comment-spam/ |access-date=2023-05-17 |website=Graham Cluley |language=en-GB}}</ref> |
|||
*EC-Council Certified Security Specialist (ECSS)<ref>{{Cite web|title=EC-Council Certified Security Specialist {{!}} ECSS|url=https://www.eccouncil.org/programs/certified-security-specialist-ecss/|access-date=2021-03-12|website=EC-Council|language=en-US}}</ref> |
|||
The EC-Council has also been holding sexist discourse on several occasions: |
|||
*Certified Network Defender (CND)<ref>{{Cite web|title=Certified Network Defender {{!}} Network Security Certifications and Training|url=https://www.eccouncil.org/programs/certified-network-security-course/|access-date=2021-03-12|website=EC-Council|language=en-US}}</ref> |
|||
*Certified Ethical Hacker (CEH)<ref>{{Cite web|title=Certified Ethical Hacker {{!}} CEH Certification {{!}} CEH v11|url=https://www.eccouncil.org/programs/certified-ethical-hacker-ceh/|access-date=2021-03-12|website=EC-Council|language=en-US}}</ref> |
|||
* In 2015, writing that "women should wear pants suit with heels" to be credible when doing [[Penetration test|pentesting]].<ref name=":1">{{Cite web |last=Dallaway |first=Eleanor |date=2021-04-11 |title=The Story of the EC-Council Gender Survey Scandal: Survey Creator Says "It Was Written by Women so it Can't be Sexist" |url=https://www.infosecurity-magazine.com/blogs/the-story-of-the-eccouncil-gender/ |access-date=2023-05-17 |website=Infosecurity Magazine}}</ref> |
|||
*Certified Ethical Hacker (Master)<ref>{{Cite web|title=Certified Ethical Hacker Master {{!}} CEH Master|url=https://www.eccouncil.org/programs/certified-ethical-hacker-ceh-master/|access-date=2021-03-12|website=EC-Council|language=en-US}}</ref> |
|||
* In 2021, publishing a survey about the challenges faced by women in cybersecurity, with "Only men can do this job" and "Women can't handle this job" and "women aren't encouraged enough" as sole possible answers, and explaining that "the post cannot be sexist coming from all women teams".<ref name=":1" /> |
|||
*Certified Penetration Tester (CPENT)<ref>{{Cite web|title=Certified Penetration Testing Professional {{!}} CPENT|url=https://www.eccouncil.org/programs/certified-penetration-testing-professional-cpent/|access-date=2021-03-12|website=EC-Council|language=en-US}}</ref> |
|||
*Licensed Penetration Tester (Master)<ref>{{Cite web|title=Licensed Penetration Tester (Master) {{!}} LPT (Master) {{!}} CPENT|url=https://www.eccouncil.org/programs/licensed-penetration-tester-lpt-master/|access-date=2021-03-12|website=EC-Council|language=en-US}}</ref> |
|||
In March 2016, the website of the EC-Council was serving the Angler [[exploit kit]]. It took several days for the issue to be resolved.<ref>{{Cite web |date=2016-03-24 |title=Website of security certification provider spreading ransomware |url=https://blog.fox-it.com/2016/03/24/website-of-security-certification-provider-spreading-ransomware/ |access-date=2023-05-17 |website=Fox-IT International blog |language=en-US}}</ref><ref>{{Cite web |last=Goodin |first=Dan |date=2016-03-24 |title=Certified Ethical Hacker website caught spreading crypto ransomware |url=https://arstechnica.com/information-technology/2016/03/certified-ethical-hacker-website-caught-spreading-crypto-ransomware/ |access-date=2023-05-17 |website=Ars Technica |language=en-us}}</ref> |
|||
*Certified Network Defense Architect (CNDA)<ref>{{Cite web|title=Certified Network Defense Architect (CNDA)|url=https://www.eccouncil.org/programs/certified-network-defense-architect-cnda/|access-date=2021-03-12|website=EC-Council|language=en-US}}</ref> |
|||
*Computer Hacking Forensic Investigator (CHFI)<ref>{{Cite web|title=Computer Hacking Forensic Investigator-CHFI|url=https://www.eccouncil.org/programs/computer-hacking-forensic-investigator-chfi/}}</ref> |
|||
In 2021, the EC-Council took its entire blog down due to apparent systematic copyright violations and [[plagiarism]] conducted by its marketing team.<ref>{{Cite web |date=2021-06-28 |title=Security training org EC-Council pulls blog over copyright violations, promises editorial improvements |url=https://portswigger.net/daily-swig/security-training-org-ec-council-pulls-blog-over-copyright-violations-promises-editorial-improvements |access-date=2023-05-17 |website=The Daily Swig {{!}} Cybersecurity news and views |language=en}}</ref><ref>{{Cite web |date=2021-06-23 |title=Ethics in Cybersecurity Marketing – Principles of Value Contribution |url=https://alyssasec.com/2021/06/ethics-in-cybersecurity-marketing-principles-of-value-contribution |access-date=2023-05-17 |website=Alyssa Miller |language=en-US}}</ref><ref name=":0" /><ref>{{Cite web |title=Errata: Charlatan - EC-Council (ECC) |url=https://attrition.org/errata/charlatan/ec-council/ |access-date=2023-05-17 |website=attrition.org}}</ref> |
|||
*EC-Council Certified Incident Handler (ECIH)<ref>{{Cite web|title=EC-Council Certified Incident Handler {{!}} ECIH v2.|url=https://www.eccouncil.org/programs/ec-council-certified-incident-handler-ecih/}}</ref> |
|||
*EC-Council Disaster Recovery Professional (EDRP)<ref>{{Cite web|title=EC-Council Disaster Recovery Professional (EDRP).|url=https://www.eccouncil.org/programs/disaster-recovery-professional-edrp/}}</ref> |
|||
⚫ | |||
*Certified Application Security Engineer (CASE) (Java and .NET)<ref>{{Cite web|title=Certified Application Security Engineer – CASE.|url=https://www.eccouncil.org/programs/certified-application-security-engineer-case/}}</ref> |
|||
⚫ | EC-Council offers [[Professional certification (computer technology)|professional certifications]] for the [[IT security]] field, such as Certified Network Defender (CND), Certified Chief Information Security Officer (CCISO), and Computer Hacking Forensics Investigator (CHFI).<ref>{{cite web|title=The Case for Cybersecurity Certifications|url=https://www.govtech.com/blogs/lohrmann-on-cybersecurity/the-case-for-security-certifications.html|access-date=27 July 2021|website=www.govtech.com|date=13 January 2018}}</ref> It also offers certifications in fields related to IT security, including [[IT disaster recovery|disaster recovery]], software security, digital forensics, and general IT security knowledge. |
||
* Certified Blockchain Professional (CBP)<ref>{{Cite web|title=Certified Blockchain Professional {{!}} CBP.|url=https://iclass.eccouncil.org/our-courses/certified-blockchain-professional/}}</ref> |
|||
*Advanced Network Defense (CAST 614) |
|||
*EC-Council Certified Chief Information Security Officer (CCISO)<ref>{{Cite web|title=ciso.eccouncil.org|url=https://ciso.eccouncil.org/}}</ref> |
|||
==Services and products== |
==Services and products== |
||
===EC-Council University (ECCU)=== |
===EC-Council University (ECCU)=== |
||
EC-Council University (ECCU) was licensed by the [[Wyoming Board of Education]] in 2006, despite major concerns from the state Education Department, including the lack of clarity whether the "school would offer substantive academic activity".<ref> |
|||
EC-Council University (ECCU) was incorporated in [[Wyoming]] in 2003 and was licensed by the New Mexico Higher Education Department in 2006.<ref>{{Cite web|last=writer|first=MEAD GRUVER Associated Press|title=State licenses online school|url=https://trib.com/news/state-and-regional/state-licenses-online-school/article_13f10c1d-9212-55a3-b10d-501b2aad84d3.html|access-date=2021-03-12|website=Casper Star-Tribune Online|language=en}}</ref> It offers bachelor’s and [[Master's degree|master’s degrees]] in cybersecurity and graduate certificate programs.<ref>{{Cite web|title=About Us {{!}} Cybersecurity University|url=https://www.eccu.edu/about-eccu/|access-date=2021-03-12|website=EC-Council University}}</ref> |
|||
{{ cite web | date=January 10, 2006 | last=Gruver | first=Mead | title=State licenses online school | website=Casper Star-Tribune | url=https://trib.com/news/state-and-regional/state-licenses-online-school/article_13f10c1d-9212-55a3-b10d-501b2aad84d3.html | access-date=February 7, 2023 | archive-url=https://web.archive.org/web/20230207205242/https://trib.com/news/state-and-regional/state-licenses-online-school/article_13f10c1d-9212-55a3-b10d-501b2aad84d3.html | archive-date=February 7, 2023 | url-status=live | quote="Despite an ongoing push among state education officials to rein in unaccredited colleges and universities, the Wyoming Board of Education on Monday granted a state license to EC-Council University, an unaccredited school that will provide online computer technology degrees from an office in Laramie." }}</ref> It offers [[Bachelor's degree|bachelor]]'s and [[Master's degree|master's degrees]] in cybersecurity and graduate certificate programs since 2015.<ref>{{cite web|title=About Us {{!}} Cybersecurity University|url=https://www.eccu.edu/about-eccu/|access-date=27 July 2021|website=EC-Council University}}</ref><ref>{{Cite web |title=Directory Of Accredited Institutions |url=https://www.deac.org/Student-Center/Directory-Of-Accredited-Institutions.aspx |access-date=2023-05-17 |website=www.deac.org}}</ref> |
|||
===EC-Council CodeRed=== |
===EC-Council CodeRed=== |
||
EC-Council CodeRed was launched in 2019 as a cybersecurity learning platform with a library of 4,000 video lessons.<ref>{{ |
EC-Council CodeRed was launched in 2019 as a cybersecurity learning platform with a library of 4,000 video lessons.<ref>{{cite web|last=SemiColonWeb|title=CodeRed {{!}} Stream Premium Cybersecurity Courses {{!}} Learn Anytime Anywhere|url=https://codered.eccouncil.org/|access-date=27 July 2021|website=CodeRed}}</ref> It provides "[[microdegree]]s" on niche technical subjects.<ref>{{cite web|last=SemiColonWeb|title=CodeRed Microdegrees {{!}} Learn In-Demand Advanced Cybersecurity Skills|url=https://codered.eccouncil.org/Microdegrees|access-date=27 July 2021|website=CodeRed}}</ref> |
||
===EC-Council Global Services=== |
===EC-Council Global Services=== |
||
EC-Council Global Services (EGS) is the consulting services division of the EC-Council Group. It received CREST membership for its cyber incident response, penetration testing, and vulnerability assessment services in 2020.<ref>{{ |
EC-Council Global Services (EGS) is the consulting services division of the EC-Council Group. It received CREST membership for its cyber incident response, penetration testing, and vulnerability assessment services in 2020.<ref>{{cite web|title=CREST Member Companies|url=https://service-selection-platform.crest-approved.org/member_companies/ec-council-global-services-sdn-bhd/index.html|access-date=27 July 2021|website=service-selection-platform.crest-approved.org}}</ref><ref>{{cite web|title=EC-Council Global Services Receives CREST Membership|url=https://www.24-7pressrelease.com/press-release/476679/ec-council-global-services-receives-crest-membership|access-date=27 July 2021|website=24-7 Press Release Newswire}}</ref> |
||
===EC-Council Aware=== |
===EC-Council Aware=== |
||
EC-Council Aware is a cybersecurity training app that was launched in 2020 for iOS and Android.<ref>{{ |
EC-Council Aware is a cybersecurity training app that was launched in 2020 for iOS and Android.<ref>{{cite web|last=CISOMAG|date=14 October 2020|title=Looking for an End-user Training Program? EC-Council's Aware App is Just for You|url=https://cisomag.com/|access-date=27 July 2021|website=CISO MAG {{!}} Cyber Security Magazine}}</ref> |
||
===EC-Council CyberQ=== |
===EC-Council CyberQ=== |
||
EC-Council launched its CyberQ platform in 2020. It is a cloud-based cyber range platform that automates the process of using cloud technology to deploy cyber targets.<ref>{{Cite web|title=CyberQ – Advanced Cyber Range Solution Provider {{!}} EC-Council|url=https://cyberq.eccouncil.org/|access-date=2021 |
EC-Council launched its CyberQ platform in 2020. It is a cloud-based cyber range platform that automates the process of using cloud technology to deploy cyber targets.<ref>{{Cite web|title=CyberQ – Advanced Cyber Range Solution Provider {{!}} EC-Council|url=https://cyberq.eccouncil.org/|access-date=27 July 2021|website=cyberq.eccouncil.org}}</ref> |
||
===CISO MAG=== |
|||
CISO MAG was launched in 2017 as a monthly cybersecurity magazine for [[Chief information security officer|Chief Information Security Officers]] and other [[Information security|infosec]] professionals.<ref>{{Cite web|title=CISO MAG - Crunchbase Company Profile & Funding|url=https://www.crunchbase.com/organization/ciso-mag|access-date=2021-03-12|website=Crunchbase|language=en}}</ref> It is published by EC-Council and has over 30,000 registered readers. |
|||
===EC-Council events=== |
===EC-Council events=== |
||
EC-Council hosts various IT security conferences including [[Hacker Halted]], Global CyberLympics, TakeDownCon, and Global CISO Forum.<ref>{{ |
EC-Council hosts various IT security conferences including [[Hacker Halted]], Global CyberLympics, TakeDownCon, and Global CISO Forum.<ref>{{cite web|title=Finalists for EC-Council Foundation's 2019 Global Cyberlympics Announced|url=https://www.prweb.com/releases/finalists-for-ec-council-foundation-s-2019-global-cyberlympics-announced-854116117.html|access-date=27 July 2021|website=PRWeb}}</ref><ref>{{cite news|last=Goldmeier|first=Jeremy|title=White-Hat Hackers: Meet the geeks who make computing safer by exposing its flaws|url=https://www.riverfronttimes.com/stlouis/white-hat-hackers-meet-the-geeks-who-make-computing-safer-by-exposing-its-flaws/Content?oid=2503818|access-date=27 July 2021|website=Riverfront Times}}</ref><ref>{{cite web|title=Global CISO Forum|url=https://www.prweb.com/releases/ec_council_honors_cio_of_gs_tim_grieveson_as_chief_information_officer_of_the_year/prweb11233122.htm|access-date=16 October 2013|website=PRWeb}}</ref> |
||
==References== |
==References== |
Latest revision as of 13:27, 25 November 2024
EC-Council (2001-present) | |
Company type | Limited liability company |
Founded | 2001 |
Founder | Jay Bavisi |
Headquarters | 101 Sun Ave NE Albuquerque New Mexico, 87109, U.S. |
Website | eccouncil |
EC-Council is a cybersecurity certification, education, training, and services company based in Albuquerque, New Mexico.
History
[edit]Jay Bavisi is the Founder of EC-Council Holding Pte Ltd,[1][2] the parent company of all of EC-Council Group of Companies. The first organization of the group, International Council of Electronic Commerce Consultants (EC-Council) was founded in 2001 in response to the September 11 attacks to certify professionals who could protect against attacks on electronic commerce.
EQT Private Equity invested in EC-Council in September 2021[3] EC-Council is the creator of popular certification programs such as CEH,[4][5] CHFI, ECSA/LPT and the Certified Ethical Hacker (CEH) program for white hat hackers in 2003. EC-Council became a certifier of training courses and exams instead of founding entirely new schools, mobilizing entrepreneurs in the information security training business. CEH courses were offered in more than 60 countries by 2007, and the program expanded rapidly.[6]
As of 2023, the CEH certification is part of the possible certifications to some cyber-security functions within the United States Department of Defense, as part of its Directive 8140.[7][8]
In 2010, the EC-Council part of the organisations selected by the Pentagon to oversee training of Department of Defense employees who work in computer security-related jobs.[9]
Controversies, shortcomings and plagiarism
[edit]In May 2006, the website of the EC-Council was defaced,[10] and again in 2014, restored, then defaced, again, due to password reuse.[11] The attacker managed to exfiltrate sensitive data like passport pictures from the applicants, including notably Edward Snowden's.[12]
On at least two instances, the EC-Council's website has also been prone to Cross-site scripting vulnerabilities. In June of 2011, two vulnerabilities were discovered, both on the "portal" subdomain.[13][14] An additional vulnerability was found in May 2013.[15]
During 2011, an EC-Council employee has been using comments spam to advertise the Certified Ethical Hacker certification. This was called a "fictional theory" by Jay Bavisi, President of EC-Council, despite evidences proving otherwise.[16]
The EC-Council has also been holding sexist discourse on several occasions:
- In 2015, writing that "women should wear pants suit with heels" to be credible when doing pentesting.[17]
- In 2021, publishing a survey about the challenges faced by women in cybersecurity, with "Only men can do this job" and "Women can't handle this job" and "women aren't encouraged enough" as sole possible answers, and explaining that "the post cannot be sexist coming from all women teams".[17]
In March 2016, the website of the EC-Council was serving the Angler exploit kit. It took several days for the issue to be resolved.[18][19]
In 2021, the EC-Council took its entire blog down due to apparent systematic copyright violations and plagiarism conducted by its marketing team.[20][21][16][22]
Certifications
[edit]EC-Council offers professional certifications for the IT security field, such as Certified Network Defender (CND), Certified Chief Information Security Officer (CCISO), and Computer Hacking Forensics Investigator (CHFI).[23] It also offers certifications in fields related to IT security, including disaster recovery, software security, digital forensics, and general IT security knowledge.
Services and products
[edit]EC-Council University (ECCU)
[edit]EC-Council University (ECCU) was licensed by the Wyoming Board of Education in 2006, despite major concerns from the state Education Department, including the lack of clarity whether the "school would offer substantive academic activity".[24] It offers bachelor's and master's degrees in cybersecurity and graduate certificate programs since 2015.[25][26]
EC-Council CodeRed
[edit]EC-Council CodeRed was launched in 2019 as a cybersecurity learning platform with a library of 4,000 video lessons.[27] It provides "microdegrees" on niche technical subjects.[28]
EC-Council Global Services
[edit]EC-Council Global Services (EGS) is the consulting services division of the EC-Council Group. It received CREST membership for its cyber incident response, penetration testing, and vulnerability assessment services in 2020.[29][30]
EC-Council Aware
[edit]EC-Council Aware is a cybersecurity training app that was launched in 2020 for iOS and Android.[31]
EC-Council CyberQ
[edit]EC-Council launched its CyberQ platform in 2020. It is a cloud-based cyber range platform that automates the process of using cloud technology to deploy cyber targets.[32]
EC-Council events
[edit]EC-Council hosts various IT security conferences including Hacker Halted, Global CyberLympics, TakeDownCon, and Global CISO Forum.[33][34][35]
References
[edit]- ^ "Jay Bavisi, Founder and CEO of EC-Council". Business Wire. Retrieved 7 September 2022.
- ^ "EC-Council President and CEO Jay Bavisi". Business Insider. Retrieved 31 August 2020.
- ^ "EQT Private Equity invests in EC-Council". Bloomberg. Retrieved 27 September 2021.
- ^ "EC- Council empowers Students through a Seminar on Cyber Security". 12 September 2013.
- ^ "EC-Council organizes a seminar on cyber security". India Infoline. 2 September 2013. Retrieved 27 July 2021.
- ^ Slayton, Rebecca (2017-02-14). "Limn: The Paradoxical Authority of the Certified Ethical Hacker". Limn. Retrieved 27 July 2021.
- ^ "Persectives on Building a Cyber Force Structure" (PDF). Retrieved 27 July 2021.
- ^ "DoD Approved 8570 Baseline Certifications – DoD Cyber Exchange". public.cyber.mil. Retrieved 2023-05-18.
- ^ "Pentagon trains workers to hack Defense computers". CNN. CNN. Retrieved 27 July 2021.
- ^ "EC-Council.org Defaced in 2006". zone-h.org. Retrieved 2023-05-17.
- ^ ""The Plague" returns to deface EC Council website | CSO Online". 2015-09-24. Archived from the original on 2015-09-24. Retrieved 2023-05-17.
- ^ McCormick, Rich (2014-02-24). "Ethical hacking organization hacked, website defaced with Edward Snowden's passport". The Verge. Retrieved 2023-05-17.
- ^ Nulled Byte. "Double nibble URI decoding XSS Vulnerability on EC Council website". The Hacker News. Retrieved 2023-05-17.
- ^ "EC-Council Web Site Vulnerable to Several XSS". attrition.org. Retrieved 2023-09-13.
- ^ "Charlatan: EC-Council Found Vulnerable to 2nd XSS". attrition.org. Retrieved 2023-05-17.
- ^ a b "Who on earth would be trying to promote EC-Council University via comment spam on my website?". Graham Cluley. 2022-07-19. Retrieved 2023-05-17.
- ^ a b Dallaway, Eleanor (2021-04-11). "The Story of the EC-Council Gender Survey Scandal: Survey Creator Says "It Was Written by Women so it Can't be Sexist"". Infosecurity Magazine. Retrieved 2023-05-17.
- ^ "Website of security certification provider spreading ransomware". Fox-IT International blog. 2016-03-24. Retrieved 2023-05-17.
- ^ Goodin, Dan (2016-03-24). "Certified Ethical Hacker website caught spreading crypto ransomware". Ars Technica. Retrieved 2023-05-17.
- ^ "Security training org EC-Council pulls blog over copyright violations, promises editorial improvements". The Daily Swig | Cybersecurity news and views. 2021-06-28. Retrieved 2023-05-17.
- ^ "Ethics in Cybersecurity Marketing – Principles of Value Contribution". Alyssa Miller. 2021-06-23. Retrieved 2023-05-17.
- ^ "Errata: Charlatan - EC-Council (ECC)". attrition.org. Retrieved 2023-05-17.
- ^ "The Case for Cybersecurity Certifications". www.govtech.com. 13 January 2018. Retrieved 27 July 2021.
- ^
Gruver, Mead (January 10, 2006). "State licenses online school". Casper Star-Tribune. Archived from the original on February 7, 2023. Retrieved February 7, 2023.
Despite an ongoing push among state education officials to rein in unaccredited colleges and universities, the Wyoming Board of Education on Monday granted a state license to EC-Council University, an unaccredited school that will provide online computer technology degrees from an office in Laramie.
- ^ "About Us | Cybersecurity University". EC-Council University. Retrieved 27 July 2021.
- ^ "Directory Of Accredited Institutions". www.deac.org. Retrieved 2023-05-17.
- ^ SemiColonWeb. "CodeRed | Stream Premium Cybersecurity Courses | Learn Anytime Anywhere". CodeRed. Retrieved 27 July 2021.
- ^ SemiColonWeb. "CodeRed Microdegrees | Learn In-Demand Advanced Cybersecurity Skills". CodeRed. Retrieved 27 July 2021.
- ^ "CREST Member Companies". service-selection-platform.crest-approved.org. Retrieved 27 July 2021.
- ^ "EC-Council Global Services Receives CREST Membership". 24-7 Press Release Newswire. Retrieved 27 July 2021.
- ^ CISOMAG (14 October 2020). "Looking for an End-user Training Program? EC-Council's Aware App is Just for You". CISO MAG | Cyber Security Magazine. Retrieved 27 July 2021.
- ^ "CyberQ – Advanced Cyber Range Solution Provider | EC-Council". cyberq.eccouncil.org. Retrieved 27 July 2021.
- ^ "Finalists for EC-Council Foundation's 2019 Global Cyberlympics Announced". PRWeb. Retrieved 27 July 2021.
- ^ Goldmeier, Jeremy. "White-Hat Hackers: Meet the geeks who make computing safer by exposing its flaws". Riverfront Times. Retrieved 27 July 2021.
- ^ "Global CISO Forum". PRWeb. Retrieved 16 October 2013.