ISTQB Security TesterLength: 4 Days

Format: Live In-house Instructor-led, e-Learning

Note: This course is in beta format and we are scheduling course bookings for late 2016 and early 2017. For more details, contact us by e-mail or phone (405-691-8075).

With the prevelance of cyber security breaches, it is clear that more attention is needed in testing that security defenses are in place and working effectively. This course and certification covers much more than just penetration testing. Certainly, penetration testing is part of security testing, but there are many other threats and vulnerabilities that require other security testing approaches. This course follows the ISTQB Advanced Security Tester Syllabus and is written and presented by Randall W. Rice, chair of the ISTQB Advanced Security Tester Syllabus Working Group.

To sit for the ISTQB Advanced Security Tester exam, you must hold the ISTQB Certified Tester, Foundation Level (CTFL) designation (or equivalent) and have 3+ years of software testing and related experience. Basic security and security testing concepts are assumed knowledge. We have another course that covers Foundational Security Testing (a non-certification course) that is helpful in building knowledge of basic security testing concepts.

Exercises are performed for every K3 and K4 learning objective.

Topics

Module 1 - The Basis of Security Testing

  • Security Risks
  • Information Security Policies and Procedures
  • Security Auditing and Its Role in Security Testing

Module 2 - Security Testing Purposes, Goals and Strategies

  • Introduction
  • The Purpose of Security Testing
  • The Organizational Context
  • Security Testing Objectives
  • The Scope and Coverage of Security Testing Objectives
  • Security Testing Approaches
  • Improving the Security Testing Practices

Module 3 - Security Testing Processes

  • Security Test Process Definition
  • Security Test Planning
  • Security Test Design
  • Security Test Execution
  • Security Test Evaluation
  • Security Test Maintenance

Module 4 - Security Testing Throughout the Software Lifecycle

  • Role of Security Testing in a Software Lifecycle
  • The Role of Security Testing in Requirements
  • The Role of Security Testing in Design
  • The Role of Security Testing in Implementation Activities
  • The Role of Security Testing in System and Acceptance Test Activities
  • The Role of Security Testing in Maintenance

Module 5 - Testing Security Mechanisms

  • System Hardening
  • Authentication and Authorization
  • Encryption
  • Firewalls and Network Zones
  • Intrusion Detection
  • Malware Scanning
  • Data Obfuscation
  • Training

Module 6 - Human Factors in Security Testing

  • Understanding the Attackers
  • Social Engineering
  • Security Awareness

Module 7 - Security Test Evaluation and Reporting

  • Security Test Evaluation
  • Security Test Reporting

Module 8 - Security Testing Tools

  • Types and Purposes of Security Testing Tools
  • Tool Selection

Module 9 - Standards and Industry Trends

  • Understanding Security Testing Standards

  • Applying Security Standards

  • Industry Trends

 

 

Powered by Spearhead Software Labs Joomla Facebook Like Button

Buy The Book!

top-ten-book-shaddow

Randy's book, Surviving the Top Ten Challenges of Software Testing, will help you solve some of your toughest testing problems: people problems!
Now in Kindle format!
Click on the image to buy it from Amazon.com.

Go to top