Length: 4 Days
Format: Live In-house Instructor-led, Public Courses, LIve Virtual and e-Learning
Note: For scheduling in-house course presentations, please contact us by e-mail or phone (405-691-8075).
With the prevelance of cyber security breaches, it is clear that more attention is needed in testing that security defenses are in place and working effectively. This course and certification covers much more than just penetration testing. Certainly, penetration testing is an important part of security testing, but there are many other threats and vulnerabilities that require other security testing approaches. This course follows the ISTQB Advanced Security Tester Syllabus and is written and presented by Randall W. Rice, chair of the ISTQB Advanced Security Tester Syllabus Working Group.
To sit for the ISTQB Advanced Security Tester exam, you must hold the ISTQB Certified Tester, Foundation Level (CTFL) designation (or equivalent) and have 3+ years of software testing and related experience. Basic security and security testing concepts are assumed knowledge. We have another course that covers Foundational Security Testing (a non-certification course) that is helpful in building knowledge of basic security testing concepts.
Exercises are performed for every K3 and K4 learning objective.
Major Learning Objectives:
- Plan, perform and evaluate security tests from a variety of perspectives – policy-based, risk-based, standards-based, requirements-based and vulnerability-based.
- Align security test activities with project lifecycle activities.
- Analyze the effective use of risk assessment techniques in a given situation to identify current and future security threats and assess their severity levels.
- Evaluate the existing security test suite and identify any additional security tests.
- Analyze a given set of security policies and procedures, along with security test results, to determine effectiveness.
- For a given project scenario, identify security test objectives based on functionality, technology attributes and known vulnerabilities.
- Analyze a given situation and determine which security testing approaches are most likely to succeed in that situation.
- Identify areas where additional or enhanced security testing may be needed.
- Evaluate effectiveness of security mechanisms.
- Help the organization build information security awareness.
- Demonstrate the attacker mentality by discovering key information about a target, performing actions on a test application in a protected environment that a malicious person would perform, and understand how evidence of the attack could be deleted.
- Analyze a given interim security test status report to determine the level of accuracy, understandability, and stakeholder appropriateness.
- Analyze and document security test needs to be addressed by one or more tools.
- Analyze and select candidate security test tools for a given tool search based on specified needs.
- Understand the benefits of using security testing standards and where to find them.
Who Should Attend?
This course is for:
- Software testers that hold the ISTQB Certified Tester, Foundation Level (CTFL) and want to expand their knowledge of security testing,
- Security testers who hold the CTFL and wish to obtain an advanced certification to solidify their knowledge,
- Security administrators who want to learn more about how to test the security defenses in their organization, and
- Anyone who wants to learn more about security testing but do not necessarily want to take the CTAL-SEC exam.
About the Exam
The Advanced Security Tester exam is 2 hours in length and contains 45 questions. A score of 65% must be achieved in order to pass the exam.
Module 1 - The Basis of Security Testing
- Security Risks
- Information Security Policies and Procedures
- Security Auditing and Its Role in Security Testing
Module 2 - Security Testing Purposes, Goals and Strategies
- The Purpose of Security Testing
- The Organizational Context
- Security Testing Objectives
- The Scope and Coverage of Security Testing Objectives
- Security Testing Approaches
- Improving the Security Testing Practices
Module 3 - Security Testing Processes
- Security Test Process Definition
- Security Test Planning
- Security Test Design
- Security Test Execution
- Security Test Evaluation
- Security Test Maintenance
Module 4 - Security Testing Throughout the Software Lifecycle
- Role of Security Testing in a Software Lifecycle
- The Role of Security Testing in Requirements
- The Role of Security Testing in Design
- The Role of Security Testing in Implementation Activities
- The Role of Security Testing in System and Acceptance Test Activities
- The Role of Security Testing in Maintenance
Module 5 - Testing Security Mechanisms
- System Hardening
- Authentication and Authorization
- Firewalls and Network Zones
- Intrusion Detection
- Malware Scanning
- Data Obfuscation
Module 6 - Human Factors in Security Testing
- Understanding the Attackers
- Social Engineering
- Security Awareness
Module 7 - Security Test Evaluation and Reporting
- Security Test Evaluation
- Security Test Reporting
Module 8 - Security Testing Tools
- Types and Purposes of Security Testing Tools
- Tool Selection
Module 9 - Standards and Industry Trends
Understanding Security Testing Standards
Applying Security Standards