ISTQB Security TesterLength: 4 Days

Format: Live In-house Instructor-led, Live Virtual, e-Learning

With the prevelance of cyber security breaches, it is clear that more attention is needed in testing that security defenses are in place and working effectively. This course and certification covers much more than just penetration testing. Certainly, penetration testing is part of security testing, but there are many other threats and vulnerabilities that require other security testing approaches. This course follows the ISTQB Advanced Security Tester Syllabus and is written and presented by Randall W. Rice, chair of the ISTQB Advanced Security Tester Syllabus Working Group.

To sit for the ISTQB Advanced Security Tester exam, you must hold the ISTQB Certified Tester, Foundation Level (CTFL) designation (or equivalent) and have 3+ years of software testing and related experience. Basic security and security testing concepts are assumed knowledge. We have another course that covers Foundational Security Testing (a non-certification course) that is helpful in building knowledge of basic security testing concepts.

Exercises are performed for every K3 and K4 learning objective.

Topics

Module 1 - The Basis of Security Testing

  • Security Risks
  • Information Security Policies and Procedures
  • Security Auditing and Its Role in Security Testing

Module 2 - Security Testing Purposes, Goals and Strategies

  • Introduction
  • The Purpose of Security Testing
  • The Organizational Context
  • Security Testing Objectives
  • The Scope and Coverage of Security Testing Objectives
  • Security Testing Approaches
  • Improving the Security Testing Practices

Module 3 - Security Testing Processes

  • Security Test Process Definition
  • Security Test Planning
  • Security Test Design
  • Security Test Execution
  • Security Test Evaluation
  • Security Test Maintenance

Module 4 - Security Testing Throughout the Software Lifecycle

  • Role of Security Testing in a Software Lifecycle
  • The Role of Security Testing in Requirements
  • The Role of Security Testing in Design
  • The Role of Security Testing in Implementation Activities
  • The Role of Security Testing in System and Acceptance Test Activities
  • The Role of Security Testing in Maintenance

Module 5 - Testing Security Mechanisms

  • System Hardening
  • Authentication and Authorization
  • Encryption
  • Firewalls and Network Zones
  • Intrusion Detection
  • Malware Scanning
  • Data Obfuscation
  • Training

Module 6 - Human Factors in Security Testing

  • Understanding the Attackers
  • Social Engineering
  • Security Awareness

Module 7 - Security Test Evaluation and Reporting

  • Security Test Evaluation
  • Security Test Reporting

Module 8 - Security Testing Tools

  • Types and Purposes of Security Testing Tools
  • Tool Selection

Module 9 - Standards and Industry Trends

  • Understanding Security Testing Standards

  • Applying Security Standards

  • Industry Trends