The ISTQB Advanced Security course is for Technical Testers, Security Testers, Security Co-ordinators and Managers, plus testers and test managers who are serious about including security aspects into their test plans or who want to specialise.
With the ever-increasing numbers of security breaches, both human and machine-based, significantly more understanding is required from testers to ensure that the proper quality assurance measures are in place for assuring the security of IT systems.
This intensive four-day course contains lectures, exercises and practical work to describe and illustrate best practices in security testing.
Entry Requirements
- A Certificate at ISTQB Foundation level must have been awarded for candidates to sit this course
- It is recommended that candidates have at least three-years testing experience before attempting the course and exam.
To qualify as an internationally-recognized Certified Advanced Level Security Tester and be issued with an ISTQB® Advanced Level Certificate, delegates must successfully pass the exam administered by the relevant National Board or Examination Provider.
The 2-hour exam contains 45 questions, of which 60% must be answered correctly for a pass to and certificate to be awarded.
If English is not your first language, please advise us so that we can apply for an additional 30-minutes of exam time for you.
A comprehensive course manual is provided.
ISTQB Advanced Security Tester (a four-day course)
Course Content
The Basis of Security Testing
- Security Risks
- Information Security Policies and Procedures
- Security Auditing and Its Role in Security Testing
Security Testing Purposes, Goals and Strategies
- Introduction
- The Purpose of Security Testing
- The Organizational Context
- Security Testing Objectives
- The Scope and Coverage of Security Testing Objectives
Security Testing Approaches
- Improving the Security Testing Practices
- ISTQB Advanced Security Tester Certification Course
Security Testing Processes
- Security Test Process Definition
- Security Test Planning
- Security Test Design
- Security Test Execution
- Security Test Evaluation
- Security Test Maintenance
Security Testing Throughout the Software Lifecycle
- Role of Security Testing in a Software Lifecycle
- The Role of Security Testing in Requirements
- The Role of Security Testing in Design
- The Role of Security Testing in Implementation Activities
- The Role of Security Testing in System and Acceptance Test Activities
- The Role of Security Testing in Maintenance.
Testing Security Mechanisms
- System Hardening
- Authentication and Authorization
- Encryption
- Firewalls and Network Zones
- Intrusion Detection
- Malware Scanning
- Data Obfuscation
- Training
Human Factors in Security Testing
- Understanding the Attackers
- Social Engineering
- Security Awareness
Security Test Evaluation and Reporting
- Security Test Evaluation
- Security Test Reporting
Security Testing Tools
- Types and Purposes of Security Testing Tools
- Tool Selection
Standards and Industry Trends
- Understanding Security Testing Standards
- Applying Security Standards
- Industry Trends