ISTQB Advanced Security Tester Certificate eLearning course

This course will benefit experienced Testers wanting to differentiate themselves by building skills in security testing. It is also for Security Testers wanting to advance their skills and align them with industry best practice, and who want to be certified for recognition among employers, clients and peers.

• Plan, perform and evaluate security tests from a variety of perspectives.
• Evaluate an existing security test suite and identify any additional security tests needed.
• Analyse a given set of security policies and procedures, along with security test results, to determine effectiveness.
• For a given project scenario, identify security test objectives based on functionality, technology attributes and known vulnerabilities.
• Analyse a given situation and determine which security testing approaches are most likely to succeed in that situation.
• Identify areas where additional or enhanced security testing may be needed.
• Evaluate effectiveness of security mechanisms.
• Help the organisation build information security awareness.
• Demonstrate the attacker mentality by discovering key information about a target, performing actions on a test application in a protected environment that a malicious person would perform, and understand how evidence of the attack could be deleted.
• Analyse a given interim security test status report to determine the level of accuracy, understandability, and stakeholder appropriateness.
• Analyse and document security test needs to be addressed by one or more tools.

The ISTQB Advanced Level Certified Security Tester course is for testers possessing ISTQB Foundation Level certification or higher. Some experience in technical testing and a level of exposure to security testing is also recommended.

• The Basis of Security Testing
• Security Testing Purposes, Goals and Strategies
• Security Testing Processes
• Security Testing Throughout the Software Lifecycle
• Testing Security Mechanisms
• Human Factors in Security Testing
• Security Test Evaluation and Reporting
• Security Testing Tools
• Standards and Industry Trends

Concepts and Terminology

• Acceptance Testing
• Application Lifecycle Model
• Asset Identification
• Attack Scenarios
• Authentication
• Authorisation
• Component Integration Testing
• Component Level
• Computer System Attacks
• Concepts and Terminology
• Data Gathering Mechanisms
• Data Obfuscation Approaches
• Encryption
• Firewall
• Human Behaviour
• Intrusion Detection Tools
• Malware Scanning Tools
• Network zones
• Open Source Tools
• Risk Assessment
• Security Audit
• Security Awareness
• Security Standards
• Security Test Evaluation
• Security Test Execution
• Security Test Maintenance
• Security Test Planning Objectives
• Security Test Reporting
• Security Testing Practices
• Security Testing Tools
• Social Engineering
• Software Lifecycle
• System Hardening
• System Testing
• Test Design
• Test Environment

Examination

The 120 minute exam is conducted online and consists of 45 multiple choice questions, with a grade of 65% required to pass. Participants that take the exam not in their spoken language will receive an additional 25% time for a total of 150 minutes.

The cost of the exam is not included. We recommend that you take the certificate exam after the course, and book and pay your own exam (either in paper-based format or in electronic format) from http://www.fistb.fi/en/certifications/exam-calendar.


Training provided in cooperation with: Planit and Knowit