ISTQB Advanced Security Tester

With the prevalence of cyber security breaches, it is clear that more testing is needed to be sure that security defenses are in place and working effectively.

Intent

Goals

• Plan, perform and evaluate security tests from a variety of perspectives
• Analyze a given situation and determine which security testing approaches are most likely to succeed in that situation
• Evaluate effectiveness of security mechanisms, such as firewalls and encryption
• Understand the attacker mentality so that effective defenses can be established and tested
• Know how to deal with the human risks in Information Security
• Analyze and document security test needs to be addressed by one or more tools

Structure of this training

Course outline

• Security Risks
• Information Security Policies
• Security Auditing

• Security Testing
  • Purpose
  • Objectives
  • Scope and Coverage
  • Approaches
• Improving the Security Testing Practices

• Security Test Process Definition
• Security Test Maintenance

• Role of Security Testing in a Software Lifecycle

• System Hardening
• Authentication and Authorization
• Encryption
• Firewalls and Network Zones
• Intrusion Detection
• Malware Scanning
• Data Obfuscation
• Training

• Understanding the Attackers
• Social Engineering

• Types and Purposes
• Tool Selection

• Understanding and Applying Security Testing Standards
• Industry Trends

Target Audience

• Security testers
• Software testers who wish to develop a specialty in security testing
• Security administrators who wish to learn how to test new and existing defenses
• Developers who want to learn secure coding techniques
• Managers who want to learn how security testing fits in the project lifecycle

Prior knowledge or training required