ISTQB Certified Tester - Advanced Level: Security Tester

Course Description

In today’s online world, organisations are vulnerable. As more and more services become connected and available, the security risk increases. For example, in 2016 upwards of 3.5 billion records were stolen from organisations. However, security is not just securing the technology. It encompasses the people within an organisation and the processes they follow. It covers physical security, social engineering, tools and techniques and, importantly, an understanding of the ‘mindset’ of malicious users. The ISTQB Advanced Level Security Tester provides attendees with a range of security testing tools, techniques and processes, built on the experience of the SQS Security Testing team. You might even learn to pick a lock or two…
4 days
Contact us for pricing


To be able to obtain an Advanced Level Security Tester certification, candidates must hold the ISTQB Certified Tester Foundation Level qualification (or ISEB equivalent). You need to have at least 18 months of practical experience in the software testing field. A basic understanding of security testing concepts would be an advantage.

Course Objectives

On completion of this course, attendees will be fully prepared to take the ISTQB Certified Tester Advanced Level Security Tester examination. The exam is taken at the end of the fourth day.

The Basis of Security Testing

Security Risks
Information Security Policies and Procedures
Security Auditing and its Role in Security Testing

Security Testing Purposes, Goals and Strategies

The Purpose of Security Testing
The Organizational Context
Security Testing Objectives
The Scope and Coverage of Security Testing Objectives
Security Testing Approaches
Improving the Security Testing Practices

Security Testing Processes

Security Test Process Definition
Security Test Planning
Security Test Design
Security Test Execution
Security Test Evaluation
Security Test Maintenance

Security Testing Throughout the Software Lifecycle

Role of Security Testing in a Software Lifecycle
The Role of Security Testing in Requirements
The Role of Security Testing in Design
The Role of Security Testing in Implementation Activities
The Role of Security Testing in System and Acceptance Test Activities
The Role of Security Testing in Maintenance

Testing Security Mechanisms

System Hardening
Authentication and Authorization
Firewalls and Network Zones
Intrusion Detection
Malware Scanning
Data Obfuscation

Human Factors in Security Testing

Understanding the Attackers
Social Engineering
Security Awareness

Security Test Evaluation and Reporting

Security Test Evaluation
Security Test Reporting

Security Testing Tools

Types and Purposes of Security Testing Tools
Tool Selection

Standards and Industry Trends

Understanding Security Testing Standards
Applying Security Standards
Industry Trends

Who should attend?

Requirements Engineers, Functional Testers, Test Managers, Developers, Test Automation Specialists, Performance Test Specialists, Test Environment Specialists, Security Testing Specialists and anyone else wishing to take the Advanced Level Security Tester Exam.

Related Certifications

ISQB Certified Tester Advanced Level Test Manager
ISTQB Certified Tester Advanced Level Test Analyst
ISTQB Certified Tester Advanced Level Technical Test Analyst
ISSECO Certified Professional for Secure Software Engineering

Certified TesterISEBISTQBISTQB AdvancedISTQB Advanced Test AnalystISTQB Advanced Test ManagerISTQB Security TesterISTQB Technical Test AnalystSoftware TestSoftware Testing