ISTQB Advanced Security Tester live course
The course is recommended for testers wishing to take the ISTQB Advanced Level Security Tester exam and learn the methodology of security testing. The course gives students a comprehensive picture about the approaches to security testing, its planning and realization.
Successful ISTQB Certified Tester Foundation Level exam and at least 3 years of experience in security testing or a similar field, as well as English language skills as both the course material and the exam are in English. (The course is taught in Hungarian by a Hungarian trainer.)
For software testers dealing with security testing who wish to take the related ISTQB exam and broaden their knowledge of the subject.
Our new course, which is special in the world and in Hungary, deals with the methodology, background, planning, implementing, techniques, metrics, risks and further development of security testing. Besides exam questions we also place great emphasis on practice where we do tasks related to the various phases of security testing. The course is vendor and device independent, we do not do any exercises on the computer. The course is accredited by ISTQB, and is thus held as an official exam preparation course.
The course is realized in conjunction with the University of Szeged.
1. THE BASIS OF SECURITY TESTING
1.1 Security Risks
1.1.1 The Role of Risk Assessment in Security Testing
1.1.2 Asset Identification
1.1.3 Analysis of Risk Assessment Techniques
1.2 Information Security Policies and Procedures
1.2.1 Understanding Security Policies and Procedures
1.2.2 Analysis of Security Policies and Procedures
1.3 Security Auditing and Its Role in Security Testing
1.3.1 Purpose of a Security Audit
1.3.2 Risk Identification, Assessment and Mitigation
1.3.3 People, Process and Technology
2. SECURITY TESTING PURPOSES, GOALS AND STRATEGIES
2.2 The Purpose of Security Testing
2.3 The Organizational Context
2.4 Security Testing Objectives
2.4.1 The Alignment of Security Testing Goals
2.4.2 The Identification of Security Test Objectives
2.4.3 The Difference Between Information Assurance and Security Testing
2.5 The Scope and Coverage of Security Testing Objectives
2.6 Security Testing Approaches
2.6.1 Analysis of Security Test Approaches
2.6.2 Analysis of Failures in Security Test Approaches
2.6.3 Stakeholder Identification
2.7 Improving the Security Testing Practices
3. SECURITY TESTING PROCESSES
3.1 Security Test Process Definition
3.1.1 ISTQB Security Testing Process
3.1.2 Aligning the Security Testing Process to a Particular Application Life-cycle Model
3.2 Security Test Planning
3.2.1 Security Test Planning Objectives
3.2.2 Key Security Test Plan Elements
3.3 Security Test Design
3.3.1 Security Test Design
3.3.2 Security Test Design Based on Policies and Procedures
3.4 Security Test Execution
3.4.1 Key Elements and Characteristics of an Effective Security Test Environment
3.4.2 The Importance Of Planning and Approvals in Security Testing
3.5 Security Test Evaluation
3.6 Security Test Maintenance
4. SECURITY TESTING THROUGHOUT THE SOFTWARE LIFE-CYCLE
4.1 The Role of Security Testing in a Software Life-cycle
4.1.1 The Life-cycle View of Security Testing
4.1.2 Security-Related Activities in the Software Life-cycle
4.2 The Role of Security Testing in Requirements
4.3 The Role of Security Testing in Design
4.4 The Role of Security Testing in Implementation Activities
4.4.1 Security Testing During Component Testing
4.4.2 Security Test Design at the Component Level
4.4.3 Analysis of Security Tests at the Component Level
4.4.4 Security Testing During Component Integration Testing
4.4.5 Security Test Design at the Component Integration Level
4.5 The Role of Security Testing in System and Acceptance Test Activities
4.5.1 The Role of Security Testing in System Testing
4.5.2 The Role of Security Testing in Acceptance Testing
4.6 The Role of Security Testing in Maintenance
5. TESTING SECURITY MECHANISMS
5.1 System Hardening
5.1.1 Understanding System Hardening
5.1.2 Testing the Effectiveness of System Hardening Mechanisms
5.2 Authentication and Authorization
5.2.1 The Relationship Between Authentication and Authorization
5.2.2 Testing the Effectiveness of Authentication and Authorization Mechanisms
5.3.1 Understanding Encryption
5.3.2 Testing the Effectiveness of Common Encryption Mechanisms
5.4 Firewalls and Network Zones
5.4.1 Understanding Firewalls
5.4.2 Testing Firewall Effectiveness
5.5 Intrusion Detection
5.5.1 Understanding Intrusion Detection Tools
5.5.2 Testing the Effectiveness of Intrusion Detection Tools
5.6 Malware Scanning
5.6.1 Understanding Malware Scanning Tools
5.6.2 Testing the Effectiveness of Malware Scanning Tools
5.7 Data Obfuscation
5.7.1 Understanding Data Obfuscation
5.7.2 Testing the Effectiveness of Data Obfuscation Approaches
5.8.1 The Importance of Security Training
5.8.2 How to Test the Effectiveness of Security Training
6. HUMAN FACTORS IN SECURITY TESTING
6.1 Understanding the Attackers
6.1.1 The Impact of Human Behavior on Security Risks
6.1.2 Understanding the Attacker Mentality
6.1.3 Common Motivations and Sources of Computer System Attacks
6.1.4 Understanding Attack Scenarios and Motivations
6.2 Social Engineering
6.3 Security Awareness
6.3.1 The Importance Of Security Awareness
6.3.2 Increasing Security Awareness
7. SECURITY TEST EVALUATION AND REPORTING
7.1 Security Test Evaluation
7.2 Security Test Reporting
7.2.1 Confidentiality of Security Test Results
7.2.2 Creating Proper Controls and Data Gathering Mechanisms for Reporting Security Test Status
7.2.3 Analyzing Interim Security Test Status Reports
8. SECURITY TESTING TOOLS
8.1 Types and Purposes of Security Testing Tools
8.2 Tool Selection
8.2.1 Analyzing and Documenting Security Testing Needs
8.2.2 Issues with Open Source Tools
8.2.3 Evaluating a Tool Vendor’s Capabilities
9. STANDARDS AND INDUSTRY TRENDS
9.1 Understanding Security Testing Standards
9.1.1 The Benefits of Using Security Testing Standards
9.1.2 Applicability of Standards in Regulatory Versus Contractual Situations
9.1.3 Selection of Security Standards
9.2 Applying Security Standards
9.3 Industry Trends
9.3.1 Where to Learn of Industry Trends in Information Security
9.3.2 Evaluating Security Testing Practices for Improvements
List of similar courses:
The course is recommended to those wishing to take the ISTQB Technical Test Analyst exam. By mastering the material the students get a comprehensive overview of the static analysis of the source code of the system under testing, as well as of the dynamic analysis of the entire system. They learn about the techniques of testing the mainly non-functional requirements belonging to the TTA (such as maintainability, performance, reliability, portability and security) and they will gain a grasp of the tasks and difficulties of test automation.
This training course presents a comprehensive overview of methods and techniques for deriving and specifying software tests based on the system’s implementation and structure (“white box tests”). On completing the course, attendees will be able to select and apply techniques for test case derivation, such as control flow or data flow testing as well as static and dynamic analysis. We will look at non-functional testing techniques, such as reliability testing, portability testing, performance, load and stress testing. We will also discuss how to succeed in building robust automation architectures and using a variety of tools to reach quality targets.
We recommend the course to those testers who wish to gain advanced expertise in test analysis, test design and execution, focusing mainly on functional testing. By mastering the material, students will be able to interpret and execute testing strategies suited to the situation.
This course provides test engineers with advanced skills in test analysis, design and execution. This hands-on course provides test engineers with the ability to define and carry out the tasks required to put the test strategy into action. The course will teach attendees how to analyze the system, taking into account the user’s quality expectations. They will learn how to evaluate system requirements as part of formal and informal reviews, using their understanding of the business domain to determine requirement validity. Attendees will know how to analyze, design, implement and execute tests, using risk considerations to determine the appropriate effort and priority for tests. They will be able to report on testing progress and provide the necessary evidence to support their evaluations of system quality. Attendees will learn how to implement a testing effort that supports the explicit and implicit testing objectives.
We recommend the course to those testers who wish to gain advanced expertise in planning the testing process, as well as in managing, monitoring and controlling testing. By completing the course, students will be able to fully define the goals of testing and the appropriate testing strategy.
This course provides test managers with advanced skills in test estimation, test planning, test monitoring and test control. Attendees will learn how to define the overall testing goals and strategy for the systems being tested. They will gain hands-on experience in planning, scheduling and tracking these tasks. The attendees will be able to describe and organize the necessary activities. They will return to work able to select, acquire and assign adequate resources for testing tasks. They will know how to form, organize and lead testing teams. Test manager attendees will be able to organize communication between the members of the testing teams and between the testing teams and all the other stakeholders. Further, they’ll learn how to justify their decisions and provide adequate reporting information where applicable.
In the course students get a comprehensive knowledge of the theoretical background and methodologies of software testing, as well as getting prepared for the ISTQB Certified Tester Foundation Level exam. The certification exam is normally in English, but is also available in Hungarian.
This hands-on course provides test engineers and test managers with the essential ideas, processes, tools and skills they need in order to set themselves on a path for true testing professionalism. This course was accredited by the ASTQB August 2018. This course follows the ISTQB Foundation Level Syllabus 2018.
In the course attendees get a comprehensive picture about the expectations of ISTQB Expert Level Test Management Strategic Test Management module and we prepare them for the related exam. The course entails the first three days of the entire course, which spans 3 times 3 days. Besides exam preparation, it also gives very useful practical knowledge in the field of creating a testing strategy. It is a unique opportunity since the course is held by one of the foremost authorities of software testing, the former president of ISQTB and one of the creators of ISQTB Expert level, Rex Black.
This course provides testers and test managers with an understanding of the fundamentals of testing on agile projects. Attendees will learn how agile software development projects are organized and the various types of agile development practices in common use. They will understand how agile development differs from traditional approaches, how to position testers in an agile organisation, the fundamental agile testing principles, practices and processes and the skills they’ll need to excel in an agile environment.
In the course students learn about the characteristics of software testing in an environment following the agile development methodology, as well as being prepared for the ISTQB Foundation Level - Agile Tester Extension exam
In the course students can learn about the characteristics if software testing in a model-based environment, as well as getting prepared to take the ISTQB Foundation Level - Model-Based Tester Extension exam
Our course prepares attendees for the ISTQB Automotive Software Tester exam, going into detail on the characteristics of automotive software testing, including numerous examples and tasks. The course material follows the official recommendation published by ISTQB.
Our course prepares attendees for the ISTQB Mobile Application Tester exam, going into detail on the characteristics of mobile application testing, including examples and tasks. The course material follows the official recommendation published by ISTQB.
The course will teach students the most wide-spread TMMi process development model, its background, structure, details of how it is provided, as well as preparing students for the TMMi Professional exam.