ISTQB Specialist: Security Tester – Instructor-Led Live Training
Course code:
Duration:
Training language:
24 sessions
English
Course fee:
819 EUR + VAT
ISTQB Specialist: Security Tester – Instructor-Led Live Training - Dates and application
First training day: 13 July 2026 , Additional training days: 14., 15.
Weekday daytime (09.00 - 16.30 CET)
Training language:
English
Course fee:
819 EUR + VAT
First training day: 19 October 2026 , Additional training days: 20., 21.
Weekday daytime (09.00 - 16.30 CET)
Training language:
English
Course fee:
819 EUR + VAT
Applying for closed-group training
If you and your colleagues are attending a closed group training training course and you have a training date code, you can apply here.
Enrolment without a date
If none of the dates suits you but you are interested in the course, please submit your enrolment without selecting a date. You will be notified when a new date is published.
Protect your systems and applications against modern cyber threats! The ISTQB CT-SEC professional development program provides comprehensive knowledge of security testing methods, tools, and best practices, with a focus on identifying and managing vulnerabilities. Prepare for this globally recognized certification and take your career to the next level!
This program is architected for experienced professionals who wish to specialize in security testing and obtain the ISTQB Certified Tester Security Tester (CT-SEC) certification.
It is ideal for software testers, quality assurance professionals and developrs with the ISTQB Certified Tester Foundation Level (CTFL) certification and at least three years of relevant experience. IT security analysts, penetration testers and consultants looking for a globally recognized certification can also benefit. If you are focused on identifying vulnerabilities or improving software security, this training is the ideal choice for you.
Take the next step towards a more secure future!
- ISTQB Certified Tester Foundation Level certification
- At least 3 years of professional experience in security testing or a similar field
- English language proficiency as both the training materials and the exam are in English.
Our course deals with the methodology, background, planning, implementation, techniques, metrics, risks and further development of security testing.
Main topics:
- The Basis of Security Testing: Learn the fundamentals of information security, risk assessment, and auditing techniques.
- Security Testing Purposes, Goals, and Strategies: Understand the objectives, strategies, and organizational context of security testing.
- Security Testing Processes: Plan, execute, and maintain security testing processes with a practical approach.
- Security Testing Throughout the Software Lifecycle: Explore the role of security testing in each phase of the software lifecycle, from design to maintenance.
- Testing Security Mechanisms: Master the basics of testing key mechanisms like firewalls, encryption, and malware scanning.
- Human Factors in Security Testing: Analyze the impact of attackers' motivations and social engineering techniques.
- Security Test Evaluation and Reporting: Develop proficiency to evaluate test results and report findings effectively.
- Security Testing Tools: Discover tool types, selection criteria, and practical applications.
- Standards and Industry Trends: Apply security standards and stay updated with the latest industry trends.
In our ISTQB accredited course, you will gain expertise in the theoretical background of security testing as well as prepare for the ISTQB exam. Besides exam questions, we also place great emphasis on practice, where we do tasks related to the various phases of security testing. The comprehensive program is vendor- and device-independent, we do not do any exercises on the computer.
The comprehensive program is realized in conjunction with the University of Szeged. 
CURRICULUM OUTLINE:
1. THE BASIS OF SECURITY TESTING
1.1 Security Risks
1.1.1 The Role of Risk Assessment in Security Testing
1.1.2 Asset Identification
1.1.3 Analysis of Risk Assessment Techniques
1.2 Information Security Policies and Procedures
1.2.1 Understanding Security Policies and Procedures
1.2.2 Analysis of Security Policies and Procedures
1.3 Security Auditing and Its Role in Security Testing
1.3.1 Purpose of a Security Audit
1.3.2 Risk Identification, Assessment and Mitigation
1.3.3 People, Process and Technology
2. SECURITY TESTING PURPOSES, GOALS AND STRATEGIES
2.1 Introduction
2.2 The Purpose of Security Testing
2.3 The Organizational Context
2.4 Security Testing Objectives
2.4.1 The Alignment of Security Testing Goals
2.4.2 The Identification of Security Test Objectives
2.4.3 The Difference Between Information Assurance and Security Testing
2.5 The Scope and Coverage of Security Testing Objectives
2.6 Security Testing Approaches
2.6.1 Analysis of Security Test Approaches
2.6.2 Analysis of Failures in Security Test Approaches
2.6.3 Stakeholder Identification
2.7 Improving the Security Testing Practices
3. SECURITY TESTING PROCESSES
3.1 Security Test Process Definition
3.1.1 ISTQB Security Testing Process
3.1.2 Aligning the Security Testing Process to a Particular Application Life-cycle Model
3.2 Security Test Planning
3.2.1 Security Test Planning Objectives
3.2.2 Key Security Test Plan Elements
3.3 Security Test Design
3.3.1 Security Test Design
3.3.2 Security Test Design Based on Policies and Procedures
3.4 Security Test Execution
3.4.1 Key Elements and Characteristics of an Effective Security Test Environment
3.4.2 The Importance Of Planning and Approvals in Security Testing
3.5 Security Test Evaluation
3.6 Security Test Maintenance
4. SECURITY TESTING THROUGHOUT THE SOFTWARE LIFE-CYCLE
4.1 The Role of Security Testing in a Software Life-cycle
4.1.1 The Life-cycle View of Security Testing
4.1.2 Security-Related Activities in the Software Life-cycle
4.2 The Role of Security Testing in Requirements
4.3 The Role of Security Testing in Design
4.4 The Role of Security Testing in Implementation Activities
4.4.1 Security Testing During Component Testing
4.4.2 Security Test Design at the Component Level
4.4.3 Analysis of Security Tests at the Component Level
4.4.4 Security Testing During Component Integration Testing
4.4.5 Security Test Design at the Component Integration Level
4.5 The Role of Security Testing in System and Acceptance Test Activities
4.5.1 The Role of Security Testing in System Testing
4.5.2 The Role of Security Testing in Acceptance Testing
4.6 The Role of Security Testing in Maintenance
5. TESTING SECURITY MECHANISMS
5.1 System Hardening
5.1.1 Understanding System Hardening
5.1.2 Testing the Effectiveness of System Hardening Mechanisms
5.2 Authentication and Authorization
5.2.1 The Relationship Between Authentication and Authorization
5.2.2 Testing the Effectiveness of Authentication and Authorization Mechanisms
5.3 Encryption
5.3.1 Understanding Encryption
5.3.2 Testing the Effectiveness of Common Encryption Mechanisms
5.4 Firewalls and Network Zones
5.4.1 Understanding Firewalls
5.4.2 Testing Firewall Effectiveness
5.5 Intrusion Detection
5.5.1 Understanding Intrusion Detection Tools
5.5.2 Testing the Effectiveness of Intrusion Detection Tools
5.6 Malware Scanning
5.6.1 Understanding Malware Scanning Tools
5.6.2 Testing the Effectiveness of Malware Scanning Tools
5.7 Data Obfuscation
5.7.1 Understanding Data Obfuscation
5.7.2 Testing the Effectiveness of Data Obfuscation Approaches
5.8 Training
5.8.1 The Importance of Security Training
5.8.2 How to Test the Effectiveness of Security Training
6. HUMAN FACTORS IN SECURITY TESTING
6.1 Understanding the Attackers
6.1.1 The Impact of Human Behavior on Security Risks
6.1.2 Understanding the Attacker Mentality
6.1.3 Common Motivations and Sources of Computer System Attacks
6.1.4 Understanding Attack Scenarios and Motivations
6.2 Social Engineering
6.3 Security Awareness
6.3.1 The Importance Of Security Awareness
6.3.2 Increasing Security Awareness
7. SECURITY TEST EVALUATION AND REPORTING
7.1 Security Test Evaluation
7.2 Security Test Reporting
7.2.1 Confidentiality of Security Test Results
7.2.2 Creating Proper Controls and Data Gathering Mechanisms for Reporting Security Test Status
7.2.3 Analyzing Interim Security Test Status Reports
8. SECURITY TESTING TOOLS
8.1 Types and Purposes of Security Testing Tools
8.2 Tool Selection
8.2.1 Analyzing and Documenting Security Testing Needs
8.2.2 Issues with Open Source Tools
8.2.3 Evaluating a Tool Vendor’s Capabilities
9. STANDARDS AND INDUSTRY TRENDS
9.1 Understanding Security Testing Standards
9.1.1 The Benefits of Using Security Testing Standards
9.1.2 Applicability of Standards in Regulatory Versus Contractual Situations
9.1.3 Selection of Security Standards
9.2 Applying Security Standards
9.3 Industry Trends
9.3.1 Where to Learn of Industry Trends in Information Security
9.3.2 Evaluating Security Testing Practices for Improvements
Instructors
He is an adjunct lecturer at the Department of Software Development at the University of Szeged. In addition to his teaching work, he is also active in research, with numerous studies on software development and testing published in English.His main competency areas include information security, programming, requirements management, and software testing.
Do you have any questions about the training?
Course Administrator
There are a lot of practice exercises. The training was dynamic, but we always took breaks and had time for questions. We managed the timing very well. It's evident that the instructor is experienced.
Zoltán Gyibráki
E.ON Digital Technology Hungary Kft