Book online today or if you need any assistance or help
choosing the right course for you, please call our team on 08000 199337 and
we will help point you in the right direction.
With the ever-increasing numbers of security breaches, both human and machine-based, significantly more understanding is required from testers to ensure that the proper quality assurance measures are in place for assuring the security of IT systems.
Many courses about security testing concentrate solely on the very technical hacking side of things, which is great, but it is not the whole picture. This course is aimed at the softer-side of security testing and addresses the following key elements and how we manage them from a testing perspective through the life cycle from inception to delivery, including:
Lack of adequate defences and testing of the defences that are in place
Defective software in general
A limited view of security and testing
Placing too much trust in technology
Security is an afterthought in most development projects
Lack of awareness at the executive level. Everybody knows cybersecurity is a problem, but very few people know how to deal with the risks and challenges.
Who is the course for?
The ISTQB Advanced Security Tester Course is for Technical Testers, Security Testers, Security Co-ordinators and Managers, plus testers and test managers who are serious about including security aspects into their test plans or who want to specialise.
E-Learning Course
What’s Included?
Three months of unlimited access to the online course
A downloadable electronic copy of the complete set of course materials. No expiration to access. Digital rights management and intellectual property rights protections apply.
Sample exam questions throughout the course
ISTQB Advanced Security Tester Syllabus and the glossary of terms used in Software Testing produced by members of the ISTQB
Examples and exercises including solutions
Next Steps: Follow-on Courses After ISTQB Advanced Security Tester Course
After achieving the ISTQB Advanced Security Tester certification, you’re prepared to take the next step in your software testing career by exploring further modules within the Certified Tester Scheme.
Core Stream Modules
These modules are technology, methodology, and application domain-agnostic, building directly on the knowledge acquired at the Foundation Level.
Agile Stream
Tailored for those working in or transitioning to Agile environments, this stream emphasizes testing practices and principles within the Agile methodology.
Specialist Stream
For those looking to specialise further, this stream offers courses focusing on specific quality characteristics, test approaches, test activities, or industry-specific testing knowledge.
Holders of the ISTQB Advanced Security Tester certification are encouraged to explore these options to stay current with the latest practices and to enhance their professional development in the field of software testing and QA.
What are the benefits of the ISTQB Advanced Security Tester Qualification?
Security of our systems is a real big deal for us all, but how to test they are secure is a bit of a problem. Randy Rice security test expert will talk you through the Advanced Security Tester training course and the benefits it will bring:
Customer Review
“I thought ISTQB Advanced Security Tester was an excellent course that covered the syllabus well and in an interesting and engaging way. Having one of the authors of the ISTQB syllabus (Randall Rice) present the training content that he personally developed was a great bonus of course, and his enthusiasm for the topic was refreshing. The syllabus and course are a good bridge between the worlds of testing (as taught by ISTQB) and the technical world of penetration testing, without going in to the depths required by a pure security qualification like CISSP. I would certainly be looking to put other people through the course in the future”Chris Jones, Senior Managing Consultant, IBM
A Certificate at ISTQB Foundation level must have been awarded for candidates to sit this course
It is recommended that candidates have at least three-years testing experience before attempting the course and exam.
The Exam
To qualify as an internationally-recognized Certified Advanced Level Security Tester and be issued with an ISTQB® Advanced Level Certificate, delegates must successfully pass the exam administered by the relevant National Board or Examination Provider.
The 2-hour exam contains 45 questions, of which 60% must be answered correctly for a pass to and certificate to be awarded.
If English is not your first language, you can apply for an additional time.
TSG Training will issue Peaarson VUE exam voucher after the course and you can use this to sit your exam at a local test centre.
An exam consisting of 40 multiple choice questions is sat over an hour at the end of the course and (25% extra time is available for non-native speakers or those who primary business language is not English). Delegates are awarded a pass if they answer 65% of the questions correctly.
Course Objectives
This course is aimed at the softer-side of security testing and addresses the following key elements and how we manage them from a testing perspective through the life cycle from inception to delivery, including:
Human lapses
Malicious insiders
Malicious outsiders
Lack of adequate defenses and testing of the defenses that are in place
Defective software in general
A limited view of security and testing
Placing too much trust in technology
Security is an afterthought in most development projects
Lack of awareness at the executive level. Everybody knows cybersecurity is a problem, but very few people know how to deal with the risks and challenges.
ISTQB Security Tester Syllabus – Key points
Module 1 – The Basis of Security Testing
Security Risks
Information Security Policies and Procedures
Security Auditing and Its Role in Security Testing.
Module 2 – Security Testing Purposes, Goals and Strategies
Introduction
The Purpose of Security Testing
The Organizational Context
Security Testing Objectives
The Scope and Coverage of Security Testing Objectives.
Module 4 – Security Testing Throughout the Software Lifecycle
Role of Security Testing in a Software Lifecycle
The Role of Security Testing in Requirements
The Role of Security Testing in Design
The Role of Security Testing in Implementation Activities
The Role of Security Testing in System and Acceptance Test Activities
The Role of Security Testing in Maintenance.
Module 5 – Testing Security Mechanisms
System Hardening
Authentication and Authorization
Encryption
Firewalls and Network Zones
Intrusion Detection
Malware Scanning
Data Obfuscation
Training.
Module 6 – Human Factors in Security Testing
Understanding the Attackers
Social Engineering
Security Awareness.
Module 7 – Security Test Evaluation and Reporting
Security Test Evaluation
Security Test Reporting.
Module 8 – Security Testing Tools
Types and Purposes of Security Testing Tools
Tool Selection.
Module 9 – Standards and Industry Trends
Understanding Security Testing Standards
Applying Security Standards
Industry Trends.
FAQ’s
Who should take the ISTQB Advanced Security Tester course?
The course is designed for individuals with a serious interest in integrating security testing within their quality assurance process. This includes technical testers, security testers, security coordinators, security managers, as well as test managers who wish to understand or specialise in security testing.
What prerequisites are required for the ISTQB Advanced Security Tester course?
Candidates are expected to have an ISTQB Foundation Level certificate and at least three years of professional testing experience before enrolling in this Advanced course to ensure they can fully grasp the complex content covered.
What are the benefits of obtaining the ISTQB Advanced Security Tester Qualification?
Gaining this qualification will deepen your understanding of security testing within the software lifecycle, improve your ability to identify and mitigate security risks, and demonstrate a commitment to the field of security testing, therefore enhancing your professional credibility and career opportunities.
What is the format of the ISTQB Advanced Security Tester exam?
The exam lasts for two hours and consists of 45 multiple-choice questions. To pass, candidates must score at least 60%. For those who do not use English as their first language, or if it is not their primary business language, extra time may be requested. TSG Training offers the exam in the form of a Pearson VUE voucher or as a online proctor exam.
Does the course include practical exercises and real-world examples?
Yes, the ISTQB Advanced Security Tester course combines theoretical learning with practical exercises. Reviews indicate that instructors provide valuable information, practical examples, and real-life scenarios to help bridge the gap between theoretical knowledge and its real-world application.
23 reviews for ISTQB Advanced Security Tester
Rated 4 out of 5
Lakshmi Pochampally | Test Lead | Capgemini –
Really good course. Very informative. Only downside is it could have been more interactive like doing some exam questions to promote discussion.
Rated 5 out of 5
miroslav melkner | test lead | solargis –
good explanations, nice examples, thumbs up
Rated 5 out of 5
Dukhbhanjan Jutla | Assoc. Delivery Director – QAT | NTT DATA –
Informative with lots of useful information and examples derived from previous projects
Rated 4 out of 5
Rachel Bell | Senior QA Analyst | Tribal –
The course was run at a good pace with lots of chance for discussion around the exercises. Some of the course was out of date/irrelevant due to being written by an American – it would be good if this could be updated. There were also a few slides that were skimmed over as they were not required for the exam, so perhaps take out. I would have liked some exam practice incorporated into the course/homework so that we could have had a discussion around the answers.
Rated 5 out of 5
Rosie King | Senior QA Analyst | Tribal Group –
John provided lots of useful information. The course was intense but John regularly checked in on us and made sure we were happy as we went along. John treated all questions as important. No question was silly and he explained well. I’ve been on courses before where the content felt like it was purely about getting you to pass an exam – This wasn’t that. I felt like I was learning about security with an exam to come later on and I feel like the course has empowered me in my role.
My only suggestion (which might not be possible depending on license agreements with Randy?) – There were elements in the presentation that were Americanised or assumed knowledge from other Advanced courses. John did a great job to make these more relevant but it would have been good in general to maybe have the presentation itself tweaked slightly.
Rated 4 out of 5
Leigh Sampson | Senior QAA Analyst | Tribal –
John has really good knowledge and gives good real life examples to back up this theory bits.
The course material is based on an American script and some of the word/phases were not UK friendly – I was a little surprised why the slides hadn’t been edited prior to course delivery. There was also a section, which was include, but isn’t needed – I would have expected this to be cut out/trimmed down.
John is really good at adding extra information to the slides whilst presenting (i.e. adding extra text on top of the slide), but unfortunately John was using a digital pen (or something) and his hand writing was really hard to read, which was a real shame, as it added extra value and had some really good points. I don’t know if a different tool would allow John to add this text ad-hoc, but in a way, which is easier to read – especially when revisiting the slides later for revision.
I enjoyed the course and felt that John was a good trainer for this.
I think I could have done with a few more sections where we did questions privately, then reviewed as a group – this was done on the foundation course and I found it worked quite well for me.
I think it was mentioned a few times that the course hasn’t yet been updated (like some of the others have) so it’s not actually in line with bits of the foundation course I’ve done recently – though they’re not huge differences this is a little odd for anyone who’s done foundation recently.
There’s a lot of content for 4 days and not much time for questions around the topics without affecting the time but John did answer questions I had and I’m very grateful for that.
I did struggle a bit with reading John’s writing at times, but I made a lot of notes as he spoke on my hard copy and was able to just check bits I wasn’t so sure on reading back to update my notes appropriately.
Intense 4 days but it’s been full of information and a lot of learning!
Rated 4 out of 5
Joshua Hawkins | QA Tester | Tribal Group PLC –
Course was very detailed but John kept interest by being responsive and knowledgeable.
Rated 5 out of 5
Jasmine Garton | Senior QA Analyst | Tribal –
The course was very intensive, but very informative. My trainer, John, was brilliant – provided us with lots of working examples and useful materials to prepare for the exam, as well as for future use and interest. At times, it felt like information overload, but I think that is to be expected with the amount of information that needs to be covered over a four day period – to try and combat this, John made sure we had lots of breaks at regular intervals to recharge. Overall, really good experience and would recommend, and feel lucky to have had such a kind and welcoming trainer to ease the course!!
Rated 5 out of 5
Dave Harding | Test Specialist | NHS Digital –
I’ve found this to be a very informative and eye-opening course – John was an excellent trainer and I was very fortunate to be the only participant in this course. Excellent referencing of the course materials and personal experience/references as well to put information into context.
Rated 5 out of 5
Michelle Mabasa| Tester| Storefeeder –
Informative, lots of information to go through though
Rated 4 out of 5
Tomáš Martinec| Verification engineer| Sysgo –
The course was in-depth introduction across all the aspects of security testing. As such it was purposeful. I would appreciate more expert-level course almost solely focusing on discussions and exercises of real-life scenarios with intent of exchanging expert-level know-how.
Rated 5 out of 5
Sheena Pem| Director| Deloitte –
Great and insightful course. It was a heavy amount of content was was presented well over the 4 days. Thanks for John for being a great trainer and bringing the examples to life.
Very informative and John did a great job of breaking down the content and ensuring that the group were following, engaged and ‘ok’ 🙂
Rated 5 out of 5
Nader Althubaity | QA Engineer | Saudi Information Tech Company –
The course was very thorough and the instructor very knowledgeable.
Rated 5 out of 5
Mark Whitby | Head of Development and Testing | Health Intelligence Ltd –
I passed the test with a score of 81% which I was really chuffed with as it was a very challenging course and exam, but definitely worth it! I’ve now been on two TSG courses (both with John Young) and Charlie and Laura have both done one each and we have all loved them and had only positive comments to make on them.
The course was delivered online, which places more responsibility on the trainer to deliver the course material. I much prefer a classroom where you’re focused, have fewer distractions and engage and interact more. Having said that, I do think John delivered the material (which was dense) clearly, was personable, and ensured we were all had the opportunity to ask questions and debate topics.
I enjoyed your training so much and passed the exam first time
Rated 5 out of 5
Chris Jones | Senior Managing Consultant | IBM –
“I thought ISTQB Advanced Security Tester was an excellent course that covered the syllabus well and in an interesting and engaging way. Having one of the authors of the ISTQB syllabus (Randall Rice) present the training content that he personally developed was a great bonus of course, and his enthusiasm for the topic was refreshing. The syllabus and course are a good bridge between the worlds of testing (as taught by ISTQB) and the technical world of penetration testing, without going in to the depths required by a pure security qualification like CISSP. I would certainly be looking to put other people through the course in the future”
If you are attending a classroom course, then this will be taken at our many training centres within the UK. Our London location is Minories London EC3N 1BJ
E-learning is s training, learning, or education delivered online through a computer or any other digital device, where you can work through the course at your own pace.
Online Exams The remote web proctor solution allows you to take your exams online, using a webcam, microphone and a stable internet connection. You can schedule your exam in advance, at a date and time of your choice. At the agreed time you will connect with a proctor who will invigilate your exam live. View More info here https://tinyurl.com/mr22kry9
A Pearson VUE exam voucher A pearson VUE exam voucher enables you to book and sit your exam at your local Pearson VUE testing centre at a time and date convenient to you. Pearson VUE centres are worldwide, and you will be able to choose the closest testing centre to you. View More info here https://tinyurl.com/2mhn5ust
Virtual classroom is like being in a classroom where students gather, except you will be in your home, office, or other place of your choice.
Pass Protect, offered by TSG Training, is a valuable option for those concerned about the possibility of not passing their exam on the first attempt. It acts like an insurance policy, allowing you to resit your exam at a significantly reduced rate. Pass Protect covers one resit per exam purchased, so you don’t have to worry about the cost of an additional attempt if you don’t pass initially.
Enquire Now
Wait! Before You Leave.
How can we help?
Would you like to know more? Click here to arrange a call back with one of our business development managers. They will be able to discuss the course with you and answer any questions you have.
Lakshmi Pochampally | Test Lead | Capgemini –
Really good course. Very informative. Only downside is it could have been more interactive like doing some exam questions to promote discussion.
miroslav melkner | test lead | solargis –
good explanations, nice examples, thumbs up
Dukhbhanjan Jutla | Assoc. Delivery Director – QAT | NTT DATA –
Informative with lots of useful information and examples derived from previous projects
Rachel Bell | Senior QA Analyst | Tribal –
The course was run at a good pace with lots of chance for discussion around the exercises. Some of the course was out of date/irrelevant due to being written by an American – it would be good if this could be updated. There were also a few slides that were skimmed over as they were not required for the exam, so perhaps take out. I would have liked some exam practice incorporated into the course/homework so that we could have had a discussion around the answers.
Rosie King | Senior QA Analyst | Tribal Group –
John provided lots of useful information. The course was intense but John regularly checked in on us and made sure we were happy as we went along. John treated all questions as important. No question was silly and he explained well. I’ve been on courses before where the content felt like it was purely about getting you to pass an exam – This wasn’t that. I felt like I was learning about security with an exam to come later on and I feel like the course has empowered me in my role.
My only suggestion (which might not be possible depending on license agreements with Randy?) – There were elements in the presentation that were Americanised or assumed knowledge from other Advanced courses. John did a great job to make these more relevant but it would have been good in general to maybe have the presentation itself tweaked slightly.
Leigh Sampson | Senior QAA Analyst | Tribal –
John has really good knowledge and gives good real life examples to back up this theory bits.
The course material is based on an American script and some of the word/phases were not UK friendly – I was a little surprised why the slides hadn’t been edited prior to course delivery. There was also a section, which was include, but isn’t needed – I would have expected this to be cut out/trimmed down.
John is really good at adding extra information to the slides whilst presenting (i.e. adding extra text on top of the slide), but unfortunately John was using a digital pen (or something) and his hand writing was really hard to read, which was a real shame, as it added extra value and had some really good points. I don’t know if a different tool would allow John to add this text ad-hoc, but in a way, which is easier to read – especially when revisiting the slides later for revision.
I enjoyed the course and felt that John was a good trainer for this.
Millicent Stockdale | Software Tester | Future Facilities –
Course was very dense but informative. It was delivered in a easy to comsue way by a knowledgable trainer
Susannah Nicole Roberts | Senior Quality Assurance Analyst | Tribal –
I think I could have done with a few more sections where we did questions privately, then reviewed as a group – this was done on the foundation course and I found it worked quite well for me.
I think it was mentioned a few times that the course hasn’t yet been updated (like some of the others have) so it’s not actually in line with bits of the foundation course I’ve done recently – though they’re not huge differences this is a little odd for anyone who’s done foundation recently.
There’s a lot of content for 4 days and not much time for questions around the topics without affecting the time but John did answer questions I had and I’m very grateful for that.
I did struggle a bit with reading John’s writing at times, but I made a lot of notes as he spoke on my hard copy and was able to just check bits I wasn’t so sure on reading back to update my notes appropriately.
Intense 4 days but it’s been full of information and a lot of learning!
Joshua Hawkins | QA Tester | Tribal Group PLC –
Course was very detailed but John kept interest by being responsive and knowledgeable.
Jasmine Garton | Senior QA Analyst | Tribal –
The course was very intensive, but very informative. My trainer, John, was brilliant – provided us with lots of working examples and useful materials to prepare for the exam, as well as for future use and interest. At times, it felt like information overload, but I think that is to be expected with the amount of information that needs to be covered over a four day period – to try and combat this, John made sure we had lots of breaks at regular intervals to recharge. Overall, really good experience and would recommend, and feel lucky to have had such a kind and welcoming trainer to ease the course!!
Dave Harding | Test Specialist | NHS Digital –
I’ve found this to be a very informative and eye-opening course – John was an excellent trainer and I was very fortunate to be the only participant in this course. Excellent referencing of the course materials and personal experience/references as well to put information into context.
Michelle Mabasa| Tester| Storefeeder –
Informative, lots of information to go through though
Tomáš Martinec| Verification engineer| Sysgo –
The course was in-depth introduction across all the aspects of security testing. As such it was purposeful. I would appreciate more expert-level course almost solely focusing on discussions and exercises of real-life scenarios with intent of exchanging expert-level know-how.
Sheena Pem| Director| Deloitte –
Great and insightful course. It was a heavy amount of content was was presented well over the 4 days. Thanks for John for being a great trainer and bringing the examples to life.
Eivind Berntsen|Test lead|Nordic Semiconductor ASA –
good but would have preferde on site training
Claire Penswick|QA Delivery Lead|Channel 4 –
Very informative and John did a great job of breaking down the content and ensuring that the group were following, engaged and ‘ok’ 🙂
Nader Althubaity | QA Engineer | Saudi Information Tech Company –
The course was very thorough and the instructor very knowledgeable.
Mark Whitby | Head of Development and Testing | Health Intelligence Ltd –
I passed the test with a score of 81% which I was really chuffed with as it was a very challenging course and exam, but definitely worth it! I’ve now been on two TSG courses (both with John Young) and Charlie and Laura have both done one each and we have all loved them and had only positive comments to make on them.
Sandra Kasa|QA Pruduct Tester trainee|SupplyPoint –
Very well put together & delivered.
Kerry Chant|Senior Software Tester|MASS –
The course was delivered online, which places more responsibility on the trainer to deliver the course material. I much prefer a classroom where you’re focused, have fewer distractions and engage and interact more. Having said that, I do think John delivered the material (which was dense) clearly, was personable, and ensured we were all had the opportunity to ask questions and debate topics.
Jackie Fletcher|Test Manager|Education Skills Funding Agency –
Very compressive and well taught
Luiza Precup| YOTI –
I enjoyed your training so much and passed the exam first time
Chris Jones | Senior Managing Consultant | IBM –
“I thought ISTQB Advanced Security Tester was an excellent course that covered the syllabus well and in an interesting and engaging way. Having one of the authors of the ISTQB syllabus (Randall Rice) present the training content that he personally developed was a great bonus of course, and his enthusiasm for the topic was refreshing. The syllabus and course are a good bridge between the worlds of testing (as taught by ISTQB) and the technical world of penetration testing, without going in to the depths required by a pure security qualification like CISSP. I would certainly be looking to put other people through the course in the future”