Call us on  08000 199337 From overseas call +44 20 7264 2185

IT Security Courses

ISTQB Advanced Security Tester

Course Duration: 4 days

Book online today or if you need any assistance or help chosing the right course for you, please call our team on 08000 199337 and we will help point you in the right direction.

Virtual

Course Duration: 4 days

From +Vat

View dates and book

Private Course: Click Here

Classroom

Course Duration: 4 days

From +Vat

View dates and book

Private Course: Click Here

Course Overview

With the ever-increasing numbers of security breaches, both human and machine-based, significantly more understanding is required from testers to ensure that the proper quality assurance measures are in place for assuring the security of IT systems.

Many courses about security testing concentrate solely on the very technical hacking side of things, which is great, but it is not the whole picture. This course is aimed at the softer-side of security testing and addresses the following key elements and how we manage them from a testing perspective through the life cycle from inception to delivery, including:

Read More

  • Human lapses
  • Malicious insiders
  • Malicious outsiders
  • Lack of adequate defences and testing of the defences that are in place
  • Defective software in general
  • A limited view of security and testing
  • Placing too much trust in technology
  • Security is an afterthought in most development projects
  • Lack of awareness at the executive level. Everybody knows cybersecurity is a problem, but very few people know how to deal with the risks and challenges.

 

Who is it for?

The ISTQB Advanced Security course is for Technical Testers, Security Testers, Security Co-ordinators and Managers, plus testers and test managers who are serious about including security aspects into their test plans or who want to specialise.

What are the benefits of the ISTQB Advanced Security Tester Qualification?

Security of our systems is a real big deal for us all, but how to test they are secure is a bit of a problem. Randy Rice security test expert will talk you through the Advanced Security Tester training course and the benefits it will bring:

Customer Review

“I thought ISTQB Advanced Security Tester was an excellent course that covered the syllabus well and in an interesting and engaging way. Having one of the authors of the ISTQB syllabus (Randall Rice) present the training content that he personally developed was a great bonus of course, and his enthusiasm for the topic was refreshing. The syllabus and course are a good bridge between the worlds of testing (as taught by ISTQB) and the technical world of penetration testing, without going in to the depths required by a pure security qualification like CISSP. I would certainly be looking to put other people through the course in the future”Chris Jones, Senior Managing Consultant, IBM

Read Less

Entry Requirements

  • A Certificate at ISTQB Foundation level must have been awarded for candidates to sit this course
  • It is recommended that candidates have at least three-years testing experience before attempting the course and exam.

The Exam

To qualify as an internationally-recognized Certified Advanced Level Security Tester and be issued with an ISTQB® Advanced Level Certificate, delegates must successfully pass the exam administered by the relevant National Board or Examination Provider.

The 2-hour exam contains 45 questions, of which 60% must be answered correctly for a pass to and certificate to be awarded.

If English is not your first language, you can apply for an additional time.

TSG Training will issue Peaarson VUE exam voucher after the course and you can use this to sit your exam at a local test centre.

An exam consisting of 40 multiple choice questions is sat over an hour at the end of the course and (25% extra time is available for non-native speakers or those who primary business language is not English). Delegates are awarded a pass if they answer 65% of the questions correctly.

Course Objectives

This course is aimed at the softer-side of security testing and addresses the following key elements and how we manage them from a testing perspective through the life cycle from inception to delivery, including:

  • Human lapses
  • Malicious insiders
  • Malicious outsiders
  • Lack of adequate defenses and testing of the defenses that are in place
  • Defective software in general
  • A limited view of security and testing
  • Placing too much trust in technology
  • Security is an afterthought in most development projects
  • Lack of awareness at the executive level. Everybody knows cybersecurity is a problem, but very few people know how to deal with the risks and challenges.

Syllabus – Key points

Module 1 – The Basis of Security Testing

  • Security Risks
  • Information Security Policies and Procedures
  • Security Auditing and Its Role in Security Testing.

Module 2 – Security Testing Purposes, Goals and Strategies

  • Introduction
  • The Purpose of Security Testing
  • The Organizational Context
  • Security Testing Objectives
  • The Scope and Coverage of Security Testing Objectives.
  • Security Testing Approaches
  • Improving the Security Testing Practices
  • ISTQB Advanced Security Tester Certification Course.

Module 3 – Security Testing Processes

  • Security Test Process Definition
  • Security Test Planning
  • Security Test Design
  • Security Test Execution
  • Security Test Evaluation
  • Security Test Maintenance.

Module 4 – Security Testing Throughout the Software Lifecycle

  • Role of Security Testing in a Software Lifecycle
  • The Role of Security Testing in Requirements
  • The Role of Security Testing in Design
  • The Role of Security Testing in Implementation Activities
  • The Role of Security Testing in System and Acceptance Test Activities
  • The Role of Security Testing in Maintenance.

Module 5 – Testing Security Mechanisms

  • System Hardening
  • Authentication and Authorization
  • Encryption
  • Firewalls and Network Zones
  • Intrusion Detection
  • Malware Scanning
  • Data Obfuscation
  • Training.

Module 6 – Human Factors in Security Testing

  • Understanding the Attackers
  • Social Engineering
  • Security Awareness.

Module 7 – Security Test Evaluation and Reporting

  • Security Test Evaluation
  • Security Test Reporting.

Module 8 – Security Testing Tools

  • Types and Purposes of Security Testing Tools
  • Tool Selection.

Module 9 – Standards and Industry Trends

  • Understanding Security Testing Standards
  • Applying Security Standards
  • Industry Trends.

16 reviews for ISTQB Advanced Security Tester

  1. Rachel Bell | Senior QA Analyst | Tribal

    The course was run at a good pace with lots of chance for discussion around the exercises. Some of the course was out of date/irrelevant due to being written by an American – it would be good if this could be updated. There were also a few slides that were skimmed over as they were not required for the exam, so perhaps take out. I would have liked some exam practice incorporated into the course/homework so that we could have had a discussion around the answers.

  2. Rosie King | Senior QA Analyst | Tribal Group

    John provided lots of useful information. The course was intense but John regularly checked in on us and made sure we were happy as we went along. John treated all questions as important. No question was silly and he explained well. I’ve been on courses before where the content felt like it was purely about getting you to pass an exam – This wasn’t that. I felt like I was learning about security with an exam to come later on and I feel like the course has empowered me in my role.

    My only suggestion (which might not be possible depending on license agreements with Randy?) – There were elements in the presentation that were Americanised or assumed knowledge from other Advanced courses. John did a great job to make these more relevant but it would have been good in general to maybe have the presentation itself tweaked slightly.

  3. Leigh Sampson | Senior QAA Analyst | Tribal

    John has really good knowledge and gives good real life examples to back up this theory bits.
    The course material is based on an American script and some of the word/phases were not UK friendly – I was a little surprised why the slides hadn’t been edited prior to course delivery. There was also a section, which was include, but isn’t needed – I would have expected this to be cut out/trimmed down.
    John is really good at adding extra information to the slides whilst presenting (i.e. adding extra text on top of the slide), but unfortunately John was using a digital pen (or something) and his hand writing was really hard to read, which was a real shame, as it added extra value and had some really good points. I don’t know if a different tool would allow John to add this text ad-hoc, but in a way, which is easier to read – especially when revisiting the slides later for revision.
    I enjoyed the course and felt that John was a good trainer for this.

  4. Millicent Stockdale | Software Tester | Future Facilities

    Course was very dense but informative. It was delivered in a easy to comsue way by a knowledgable trainer

  5. Susannah Nicole Roberts | Senior Quality Assurance Analyst | Tribal

    I think I could have done with a few more sections where we did questions privately, then reviewed as a group – this was done on the foundation course and I found it worked quite well for me.
    I think it was mentioned a few times that the course hasn’t yet been updated (like some of the others have) so it’s not actually in line with bits of the foundation course I’ve done recently – though they’re not huge differences this is a little odd for anyone who’s done foundation recently.
    There’s a lot of content for 4 days and not much time for questions around the topics without affecting the time but John did answer questions I had and I’m very grateful for that.
    I did struggle a bit with reading John’s writing at times, but I made a lot of notes as he spoke on my hard copy and was able to just check bits I wasn’t so sure on reading back to update my notes appropriately.
    Intense 4 days but it’s been full of information and a lot of learning!

  6. Joshua Hawkins | QA Tester | Tribal Group PLC

    Course was very detailed but John kept interest by being responsive and knowledgeable.

  7. Jasmine Garton | Senior QA Analyst | Tribal

    The course was very intensive, but very informative. My trainer, John, was brilliant – provided us with lots of working examples and useful materials to prepare for the exam, as well as for future use and interest. At times, it felt like information overload, but I think that is to be expected with the amount of information that needs to be covered over a four day period – to try and combat this, John made sure we had lots of breaks at regular intervals to recharge. Overall, really good experience and would recommend, and feel lucky to have had such a kind and welcoming trainer to ease the course!!

  8. Eivind Berntsen|Test lead|Nordic Semiconductor ASA

    good but would have preferde on site training

  9. Claire Penswick|QA Delivery Lead|Channel 4

    Very informative and John did a great job of breaking down the content and ensuring that the group were following, engaged and ‘ok’ 🙂

  10. Nader Althubaity | QA Engineer | Saudi Information Tech Company

    The course was very thorough and the instructor very knowledgeable.

  11. Mark Whitby | Head of Development and Testing | Health Intelligence Ltd

    I passed the test with a score of 81% which I was really chuffed with as it was a very challenging course and exam, but definitely worth it! I’ve now been on two TSG courses (both with John Young) and Charlie and Laura have both done one each and we have all loved them and had only positive comments to make on them.

  12. Sandra Kasa|QA Pruduct Tester trainee|SupplyPoint

    Very well put together & delivered.

  13. Kerry Chant|Senior Software Tester|MASS

    The course was delivered online, which places more responsibility on the trainer to deliver the course material. I much prefer a classroom where you’re focused, have fewer distractions and engage and interact more. Having said that, I do think John delivered the material (which was dense) clearly, was personable, and ensured we were all had the opportunity to ask questions and debate topics.

  14. Jackie Fletcher|Test Manager|Education Skills Funding Agency

    Very compressive and well taught

  15. Luiza Precup| YOTI

    I enjoyed your training so much and passed the exam first time

  16. Chris Jones | Senior Managing Consultant | IBM

    “I thought ISTQB Advanced Security Tester was an excellent course that covered the syllabus well and in an interesting and engaging way. Having one of the authors of the ISTQB syllabus (Randall Rice) present the training content that he personally developed was a great bonus of course, and his enthusiasm for the topic was refreshing. The syllabus and course are a good bridge between the worlds of testing (as taught by ISTQB) and the technical world of penetration testing, without going in to the depths required by a pure security qualification like CISSP. I would certainly be looking to put other people through the course in the future”

Add a review

Course dates

Start DateExam IncludedPrice (excl VAT)Qty 
Start Date: Jul 04, 2022Exam Included: Course + Pearson VUE ExamPrice (excl VAT):

£1,350.00

Quantity:
Exam Included: Course + Online ExamPrice (excl VAT):

£1,400.00

Quantity:
Start Date: Sep 05, 2022Exam Included: Course + Pearson VUE ExamPrice (excl VAT):

£1,350.00

Quantity:
Exam Included: Course + Online ExamPrice (excl VAT):

£1,400.00

Quantity:
Start Date: Oct 31, 2022Exam Included: Course + Pearson VUE ExamPrice (excl VAT):

£1,350.00

Quantity:
Exam Included: Course + Online ExamPrice (excl VAT):

£1,400.00

Quantity:
Clear

Frequently asked questions

A Pearson VUE exam voucher enables you to book and sit your exam at your local Pearson VUE testing centre at a time and date convenient to you.  Pearson VUE centres are worldwide, and you will be able to choose the closest testing centre to you. You then go along to the test centre with your photo ID at the specified date and time and you will then take an electronic exam. Your exam voucher will have an expiration date and your exam must be sat before this date as these vouchers cannot be extended.

Rated 4.75 out of 5
(Based on 16 customer reviews)