Book online today or if you need any assistance or help
chosing the right course for you, please call our team on 08000 199337 and
we will help point you in the right direction.
With the ever-increasing numbers of security breaches, both human and machine-based, significantly more understanding is required from testers to ensure that the proper quality assurance measures are in place for assuring the security of IT systems.
Many courses about security testing concentrate solely on the very technical hacking side of things, which is great, but it is not the whole picture. This course is aimed at the softer-side of security testing and addresses the following key elements and how we manage them from a testing perspective through the life cycle from inception to delivery, including:
Lack of adequate defences and testing of the defences that are in place
Defective software in general
A limited view of security and testing
Placing too much trust in technology
Security is an afterthought in most development projects
Lack of awareness at the executive level. Everybody knows cybersecurity is a problem, but very few people know how to deal with the risks and challenges.
Who is it for?
The ISTQB Advanced Security course is for Technical Testers, Security Testers, Security Co-ordinators and Managers, plus testers and test managers who are serious about including security aspects into their test plans or who want to specialise.
What are the benefits of the ISTQB Advanced Security Tester Qualification?
Security of our systems is a real big deal for us all, but how to test they are secure is a bit of a problem. Randy Rice security test expert will talk you through the Advanced Security Tester training course and the benefits it will bring:
Customer Review
“I thought ISTQB Advanced Security Tester was an excellent course that covered the syllabus well and in an interesting and engaging way. Having one of the authors of the ISTQB syllabus (Randall Rice) present the training content that he personally developed was a great bonus of course, and his enthusiasm for the topic was refreshing. The syllabus and course are a good bridge between the worlds of testing (as taught by ISTQB) and the technical world of penetration testing, without going in to the depths required by a pure security qualification like CISSP. I would certainly be looking to put other people through the course in the future”Chris Jones, Senior Managing Consultant, IBM
A Certificate at ISTQB Foundation level must have been awarded for candidates to sit this course
It is recommended that candidates have at least three-years testing experience before attempting the course and exam.
The Exam
To qualify as an internationally-recognized Certified Advanced Level Security Tester and be issued with an ISTQB® Advanced Level Certificate, delegates must successfully pass the exam administered by the relevant National Board or Examination Provider.
The 2-hour exam contains 45 questions, of which 60% must be answered correctly for a pass to and certificate to be awarded.
If English is not your first language, you can apply for an additional time.
TSG Training will issue Peaarson VUE exam voucher after the course and you can use this to sit your exam at a local test centre.
An exam consisting of 40 multiple choice questions is sat over an hour at the end of the course and (25% extra time is available for non-native speakers or those who primary business language is not English). Delegates are awarded a pass if they answer 65% of the questions correctly.
Course Objectives
This course is aimed at the softer-side of security testing and addresses the following key elements and how we manage them from a testing perspective through the life cycle from inception to delivery, including:
Human lapses
Malicious insiders
Malicious outsiders
Lack of adequate defenses and testing of the defenses that are in place
Defective software in general
A limited view of security and testing
Placing too much trust in technology
Security is an afterthought in most development projects
Lack of awareness at the executive level. Everybody knows cybersecurity is a problem, but very few people know how to deal with the risks and challenges.
Syllabus – Key points
Module 1 – The Basis of Security Testing
Security Risks
Information Security Policies and Procedures
Security Auditing and Its Role in Security Testing.
Module 2 – Security Testing Purposes, Goals and Strategies
Introduction
The Purpose of Security Testing
The Organizational Context
Security Testing Objectives
The Scope and Coverage of Security Testing Objectives.
Module 4 – Security Testing Throughout the Software Lifecycle
Role of Security Testing in a Software Lifecycle
The Role of Security Testing in Requirements
The Role of Security Testing in Design
The Role of Security Testing in Implementation Activities
The Role of Security Testing in System and Acceptance Test Activities
The Role of Security Testing in Maintenance.
Module 5 – Testing Security Mechanisms
System Hardening
Authentication and Authorization
Encryption
Firewalls and Network Zones
Intrusion Detection
Malware Scanning
Data Obfuscation
Training.
Module 6 – Human Factors in Security Testing
Understanding the Attackers
Social Engineering
Security Awareness.
Module 7 – Security Test Evaluation and Reporting
Security Test Evaluation
Security Test Reporting.
Module 8 – Security Testing Tools
Types and Purposes of Security Testing Tools
Tool Selection.
Module 9 – Standards and Industry Trends
Understanding Security Testing Standards
Applying Security Standards
Industry Trends.
23 reviews for ISTQB Advanced Security Tester
Rated 4 out of 5
Lakshmi Pochampally | Test Lead | Capgemini –
Really good course. Very informative. Only downside is it could have been more interactive like doing some exam questions to promote discussion.
Rated 5 out of 5
miroslav melkner | test lead | solargis –
good explanations, nice examples, thumbs up
Rated 5 out of 5
Dukhbhanjan Jutla | Assoc. Delivery Director – QAT | NTT DATA –
Informative with lots of useful information and examples derived from previous projects
Rated 5 out of 5
Dave Harding | Test Specialist | NHS Digital –
I’ve found this to be a very informative and eye-opening course – John was an excellent trainer and I was very fortunate to be the only participant in this course. Excellent referencing of the course materials and personal experience/references as well to put information into context.
Rated 5 out of 5
Michelle Mabasa| Tester| Storefeeder –
Informative, lots of information to go through though
Rated 4 out of 5
Tomáš Martinec| Verification engineer| Sysgo –
The course was in-depth introduction across all the aspects of security testing. As such it was purposeful. I would appreciate more expert-level course almost solely focusing on discussions and exercises of real-life scenarios with intent of exchanging expert-level know-how.
Rated 5 out of 5
Sheena Pem| Director| Deloitte –
Great and insightful course. It was a heavy amount of content was was presented well over the 4 days. Thanks for John for being a great trainer and bringing the examples to life.
The course was delivered online, which places more responsibility on the trainer to deliver the course material. I much prefer a classroom where you’re focused, have fewer distractions and engage and interact more. Having said that, I do think John delivered the material (which was dense) clearly, was personable, and ensured we were all had the opportunity to ask questions and debate topics.
I enjoyed your training so much and passed the exam first time
Rated 5 out of 5
Chris Jones | Senior Managing Consultant | IBM –
“I thought ISTQB Advanced Security Tester was an excellent course that covered the syllabus well and in an interesting and engaging way. Having one of the authors of the ISTQB syllabus (Randall Rice) present the training content that he personally developed was a great bonus of course, and his enthusiasm for the topic was refreshing. The syllabus and course are a good bridge between the worlds of testing (as taught by ISTQB) and the technical world of penetration testing, without going in to the depths required by a pure security qualification like CISSP. I would certainly be looking to put other people through the course in the future”
Rated 4 out of 5
Rachel Bell | Senior QA Analyst | Tribal –
The course was run at a good pace with lots of chance for discussion around the exercises. Some of the course was out of date/irrelevant due to being written by an American – it would be good if this could be updated. There were also a few slides that were skimmed over as they were not required for the exam, so perhaps take out. I would have liked some exam practice incorporated into the course/homework so that we could have had a discussion around the answers.
Rated 5 out of 5
Rosie King | Senior QA Analyst | Tribal Group –
John provided lots of useful information. The course was intense but John regularly checked in on us and made sure we were happy as we went along. John treated all questions as important. No question was silly and he explained well. I’ve been on courses before where the content felt like it was purely about getting you to pass an exam – This wasn’t that. I felt like I was learning about security with an exam to come later on and I feel like the course has empowered me in my role.
My only suggestion (which might not be possible depending on license agreements with Randy?) – There were elements in the presentation that were Americanised or assumed knowledge from other Advanced courses. John did a great job to make these more relevant but it would have been good in general to maybe have the presentation itself tweaked slightly.
Rated 4 out of 5
Leigh Sampson | Senior QAA Analyst | Tribal –
John has really good knowledge and gives good real life examples to back up this theory bits.
The course material is based on an American script and some of the word/phases were not UK friendly – I was a little surprised why the slides hadn’t been edited prior to course delivery. There was also a section, which was include, but isn’t needed – I would have expected this to be cut out/trimmed down.
John is really good at adding extra information to the slides whilst presenting (i.e. adding extra text on top of the slide), but unfortunately John was using a digital pen (or something) and his hand writing was really hard to read, which was a real shame, as it added extra value and had some really good points. I don’t know if a different tool would allow John to add this text ad-hoc, but in a way, which is easier to read – especially when revisiting the slides later for revision.
I enjoyed the course and felt that John was a good trainer for this.
I think I could have done with a few more sections where we did questions privately, then reviewed as a group – this was done on the foundation course and I found it worked quite well for me.
I think it was mentioned a few times that the course hasn’t yet been updated (like some of the others have) so it’s not actually in line with bits of the foundation course I’ve done recently – though they’re not huge differences this is a little odd for anyone who’s done foundation recently.
There’s a lot of content for 4 days and not much time for questions around the topics without affecting the time but John did answer questions I had and I’m very grateful for that.
I did struggle a bit with reading John’s writing at times, but I made a lot of notes as he spoke on my hard copy and was able to just check bits I wasn’t so sure on reading back to update my notes appropriately.
Intense 4 days but it’s been full of information and a lot of learning!
Rated 4 out of 5
Joshua Hawkins | QA Tester | Tribal Group PLC –
Course was very detailed but John kept interest by being responsive and knowledgeable.
Rated 5 out of 5
Jasmine Garton | Senior QA Analyst | Tribal –
The course was very intensive, but very informative. My trainer, John, was brilliant – provided us with lots of working examples and useful materials to prepare for the exam, as well as for future use and interest. At times, it felt like information overload, but I think that is to be expected with the amount of information that needs to be covered over a four day period – to try and combat this, John made sure we had lots of breaks at regular intervals to recharge. Overall, really good experience and would recommend, and feel lucky to have had such a kind and welcoming trainer to ease the course!!
Rated 5 out of 5
Claire Penswick|QA Delivery Lead|Channel 4 –
Very informative and John did a great job of breaking down the content and ensuring that the group were following, engaged and ‘ok’ 🙂
Nader Althubaity | QA Engineer | Saudi Information Tech Company –
The course was very thorough and the instructor very knowledgeable.
Rated 5 out of 5
Mark Whitby | Head of Development and Testing | Health Intelligence Ltd –
I passed the test with a score of 81% which I was really chuffed with as it was a very challenging course and exam, but definitely worth it! I’ve now been on two TSG courses (both with John Young) and Charlie and Laura have both done one each and we have all loved them and had only positive comments to make on them.
A Pearson VUE exam voucher enables you to book and sit your exam at your local Pearson VUE testing centre at a time and date convenient to you. Pearson VUE centres are worldwide, and you will be able to choose the closest testing centre to you. You then go along to the test centre with your photo ID at the specified date and time and you will then take an electronic exam. Your exam voucher will have an expiration date and your exam must be sat before this date as these vouchers cannot be extended.
Online Exams The remote web proctor solution allows you to take your exams online, using a webcam, microphone and a stable internet connection. You can schedule your exam in advance, at a date and time of your choice. At the agreed time you will connect with a proctor who will invigilate your exam live. View More info here https://tinyurl.com/mr22kry9
A Pearson VUE exam voucher A pearson VUE exam voucher enables you to book and sit your exam at your local Pearson VUE testing centre at a time and date convenient to you. Pearson VUE centres are worldwide, and you will be able to choose the closest testing centre to you. View More info here https://tinyurl.com/2mhn5ust
E-learning is s training, learning, or education delivered online through a computer or any other digital device, where you can work through the course at your own pace.
If you are attending a classroom course, then this will be taken at our many training centres within the UK. Our London location is Minories London EC3N 1BJ
Virtual classroom is like being in a classroom where students gather, except you will be in your home, office, or other place of your choice.
Enquire Now
At TSG Training, we know that preparing for an exam can be a stressful endeavour. That’s why we offer a unique promise to our customers – if you don’t pass your software testing course exam the first time around, you can take one subsequent course at no cost! Exam re-takes are chargeable
Lakshmi Pochampally | Test Lead | Capgemini –
Really good course. Very informative. Only downside is it could have been more interactive like doing some exam questions to promote discussion.
miroslav melkner | test lead | solargis –
good explanations, nice examples, thumbs up
Dukhbhanjan Jutla | Assoc. Delivery Director – QAT | NTT DATA –
Informative with lots of useful information and examples derived from previous projects
Dave Harding | Test Specialist | NHS Digital –
I’ve found this to be a very informative and eye-opening course – John was an excellent trainer and I was very fortunate to be the only participant in this course. Excellent referencing of the course materials and personal experience/references as well to put information into context.
Michelle Mabasa| Tester| Storefeeder –
Informative, lots of information to go through though
Tomáš Martinec| Verification engineer| Sysgo –
The course was in-depth introduction across all the aspects of security testing. As such it was purposeful. I would appreciate more expert-level course almost solely focusing on discussions and exercises of real-life scenarios with intent of exchanging expert-level know-how.
Sheena Pem| Director| Deloitte –
Great and insightful course. It was a heavy amount of content was was presented well over the 4 days. Thanks for John for being a great trainer and bringing the examples to life.
Sandra Kasa|QA Pruduct Tester trainee|SupplyPoint –
Very well put together & delivered.
Kerry Chant|Senior Software Tester|MASS –
The course was delivered online, which places more responsibility on the trainer to deliver the course material. I much prefer a classroom where you’re focused, have fewer distractions and engage and interact more. Having said that, I do think John delivered the material (which was dense) clearly, was personable, and ensured we were all had the opportunity to ask questions and debate topics.
Jackie Fletcher|Test Manager|Education Skills Funding Agency –
Very compressive and well taught
Luiza Precup| YOTI –
I enjoyed your training so much and passed the exam first time
Chris Jones | Senior Managing Consultant | IBM –
“I thought ISTQB Advanced Security Tester was an excellent course that covered the syllabus well and in an interesting and engaging way. Having one of the authors of the ISTQB syllabus (Randall Rice) present the training content that he personally developed was a great bonus of course, and his enthusiasm for the topic was refreshing. The syllabus and course are a good bridge between the worlds of testing (as taught by ISTQB) and the technical world of penetration testing, without going in to the depths required by a pure security qualification like CISSP. I would certainly be looking to put other people through the course in the future”
Rachel Bell | Senior QA Analyst | Tribal –
The course was run at a good pace with lots of chance for discussion around the exercises. Some of the course was out of date/irrelevant due to being written by an American – it would be good if this could be updated. There were also a few slides that were skimmed over as they were not required for the exam, so perhaps take out. I would have liked some exam practice incorporated into the course/homework so that we could have had a discussion around the answers.
Rosie King | Senior QA Analyst | Tribal Group –
John provided lots of useful information. The course was intense but John regularly checked in on us and made sure we were happy as we went along. John treated all questions as important. No question was silly and he explained well. I’ve been on courses before where the content felt like it was purely about getting you to pass an exam – This wasn’t that. I felt like I was learning about security with an exam to come later on and I feel like the course has empowered me in my role.
My only suggestion (which might not be possible depending on license agreements with Randy?) – There were elements in the presentation that were Americanised or assumed knowledge from other Advanced courses. John did a great job to make these more relevant but it would have been good in general to maybe have the presentation itself tweaked slightly.
Leigh Sampson | Senior QAA Analyst | Tribal –
John has really good knowledge and gives good real life examples to back up this theory bits.
The course material is based on an American script and some of the word/phases were not UK friendly – I was a little surprised why the slides hadn’t been edited prior to course delivery. There was also a section, which was include, but isn’t needed – I would have expected this to be cut out/trimmed down.
John is really good at adding extra information to the slides whilst presenting (i.e. adding extra text on top of the slide), but unfortunately John was using a digital pen (or something) and his hand writing was really hard to read, which was a real shame, as it added extra value and had some really good points. I don’t know if a different tool would allow John to add this text ad-hoc, but in a way, which is easier to read – especially when revisiting the slides later for revision.
I enjoyed the course and felt that John was a good trainer for this.
Millicent Stockdale | Software Tester | Future Facilities –
Course was very dense but informative. It was delivered in a easy to comsue way by a knowledgable trainer
Susannah Nicole Roberts | Senior Quality Assurance Analyst | Tribal –
I think I could have done with a few more sections where we did questions privately, then reviewed as a group – this was done on the foundation course and I found it worked quite well for me.
I think it was mentioned a few times that the course hasn’t yet been updated (like some of the others have) so it’s not actually in line with bits of the foundation course I’ve done recently – though they’re not huge differences this is a little odd for anyone who’s done foundation recently.
There’s a lot of content for 4 days and not much time for questions around the topics without affecting the time but John did answer questions I had and I’m very grateful for that.
I did struggle a bit with reading John’s writing at times, but I made a lot of notes as he spoke on my hard copy and was able to just check bits I wasn’t so sure on reading back to update my notes appropriately.
Intense 4 days but it’s been full of information and a lot of learning!
Joshua Hawkins | QA Tester | Tribal Group PLC –
Course was very detailed but John kept interest by being responsive and knowledgeable.
Jasmine Garton | Senior QA Analyst | Tribal –
The course was very intensive, but very informative. My trainer, John, was brilliant – provided us with lots of working examples and useful materials to prepare for the exam, as well as for future use and interest. At times, it felt like information overload, but I think that is to be expected with the amount of information that needs to be covered over a four day period – to try and combat this, John made sure we had lots of breaks at regular intervals to recharge. Overall, really good experience and would recommend, and feel lucky to have had such a kind and welcoming trainer to ease the course!!
Claire Penswick|QA Delivery Lead|Channel 4 –
Very informative and John did a great job of breaking down the content and ensuring that the group were following, engaged and ‘ok’ 🙂
Eivind Berntsen|Test lead|Nordic Semiconductor ASA –
good but would have preferde on site training
Nader Althubaity | QA Engineer | Saudi Information Tech Company –
The course was very thorough and the instructor very knowledgeable.
Mark Whitby | Head of Development and Testing | Health Intelligence Ltd –
I passed the test with a score of 81% which I was really chuffed with as it was a very challenging course and exam, but definitely worth it! I’ve now been on two TSG courses (both with John Young) and Charlie and Laura have both done one each and we have all loved them and had only positive comments to make on them.