ISTQB® Certified Tester Advanced Level - Security Tester

Click the image to enlarge

The ISTQB® Advanced Level Security Tester qualification is aimed at people who have already achieved an advanced point in their careers in software testing and wish to develop further their expertise in security testing. The modules offered at the Advanced Level cover a wide range of testing topics.

An ISTQB® Advanced Security Tester should have detailed knowledge of security risks, vulnerabilities and defences in order to create and perform tests that validate the effectiveness of existing and new security defences in a given context.

Value for Organisation

  • Plan, perform and evaluate security tests from a variety of perspectives – policy-based, risk-based, standards-based, requirements-based and vulnerability-based
  • Align security test activities with project lifecycle activities
  • Help the organisation build information security awareness
  • Identify areas where additional or enhanced security testing may be needed

Value for Candidate

  • Evaluate the existing security test suite and identify any additional security tests like vulnerability scanning and penetration testing
  • Analyse a given set of security policies and procedures, along with security test results, to determine effectiveness of system hardening, data privacy and information security
  • Identify security test objectives based on functionality, technology attributes and known vulnerabilities like cross-site scripting, data obfuscation, denial of service
  • Demonstrate the attacker mentality by discovering key information about a target, performing actions on a test application in a protected environment that a malicious person would perform (Like account harvesting and password cracking) and understand how evidence of the attack could be deleted