1. Home
  2. ISTQB Advanced Level Security Testing

ISTQB Advanced Level Security Testing

Prepare for the ISTQB Advanced Level Security Tester Exam

istqb-certification

Accredited training for the ISTQB® Advanced Level Security Tester (CTAL-SEC) certification. This course covers security testing strategies, security testing throughout the software lifecycle, security test evaluation and reporting, security testing tools, and more.

Full Description and Outline

Upcoming Classes

= Guaranteed to Run
Dates
Mode
Location
Price
Mar 24Mar 26, 2025
Live Virtual
Virtual Classroom
Virtual Classroom
$2,195
Attend
Select a learning mode button (Public, Live Virtual, etc.) for pricing, details, and a downloadable fact sheet.
Description
  • Plan, perform and evaluate security tests from a variety of perspectives – policy-based, risk-based, standards-based, requirements-based and vulnerability-based
  • Align security test activities with project lifecycle activities
  • Analyze the effective use of risk assessment techniques in a given situation to identify current and future security threats and assess their severity levels
  • Evaluate the existing security test suite and identify any additional security tests
  • Analyze a given set of security policies and procedures, along with security test results, to determine effectiveness
  • For a given project scenario, identify security test objectives based on functionality, technology attributes and known vulnerabilities
  • Analyze a given situation and determine which security testing approaches are most likely to succeed in that situation
  • Identify areas where additional or enhanced security testing may be needed
  • Evaluate effectiveness of security mechanisms
  • Help the organization build information security awareness
  • Demonstrate the attacker mentality by discovering key information about a target, performing actions on a test application in a protected environment that a malicious person would perform, and understand how evidence of the attack could be deleted
  • Analyze a given interim security test status report to determine the level of accuracy, understandability, and stakeholder appropriateness
  • Analyze and document security test needs to be addressed by one or more tools
  • Analyze and select candidate security test tools for a given tool search based on specified needs
  • Understand the benefits of using security testing standards and where to find them
 
Who Should Attend?
  • Security Testers
  • Security Analysts
  • Project Managers
  • Test Automation Engineers
  • Cybersecurity Engineers
  • DevSecOps Engineers
  • Systems Engineers
  • Software Developers

ISTQB® Certification & Exam
The International Software Testing Qualifications Board (ISTQB) is the world's most widely-recognized certification of software testing skills and knowledge. Founded in 2002, the ISTQB is is a not-for-profit association that has issued more than 750,000 certifications in 129 countries around the globe. The ISTQB Software Tester Certification—Foundation Level (CTFL) is a prerequisite for the ISTQB Usability Testing (ISTQB CTFL-UT) exam. In order to be eligible to take this exam, potential examinees must submit proof of Certified Tester—Foundation Level (CTFL) certification.

For public virtual classes, the ISTQB Advanced Level – Security Tester (CTAL-SEC) exam is an additional fee and is not included in the course price. You have the option to add on this exam voucher when you register for the class. If you choose to add on the exam voucher, it will be emailed to you upon completion of the course. If you do not choose to add-on the voucher when purchasing this class, you must reach out to an exam provider directly if you wish to take an exam later.*

*This purchase does NOT fall under our Coveros guarantee of retaking the class if you do not pass the exam within 30 days of taking the class. This purchase includes just one (1) exam voucher. All additional vouchers will need to be purchased with an exam provider.

 

Questions? 929.777.8102 [email protected]
Course Outline
The Basis of Security Testing
Security Risks
  • The Role of Risk Assessment in Security Testing
  • Asset Identification
  • Analysis of Risk Assessment Techniques
Information Security Policies and Procedures
  • Understanding Security Policies and Procedures
  • Analysis of Security Policies and Procedures
Security Auditing and Its Role in Security Testing
  • Purpose of a Security Audit
  • Risk Identification, Assessment, and Mitigation
  • People, Process and Technology
 
Security Testing Purposes, Goals and Strategies 
Introduction
The Purpose of Security Testing
The Organizational Context
Security Testing Objectives
  • The Alignment of Security Testing Goals
  • Identification of Security Test Objectives
  • The Difference Between Information Assurance and Security Testing
The Scope and Coverage of Security Testing Objectives
Security Testing Approaches
  • Analysis of Security Test Approaches
  • Analysis of Failures in Security Test Approaches
  • Stakeholder Identification
Improving the Security Testing Practices
 
Security Testing Processes
Security Test Process Definition
  • ISTQB Security Testing Process
  • Aligning the Security Testing Process to a Particular Application Lifecycle Model
Security Test Planning
  • Security Test Planning Objectives
  • Key Security Test Plan Elements
Security Test Design
  • Security Test Design
  • Security Test Design Based on Policies and Procedures
Security Test Execution
  • Key Elements and Characteristics of an Effective Security Test Environment
  • The Importance Of Planning and Approvals in Security Testing
Security Test Evaluation
Security Test Maintenance
 
Security Testing Throughout the Software Lifecycle
The Role of Security Testing in a Software Lifecycle
  • The Lifecycle View of Security Testing
  • Security-Related Activities in the Software Lifecycle
The Role of Security Testing in Requirements
The Role of Security Testing in Design
The Role of Security Testing in Implementation Activities
  • Security Testing During Component Testing
  • Security Test Design at the Component Level
  • Analysis of Security Tests at the Component Level
  • Security Testing During Component Integration Testing
  • Security Test Design at the Component Integration Level
The Role of Security Testing in System and Acceptance Test Activities
  • The Role of Security Testing in System Testing
  • The Role of Security Testing in Acceptance Testing
The Role of Security Testing in Maintenance
 
Testing Security Mechanisms 
System Hardening
  • Understanding System Hardening
  • Testing the Effectiveness of System Hardening Mechanisms
Authentication and Authorization
  • The Relationship Between Authentication and Authorization
  • Testing the Effectiveness of Authentication and Authorization Mechanisms
Encryption
  • Understanding Encryption
  • Testing the Effectiveness of Common Encryption Mechanisms
Firewalls and Network Zones
  • Understanding Firewalls
  • Testing Firewall Effectiveness
Intrusion Detection
  • Understanding Intrusion Detection Tools
  • Testing the Effectiveness of Intrusion Detection Tools
Malware Scanning
  • Understanding Malware Scanning Tools
  • Testing the Effectiveness of Malware Scanning Tools
Data Obfuscation
  • Understanding Data Obfuscation
  • Testing the Effectiveness of Data Obfuscation Approaches
Training
  • The Importance of Security Training
  • How to Test the Effectiveness of Security Training
 
Human Factors in Security Testing
Understanding the Attackers
  • The Impact of Human Behavior on Security Risks
  • Understanding the Attacker Mentality
  • Common Motivations and Sources of Computer System Attacks
  • Understanding Attack Scenarios and Motivations
Social Engineering
Security Awareness
  • The Importance Of Security Awareness
  • Increasing Security Awareness
 
Security Test Evaluation and Reporting
Security Test Evaluation
Security Test Reporting
  • Confidentiality of Security Test Results
  • Creating Proper Controls and Data Gathering Mechanisms for Reporting Security Test Status
  • Analyzing Interim Security Test Status Reports
 
Security Testing Tools
Types and Purposes of Security Testing Tools
Tool Selection
  • Analyzing and Documenting Security Testing Needs
  • Issues with Open Source Tools
  • Evaluating a Tool Vendor’s Capabilities
 
Standards and Industry Trends
Understanding Security Testing Standards
  • The Benefits of Using Security Testing Standards
  • Applicability of Standards in Regulatory Versus Contractual Situations
  • Selection of Security Standards
Applying Security Standards
Industry Trends
  • Where to Learn of Industry Trends in Information Security
  • Evaluating Security Testing Practices for Improvements
 
Related Courses
Software Testing Bootcamp

Regardless of the methodology—Agile, Waterfall, or DevOps—testing is a critical element for successful software development and delivery. This...Learn more

Fundamentals of Software Security

Learn how to integrate security concepts into every phase of your software development process. This two-day course teaches the fundamentals of...Learn more

ISTQB Certified Tester Advanced Level - Agile Technical Tester

Accredited training for the ISTQB® Advanced Agile Technical Tester (CTAL-ATT) certification. This course covers requirements engineering, testing...Learn more
= Guaranteed to Run
Dates
Mode
Location
Price
Mar 24Mar 26, 2025
Live Virtual
Virtual Classroom
Virtual Classroom
$2,195
Attend
Download Fact Sheet
Price: $2,195 USD
Course Duration: 3 Days
Description
  • Plan, perform, and evaluate security tests from a variety of perspectives 
  • Evaluate an existing security test suite and identify any additional security tests needed.
  • Analyze a given set of security policies and procedures, along with security test results, to determine effectiveness.
  • For a given project scenario, identify security test objectives based on functionality, technology attributes and known vulnerabilities.
  • Analyze a given situation and determine which security testing approaches are most likely to succeed in that situation.
  • Identify areas where additional or enhanced security testing may be needed.
  • Evaluate effectiveness of security mechanisms.
  • Help the organization build information security awareness.
  • Demonstrate the attacker mentality by discovering key information about a target, performing actions on a test application in a protected environment that a malicious person would perform, and understand how evidence of the attack could be deleted.
  • Analyze a given interim security test status report to determine the level of accuracy, understandability, and stakeholder appropriateness.
  • Analyze and document security test needs to be addressed by one or more tools.
  • Understand the role of security standards (including security test standards), where to find them, and how to stay current with security developments worldwide.
 
With the prevalence of cyber security breaches, it is clear that more attention is needed in testing that security defenses are in place and working effectively. This course and certification covers much more than just penetration testing. Certainly, penetration testing is an important part of security testing, but there are many other threats and vulnerabilities that require other security testing approaches. 
 
Who Should Attend?
  • Security testers
  • Software testers who wish to develop a specialty in security testing
  • Security administrators who wish to learn how to test new and existing defenses
  • Developers who want to learn secure coding techniques
  • Project managers who want to learn how security testing fits in the project lifecycle

ISTQB® Certification & Exam
The cost of the class includes an exam voucher for the ISTQB CT-ST exam.* Exam vouchers are distributed at the end of the class. Passing the exam will grant you an ISTQB CT-ST certification.

Prerequisites
You must have obtained an ISTQB Foundation Level Certification (CTFL) to be eligible for the ISTQB® Security Tester (CT-ST) certification.

*This purchase does NOT fall under our Coveros guarantee of retaking the class if you do not pass the exam within 30 days of taking the class. This purchase includes just one (1) exam voucher. All additional vouchers will need to be purchased with an exam provider.

 

Questions? 929.777.8102 [email protected]
Course Outline
The Basis of Security Testing
Security Risks
Information Security Policies and Procedures
Security Auditing and Its Role in Security Testing
 
Security Testing Purposes, Goals and Strategies 
Introduction
The Purpose of Security Testing
The Organizational Context
Security Testing Objectives
The Scope and Coverage of Security Testing Objectives
Security Testing Approaches
Improving the Security Testing Practices
 
Security Testing Processes
Security Test Process Definition
Security Test Planning
Security Test Design
Security Test Execution
Security Test Evaluation
Security Test Maintenance
 
Security Testing Throughout the Software Lifecycle
Role of Security Testing in a Software Lifecycle
The Role of Security Testing in Requirements
The Role of Security Testing in Design
The Role of Security Testing in Implementation Activities
The Role of Security Testing in System and Acceptance Test Activities
The Role of Security Testing in Maintenance
 
Testing Security Mechanisms 
System Hardening
Authentication and Authorization
Encryption
Firewalls and Network Zones
Intrusion Detection
Malware Scanning
Data Obfuscation
Training
 
Human Factors in Security Testing
Understanding the Attackers
Social Engineering
Security Awareness
 
Security Test Evaluation and Reporting
Security Test Evaluation
Security Test Reporting
 
Security Testing Tools
Types and Purposes of Security Testing Tools
Tool Selection
 
Standards and Industry Trends
Understanding Security Testing Standards
Applying Security Standards
Industry Trends
 
Class Schedule
3-Day Daily Schedule: 9:00am-5:00pm ET/6:00am-2:00pm PT
Times represent the typical daily schedule. Please confirm class schedule at registration.
 
Class Fee Includes
  • Easy course access: Attend training right from your computer. Easy and quick access fits today’s working style and eliminates expensive travel and long days in the classroom.
  • Live, expert instruction: Instructors are sought-after practitioners, highly-experienced in the industry who deliver a professional learning experience in real-time.
  • Valuable course materials: Courses cover the same professional content as our classroom training, and students have direct access to valuable materials.
  • Rich virtual learning environment: A variety of tools are built in to the learning platform to engage learners through dynamic delivery and to facilitate a multi-directional flow of information.
  • Hands-on exercises: An essential component to any learning experience is applying what you have learned. Using the latest technology, your instructor can provide hands-on exercises, group activities, and breakout sessions.
  • Real-time communication: Communicate real-time directly with the instructor. Ask questions, provide comments, and participate in the class discussions.
  • Peer interaction: Networking with peers has always been a valuable part of any classroom training. Live Virtual training gives you the opportunity to interact with and learn from the other attendees during breakout sessions, course lecture, and Q&A.
  • Small class size: Live Virtual courses are limited in small class size to ensure an opportunity for personal interaction.

Bring this course to your team at your site. Contact us to learn more at 929.777.8102.

Don't see a date that fits your schedule? Contact us for scheduling options at 929.777.8102
Download Fact Sheet
Course Duration: 5 Days
Description
  • Plan, perform and evaluate security tests from a variety of perspectives – policy-based, risk-based, standards-based, requirements-based and vulnerability-based
  • Align security test activities with project lifecycle activities
  • Analyze the effective use of risk assessment techniques in a given situation to identify current and future security threats and assess their severity levels
  • Evaluate the existing security test suite and identify any additional security tests
  • Analyze a given set of security policies and procedures, along with security test results, to determine effectiveness
  • For a given project scenario, identify security test objectives based on functionality, technology attributes and known vulnerabilities
  • Analyze a given situation and determine which security testing approaches are most likely to succeed in that situation
  • Identify areas where additional or enhanced security testing may be needed
  • Evaluate effectiveness of security mechanisms
  • Help the organization build information security awareness
  • Demonstrate the attacker mentality by discovering key information about a target, performing actions on a test application in a protected environment that a malicious person would perform, and understand how evidence of the attack could be deleted
  • Analyze a given interim security test status report to determine the level of accuracy, understandability, and stakeholder appropriateness
  • Analyze and document security test needs to be addressed by one or more tools
  • Analyze and select candidate security test tools for a given tool search based on specified needs
  • Understand the benefits of using security testing standards and where to find them
 
Who Should Attend?
  • Security Testers
  • Security Analysts
  • Project Managers
  • Test Automation Engineers
  • Cybersecurity Engineers
  • DevSecOps Engineers
  • Systems Engineers
  • Software Developers

ISTQB® Certification & Exam
The International Software Testing Qualifications Board (ISTQB) is the world's most widely-recognized certification of software testing skills and knowledge. Founded in 2002, the ISTQB is is a not-for-profit association that has issued more than 750,000 certifications in 129 countries around the globe. The ISTQB Software Tester Certification—Foundation Level (CTFL) is a prerequisite for the ISTQB Usability Testing (ISTQB CTFL-UT) exam. In order to be eligible to take this exam, potential examinees must submit proof of Certified Tester—Foundation Level (CTFL) certification.

For public virtual classes, the ISTQB Advanced Level – Security Tester (CTAL-SEC) exam is an additional fee and is not included in the course price. You have the option to add on this exam voucher when you register for the class. If you choose to add on the exam voucher, it will be emailed to you upon completion of the course. If you do not choose to add-on the voucher when purchasing this class, you must reach out to an exam provider directly if you wish to take an exam later.*

*This purchase does NOT fall under our Coveros guarantee of retaking the class if you do not pass the exam within 30 days of taking the class. This purchase includes just one (1) exam voucher. All additional vouchers will need to be purchased with an exam provider.

 

Questions? 929.777.8102 [email protected]
Course Outline
The Basis of Security Testing
Security Risks
  • The Role of Risk Assessment in Security Testing
  • Asset Identification
  • Analysis of Risk Assessment Techniques
Information Security Policies and Procedures
  • Understanding Security Policies and Procedures
  • Analysis of Security Policies and Procedures
Security Auditing and Its Role in Security Testing
  • Purpose of a Security Audit
  • Risk Identification, Assessment, and Mitigation
  • People, Process and Technology
 
Security Testing Purposes, Goals and Strategies 
Introduction
The Purpose of Security Testing
The Organizational Context
Security Testing Objectives
  • The Alignment of Security Testing Goals
  • Identification of Security Test Objectives
  • The Difference Between Information Assurance and Security Testing
The Scope and Coverage of Security Testing Objectives
Security Testing Approaches
  • Analysis of Security Test Approaches
  • Analysis of Failures in Security Test Approaches
  • Stakeholder Identification
Improving the Security Testing Practices
 
Security Testing Processes
Security Test Process Definition
  • ISTQB Security Testing Process
  • Aligning the Security Testing Process to a Particular Application Lifecycle Model
Security Test Planning
  • Security Test Planning Objectives
  • Key Security Test Plan Elements
Security Test Design
  • Security Test Design
  • Security Test Design Based on Policies and Procedures
Security Test Execution
  • Key Elements and Characteristics of an Effective Security Test Environment
  • The Importance Of Planning and Approvals in Security Testing
Security Test Evaluation
Security Test Maintenance
 
Security Testing Throughout the Software Lifecycle
The Role of Security Testing in a Software Lifecycle
  • The Lifecycle View of Security Testing
  • Security-Related Activities in the Software Lifecycle
The Role of Security Testing in Requirements
The Role of Security Testing in Design
The Role of Security Testing in Implementation Activities
  • Security Testing During Component Testing
  • Security Test Design at the Component Level
  • Analysis of Security Tests at the Component Level
  • Security Testing During Component Integration Testing
  • Security Test Design at the Component Integration Level
The Role of Security Testing in System and Acceptance Test Activities
  • The Role of Security Testing in System Testing
  • The Role of Security Testing in Acceptance Testing
The Role of Security Testing in Maintenance
 
Testing Security Mechanisms 
System Hardening
  • Understanding System Hardening
  • Testing the Effectiveness of System Hardening Mechanisms
Authentication and Authorization
  • The Relationship Between Authentication and Authorization
  • Testing the Effectiveness of Authentication and Authorization Mechanisms
Encryption
  • Understanding Encryption
  • Testing the Effectiveness of Common Encryption Mechanisms
Firewalls and Network Zones
  • Understanding Firewalls
  • Testing Firewall Effectiveness
Intrusion Detection
  • Understanding Intrusion Detection Tools
  • Testing the Effectiveness of Intrusion Detection Tools
Malware Scanning
  • Understanding Malware Scanning Tools
  • Testing the Effectiveness of Malware Scanning Tools
Data Obfuscation
  • Understanding Data Obfuscation
  • Testing the Effectiveness of Data Obfuscation Approaches
Training
  • The Importance of Security Training
  • How to Test the Effectiveness of Security Training
 
Human Factors in Security Testing
Understanding the Attackers
  • The Impact of Human Behavior on Security Risks
  • Understanding the Attacker Mentality
  • Common Motivations and Sources of Computer System Attacks
  • Understanding Attack Scenarios and Motivations
Social Engineering
Security Awareness
  • The Importance Of Security Awareness
  • Increasing Security Awareness
 
Security Test Evaluation and Reporting
Security Test Evaluation
Security Test Reporting
  • Confidentiality of Security Test Results
  • Creating Proper Controls and Data Gathering Mechanisms for Reporting Security Test Status
  • Analyzing Interim Security Test Status Reports
 
Security Testing Tools
Types and Purposes of Security Testing Tools
Tool Selection
  • Analyzing and Documenting Security Testing Needs
  • Issues with Open Source Tools
  • Evaluating a Tool Vendor’s Capabilities
 
Standards and Industry Trends
Understanding Security Testing Standards
  • The Benefits of Using Security Testing Standards
  • Applicability of Standards in Regulatory Versus Contractual Situations
  • Selection of Security Standards
Applying Security Standards
Industry Trends
  • Where to Learn of Industry Trends in Information Security
  • Evaluating Security Testing Practices for Improvements
 
Class Schedule
Sign-In/Registration 7:30 - 8:30 a.m.
Morning Session 8:30 a.m. - 12:00 p.m.
Lunch 12:00 - 1:00 p.m.
Afternoon Session 1:00 - 5:00 p.m.
Times represent the typical daily schedule. Please confirm your schedule at registration.
Class Fee Includes
• Tuition
• Course notebook
• Letter of completion
Instructors

Randy Rice

Randall (Randy) Rice, CTAL (Full), is a leading author, speaker, consultant and practitioner in the field of software testing and software quality. He has over 40 years experience in building and testing software projects in a variety of environments and has authored over 70 training courses in software testing, security testing...Learn More

Questions?

Get in Touch Ways To Save

On-Site/Private Training

Let us bring the learning to your team at your location or in an interactive virtual classroom!
Choose from more than 50 courses.

View all courses

Combine World-Class Training and

Certification with a Conference

Maximize Your Learning Potential

STAR Conference logo

AI Con USA logo

Agile + DevOps USA logo