ISTQB Advanced Level Syllabus (2016) Security Tester
Revision History............................................................................................................................ 3
Table of Contents.......................................................................................................................... 4
Acknowledgements....................................................................................................................... 7
0. Introduction to this Syllabus.................................................................................................... 8
0.1 Purpose of this Document................................................................................................. 8
0.2 Overview.......................................................................................................................... 8
0.3 Examination...................................................................................................................... 8
0.4 How this Syllabus is Organized.......................................................................................... 8
0.5 Definitions........................................................................................................................ 9
0.6 Level of Detail.................................................................................................................. 9
0.7 Learning Objectives / Level of Knowledge.......................................................................... 9
1 The Basis of Security Testing - 105 mins................................................................................. 11
1.1 Security Risks................................................................................................................. 12
1.1.1 The Role of Risk Assessment in Security Testing....................................................... 12
1.1.2 Asset Identification................................................................................................... 13
1.1.3 Analysis of Risk Assessment Techniques.................................................................. 14
1.2 Information Security Policies and Procedures................................................................... 15
1.2.1 Understanding Security Policies and Procedures........................................................ 15
1.2.2 Analysis of Security Policies and Procedures............................................................ 18
1.3 Security Auditing and Its Role in Security Testing.............................................................. 19
1.3.1 Purpose of a Security Audit...................................................................................... 20
1.3.2 Risk Identification, Assessment and Mitigation........................................................... 21
1.3.3 People, Process and Technology.............................................................................. 24
2. Security Testing Purposes, Goals and Strategies - 130 mins................................................... 26
2.1 Introduction..................................................................................................................... 27
2.2 The Purpose of Security Testing...................................................................................... 27
2.3 The Organizational Context.............................................................................................. 28
2.4 Security Testing Objectives.............................................................................................. 28
2.4.1 The Alignment of Security Testing Goals....................................................................... 28
2.4.2 Identification of Security Test Objectives.................................................................... 28
2.4.3 The Difference Between Information Assurance and Security Testing.............................. 29
2.5 The Scope and Coverage of Security Testing Objectives................................................... 29
2.6 Security Testing Approaches........................................................................................... 29
2.6.1 Analysis of Security Test Approaches......................................................................... 29
2.6.2 Analysis of Failures in Security Test Approaches....................................................... 30
2.6.3 Stakeholder Identification........................................................................................... 31
2.7 Improving the Security Testing Practices.......................................................................... 31
3. Security Testing Processes - 140 mins...................................................................................... 32
3.1 Security Test Process Definition...................................................................................... 33
3.1.1 ISTQB Security Testing Process................................................................................ 33
3.1.2 Aligning the Security Testing Process to a Particular Application Lifecycle Model........ 35
3.2 Security Test Planning.................................................................................................... 38
3.2.1 Security Test Planning Objectives............................................................................... 38
3.2.2 Key Security Test Plan Elements............................................................................... 38
3.3 Security Test Design....................................................................................................... 39
3.3.1 Security Test Design.................................................................................................... 40
3.3.2 Security Test Design Based on Policies and Procedures............................................... 44
3.4 Security Test Execution.................................................................................................. 45
3.4.1 Key Elements and Characteristics of an Effective Security Test Environment................ 45
3.4.2 The Importance Of Planning and Approvals in Security Testing................................... 46
3.5 Security Test Evaluation.................................................................................................. 46
3.6 Security Test Maintenance............................................................................................... 47
4. Security Testing Throughout the Software Lifecycle - 225 mins................................................. 48
4.1 The Role of Security Testing in a Software Lifecycle......................................................... 49
4.1.1 The Lifecycle View of Security Testing........................................................................ 49
4.1.2 Security-Related Activities in the Software Lifecycle.................................................... 49
4.2 The Role of Security Testing in Requirements................................................................... 52
4.3 The Role of Security Testing in Design............................................................................. 53
4.4 The Role of Security Testing in Implementation Activities................................................... 53
4.4.1 Security Testing During Component Testing................................................................ 53
4.4.2 Security Test Design at the Component Level.............................................................. 54
4.4.3 Analysis of Security Tests at the Component Level...................................................... 54
4.4.4 Security Testing During Component Integration Testing................................................ 55
4.4.5 Security Test Design at the Component Integration Level............................................. 55
4.5 The Role of Security Testing in System and Acceptance Test Activities.............................. 56
4.5.1 The Role of Security Testing in System Testing.......................................................... 56
4.5.2 The Role of Security Testing in Acceptance Testing.................................................... 56
4.6 The Role of Security Testing in Maintenance........................................................................ 56
5. Testing Security Mechanisms - 240 mins................................................................................. 58
5.1 System Hardening......................................................................................................... 60
5.1.1 Understanding System Hardening.............................................................................. 60
5.1.2 Testing the Effectiveness of System Hardening Mechanisms...................................... 61
5.2 Authentication and Authorization..................................................................................... 61
5.2.1 The Relationship Between Authentication and Authorization......................................... 61
5.2.2 Testing the Effectiveness of Authentication and Authorization Mechanisms................. 62
5.3 Encryption.................................................................................................................... 62
5.3.1 Understanding Encryption......................................................................................... 62
5.3.2 Testing the Effectiveness of Common Encryption Mechanisms.................................. 63
5.4 Firewalls and Network Zones.......................................................................................... 63
5.4.1 Understanding Firewalls............................................................................................ 63
5.4.2 Testing Firewall Effectiveness................................................................................... 64
5.5 Intrusion Detection.......................................................................................................... 64
5.5.1 Understanding Intrusion Detection Tools.................................................................... 64
5.5.2 Testing the Effectiveness of Intrusion Detection Tools............................................... 65
5.6 Malware Scanning........................................................................................................... 65
5.6.1 Understanding Malware Scanning Tools..................................................................... 65
5.6.2 Testing the Effectiveness of Malware Scanning Tools................................................ 65
5.7 Data Obfuscation............................................................................................................ 66
5.7.1 Understanding Data Obfuscation............................................................................... 66
5.7.2 Testing the Effectiveness of Data Obfuscation Approaches....................................... 66
5.8 Training.......................................................................................................................... 67
5.8.1 The Importance of Security Training........................................................................... 67
5.8.2 How to Test the Effectiveness of Security Training..................................................... 67
6. Human Factors in Security Testing - 105 mins.......................................................................... 68
6.1 Understanding the Attackers............................................................................................ 69
6.1.1 The Impact of Human Behavior on Security Risks....................................................... 69
6.1.2 Understanding the Attacker Mentality......................................................................... 69
6.1.3 Common Motivations and Sources of Computer System Attacks................................ 70
6.1.4 Understanding Attack Scenarios and Motivations....................................................... 70
6.2 Social Engineering.......................................................................................................... 72
6.3 Security Awareness......................................................................................................... 73
6.3.1 The Importance Of Security Awareness...................................................................... 73
6.3.2 Increasing Security Awareness.................................................................................. 73
7. Security Test Evaluation and Reporting - 70 mins..................................................................... 74
7.1 Security Test Evaluation.................................................................................................. 75
7.2 Security Test Reporting................................................................................................... 75
7.2.1 Confidentiality of Security Test Results...................................................................... 75
7.2.2 Creating Proper Controls and Data Gathering Mechanisms for Reporting Security Test Status…. 75
7.2.3 Analyzing Interim Security Test Status Reports........................................................... 75
8. Security Testing Tools - 55 mins............................................................................................ 77
8.1 Types and Purposes of Security Testing Tools................................................................. 78
8.2 Tool Selection................................................................................................................. 79
8.2.1 Analyzing and Documenting Security Testing Needs................................................... 79
8.2.2 Issues with Open Source Tools................................................................................. 79
8.2.3 Evaluating a Tool Vendor’s Capabilities..................................................................... 80
9. Standards and Industry Trends - 40 mins.............................................................................. 81
9.1 Understanding Security Testing Standards........................................................................ 82
9.1.1 The Benefits of Using Security Testing Standards...................................................... 82
9.1.2 Applicability of Standards in Regulatory Versus Contractual Situations....................... 82
9.1.3 Selection of Security Standards................................................................................ 82
9.2 Applying Security Standards............................................................................................ 82
9.3 Industry Trends............................................................................................................... 83
9.3.1 Where to Learn of Industry Trends in Information Security........................................... 83
9.3.2 Evaluating Security Testing Practices for Improvements............................................. 83
10. References......................................................................................................................... 84
| Number | Title | Author | Date | Votes | Views |
| Notice |
ISTQB_CTAL-TM_Syllabus v3.0
admin
|
2025.06.16
|
Votes 0
|
Views 24961131
|
admin | 2025.06.16 | 0 | 24961131 |
| Notice |
CTFL (Certified Tester Foundation Level) Syllabus 4.0
admin
|
2024.09.15
|
Votes 0
|
Views 36366421
|
admin | 2024.09.15 | 0 | 36366421 |
| Notice |
ISTQB Foundation - Certified Tester (2018) : Official Sample Exam Set 2 with Answer (4)
Testersbest
|
2019.06.21
|
Votes 0
|
Views 45189386
|
Testersbest | 2019.06.21 | 0 | 45189386 |
| Notice |
ISTQB Foundation - Certified Tester (2018) : Official Sample Exam Set 1 with Answer (3)
Testersbest
|
2019.06.21
|
Votes 0
|
Views 45643307
|
Testersbest | 2019.06.21 | 0 | 45643307 |
| Notice |
ISTQB Foundation Certified Tester (2018) : New Exam Rule (1)
Testersbest
|
2019.06.21
|
Votes 0
|
Views 46199706
|
Testersbest | 2019.06.21 | 0 | 46199706 |
| Notice |
ISTQB Foundation - Certified Tester Syllabus (2018)
VTB
|
2018.11.14
|
Votes 0
|
Views 46492418
|
VTB | 2018.11.14 | 0 | 46492418 |
| Notice |
ISTQB Advanced Level Syllabus (2016) Security Tester
VTB
|
2018.10.26
|
Votes 0
|
Views 45860350
|
VTB | 2018.10.26 | 0 | 45860350 |
| Notice |
ISTQB Advanced Level Syllabus (2012) Technical Test Analyst
VTB
|
2016.05.06
|
Votes 0
|
Views 45179999
|
VTB | 2016.05.06 | 0 | 45179999 |
| Notice |
ISTQB Advanced Level Syllabus (2012) Test Manager
VTB
|
2016.05.06
|
Votes 0
|
Views 45166193
|
VTB | 2016.05.06 | 0 | 45166193 |
| Notice |
ISTQB Advanced Level Syllabus (2012) Test Analyst
VTB
|
2016.05.06
|
Votes 0
|
Views 45693250
|
VTB | 2016.05.06 | 0 | 45693250 |
| Notice |
ISTQB Glossary of Testing Terms Version:2.2
VTB
|
2016.05.06
|
Votes 0
|
Views 45707738
|
VTB | 2016.05.06 | 0 | 45707738 |
| Notice |
ISTQB Expert Level (CTEL) Syllabus -Test Management (3)
VTB
|
2015.09.13
|
Votes 0
|
Views 45214173
|
VTB | 2015.09.13 | 0 | 45214173 |
| Notice |
ISTQB Expert Level (CTEL) Syllabus - Improving the Testing Process (1)
VTB
|
2015.09.13
|
Votes 0
|
Views 46121645
|
VTB | 2015.09.13 | 0 | 46121645 |
| Notice |
ISTQB Foundation Level (CTFL) Syllabus 2011 (12)
VTB
|
2014.10.11
|
Votes 0
|
Views 45390307
|
VTB | 2014.10.11 | 0 | 45390307 |
| 1258 |
ISTQB CTAL TAE Syllabus v2.0
admin
|
2025.06.16
|
Votes 1
|
Views 24208068
|
admin | 2025.06.16 | 1 | 24208068 |
| 1257 |
ISTQB Question and Answers (Advanced Level)
Steveskok
|
2021.02.07
|
Votes 0
|
Views 46078516
|
Steveskok | 2021.02.07 | 0 | 46078516 |
| 1256 |
ISTQB Certified Tester Foundation Level Syllabus Version 2018 V3.1
(TestExpert)
|
2020.02.03
|
Votes 0
|
Views 45551549
|
(TestExpert) | 2020.02.03 | 0 | 45551549 |
| 1255 |
ISTQB Advanced - Technical Test Analyst Sample Exam
ItSeTsQtB
|
2019.08.08
|
Votes 1
|
Views 45445925
|
ItSeTsQtB | 2019.08.08 | 1 | 45445925 |
| 1254 |
ISTQB Certification and Training Value
^Software^
|
2019.07.22
|
Votes 0
|
Views 46588133
|
^Software^ | 2019.07.22 | 0 | 46588133 |
| 1253 |
ISTQB Foundation - Agile Tester (Sample Exam)
IT-Tester
|
2019.07.08
|
Votes 0
|
Views 44800838
|
IT-Tester | 2019.07.08 | 0 | 44800838 |
| 1252 |
ISTQB Advanced - Technical Test Analyst (Sample Exam)
IT-Tester
|
2019.07.08
|
Votes 0
|
Views 45665370
|
IT-Tester | 2019.07.08 | 0 | 45665370 |
| 1251 |
ISTQB Advanced - Test Analyst (Sample Exam) (1)
IT-Tester
|
2019.07.08
|
Votes 0
|
Views 45950488
|
IT-Tester | 2019.07.08 | 0 | 45950488 |
| 1250 |
Premium Question Paper 4 (3)
iknev
|
2019.02.22
|
Votes 0
|
Views 47032696
|
iknev | 2019.02.22 | 0 | 47032696 |
| 1249 |
Premium Question Paper 3 (6)
iknev
|
2019.02.22
|
Votes 0
|
Views 44954502
|
iknev | 2019.02.22 | 0 | 44954502 |
| 1248 |
Premium Question Paper 1 (2)
iknev
|
2019.02.22
|
Votes 0
|
Views 45856155
|
iknev | 2019.02.22 | 0 | 45856155 |
| 1247 |
ISTQB Question Bank_ Test Manager Sample Question Set 1
iknev
|
2019.02.22
|
Votes 1
|
Views 45765990
|
iknev | 2019.02.22 | 1 | 45765990 |
| 1246 |
ISTQB Certified Tester List (FULL)
VTB
|
2018.10.31
|
Votes 0
|
Views 46099369
|
VTB | 2018.10.31 | 0 | 46099369 |
| 1245 |
ISTQB Agile Exam (Auckland, NZ)
VTB
|
2018.10.28
|
Votes 0
|
Views 46860530
|
VTB | 2018.10.28 | 0 | 46860530 |
| 1244 |
ISTQB Foundation Exam (Auckland, NZ)
VTB
|
2018.10.28
|
Votes 0
|
Views 46225823
|
VTB | 2018.10.28 | 0 | 46225823 |
| 1243 |
ISTQB Foundation Course (Auckland, NZ)
VTB
|
2018.10.28
|
Votes 0
|
Views 45234651
|
VTB | 2018.10.28 | 0 | 45234651 |
| 1242 |
ISTQB Foundation Agile Course (Auckland, NZ)
VTB
|
2018.10.28
|
Votes 0
|
Views 45062158
|
VTB | 2018.10.28 | 0 | 45062158 |
| 1241 |
ISTQB Course + Internship (Auckland, NZ)
VTB
|
2018.10.28
|
Votes 0
|
Views 45975632
|
VTB | 2018.10.28 | 0 | 45975632 |
| 1240 |
ISTQB Expert - Improving the Test Process [Sample Exam & Answer] - ISTQB Official
VTB
|
2018.10.26
|
Votes 0
|
Views 46056189
|
VTB | 2018.10.26 | 0 | 46056189 |
| 1239 |
ISTQB Expert - Test Manager [Sample Exam & Answer] - ISTQB Official (1)
VTB
|
2018.10.26
|
Votes 0
|
Views 45288383
|
VTB | 2018.10.26 | 0 | 45288383 |
| 1238 |
ISTQB Advanced - Technical Test Analyst [Sample Exam & Answer] - ISTQB Official
VTB
|
2018.10.26
|
Votes 0
|
Views 46187180
|
VTB | 2018.10.26 | 0 | 46187180 |
| 1237 |
ISTQB Advanced - Test Analyst [Sample Exam & Answer] - ISTQB Official
VTB
|
2018.10.26
|
Votes 0
|
Views 46037519
|
VTB | 2018.10.26 | 0 | 46037519 |
| 1236 |
ISTQB Advanced - Test Manager [Sample Exam & Answer] - ISTQB Official (1)
VTB
|
2018.10.26
|
Votes 0
|
Views 45822371
|
VTB | 2018.10.26 | 0 | 45822371 |
| 1235 |
ISTQB Foundation - Model Based Tester [Sample Exam & Answers] - ISTQB Official
VTB
|
2018.10.26
|
Votes 0
|
Views 46590093
|
VTB | 2018.10.26 | 0 | 46590093 |
| 1234 |
ISTQB Foundation - Agile Tester [Sample Exam & Answer] - ISTQB Official
VTB
|
2018.10.26
|
Votes 0
|
Views 45351094
|
VTB | 2018.10.26 | 0 | 45351094 |
| 1233 |
ISTQB Foundation - Certified Tester [Sample Exam & Answer] - ISTQB Official (1)
VTB
|
2018.10.26
|
Votes 0
|
Views 45398796
|
VTB | 2018.10.26 | 0 | 45398796 |
| 1232 |
ISTQB Exam Tips and Tricks
VTB
|
2018.10.16
|
Votes 0
|
Views 46204827
|
VTB | 2018.10.16 | 0 | 46204827 |
| 1231 |
ISTQB Foundation Level Quiz 20 Questions (1)
aiitistqb
|
2018.10.16
|
Votes 0
|
Views 47118531
|
aiitistqb | 2018.10.16 | 0 | 47118531 |
| 1230 |
ISTQB Free Sample Exam and Answers
aiitistqb
|
2018.10.16
|
Votes 0
|
Views 46273826
|
aiitistqb | 2018.10.16 | 0 | 46273826 |
| 1229 |
ISTQB Foundation - Agile Extension Online Courses is live!!
VTB
|
2018.10.16
|
Votes 0
|
Views 45555618
|
VTB | 2018.10.16 | 0 | 45555618 |
| 1228 |
ISTQB Foundation Online Courses are Live!!
VTB
|
2018.10.12
|
Votes 0
|
Views 46867119
|
VTB | 2018.10.12 | 0 | 46867119 |
| 1227 |
ISTQB Foundation (Practice Exam)
VTB
|
2018.10.12
|
Votes 0
|
Views 45851955
|
VTB | 2018.10.12 | 0 | 45851955 |
| 1226 |
CTAL TM Questions (23)
ulissesmafra
|
2018.10.09
|
Votes 1
|
Views 46046640
|
ulissesmafra | 2018.10.09 | 1 | 46046640 |
| 1225 |
Syllabus 2012 (2)
ulissesmafra
|
2018.10.09
|
Votes 0
|
Views 46408891
|
ulissesmafra | 2018.10.09 | 0 | 46408891 |
| 1224 |
ISEB & ISTQB EXAM TIPS (3)
Sky Driver
|
2018.09.24
|
Votes 0
|
Views 45447063
|
Sky Driver | 2018.09.24 | 0 | 45447063 |
| 1223 |
Tips for clearing ISTQB Foundation Level Exam (1)
Sky Driver
|
2018.09.24
|
Votes 0
|
Views 46294245
|
Sky Driver | 2018.09.24 | 0 | 46294245 |
| 1222 |
Tips for passing the ISTQB Foundation Level exam – Do’s and Don’t’s
Sky Driver
|
2018.09.24
|
Votes 0
|
Views 45853971
|
Sky Driver | 2018.09.24 | 0 | 45853971 |
| 1221 |
Why do people fail the ISTQB Foundation Certificate? (1)
Sky Driver
|
2018.09.24
|
Votes 0
|
Views 45831371
|
Sky Driver | 2018.09.24 | 0 | 45831371 |
| 1220 |
ISTQB Foundation Mock Exam 2 (3)
peter_hey
|
2018.09.19
|
Votes 3
|
Views 45918163
|
peter_hey | 2018.09.19 | 3 | 45918163 |
| 1219 |
ISTQB Foundation Mock Exam 1 (3)
peter_hey
|
2018.09.19
|
Votes 0
|
Views 45039602
|
peter_hey | 2018.09.19 | 0 | 45039602 |
| 1218 |
What is ISTQB? (1)
master15
|
2018.09.19
|
Votes 0
|
Views 46281057
|
master15 | 2018.09.19 | 0 | 46281057 |
| 1217 |
Syllabus (2)
richp
|
2018.09.18
|
Votes 0
|
Views 46070968
|
richp | 2018.09.18 | 0 | 46070968 |
| 1216 |
Learning Objectives for ISTQB Advanced Level Technical Test Analyst Exam (1)
master15
|
2018.09.16
|
Votes 0
|
Views 45362831
|
master15 | 2018.09.16 | 0 | 45362831 |
| 1215 |
Software Testing Tools used by ISTQB certified Experts like Test Analysts and Technical Test Analysts (2)
master15
|
2018.09.16
|
Votes 0
|
Views 46230700
|
master15 | 2018.09.16 | 0 | 46230700 |
| 1214 |
What are the Advantages of ISTQB Certifications? (1)
master15
|
2018.09.13
|
Votes 0
|
Views 46380362
|
master15 | 2018.09.13 | 0 | 46380362 |
| 1213 |
How many Levels of Certification are provided by ISTQB? (1)
master15
|
2018.09.13
|
Votes 0
|
Views 45854587
|
master15 | 2018.09.13 | 0 | 45854587 |
| 1212 |
Syllabus CTAL-TTA - [BR] (1)
tcorteletti
|
2018.09.09
|
Votes 0
|
Views 45396681
|
tcorteletti | 2018.09.09 | 0 | 45396681 |
| 1211 |
Syllabus CTFL - [BR] (1)
tcorteletti
|
2018.09.09
|
Votes 0
|
Views 45362636
|
tcorteletti | 2018.09.09 | 0 | 45362636 |
| 1210 |
ISTQB Certification – Foundation Level syllabus
Sky Driver
|
2018.09.05
|
Votes 0
|
Views 45644136
|
Sky Driver | 2018.09.05 | 0 | 45644136 |
| 1209 |
Documents to be submitted at the time of registration of ISTQB Advanced Level (2)
Sky Driver
|
2018.09.05
|
Votes 0
|
Views 45658627
|
Sky Driver | 2018.09.05 | 0 | 45658627 |