ISTQB

Loading

ISTQB Advanced Level Syllabus (2016) Security Tester

CTAL (Advanced)
CTAL (Advanced)
Author
VTB
Date
2018-10-26 13:03
Views
18536803

Revision History............................................................................................................................ 3


Table of Contents.......................................................................................................................... 4


Acknowledgements....................................................................................................................... 7


0.    Introduction to this Syllabus.................................................................................................... 8


0.1    Purpose of this Document................................................................................................. 8


0.2    Overview.......................................................................................................................... 8


0.3    Examination...................................................................................................................... 8


0.4    How this Syllabus is Organized.......................................................................................... 8


0.5    Definitions........................................................................................................................ 9


0.6    Level of Detail.................................................................................................................. 9


0.7    Learning Objectives / Level of Knowledge.......................................................................... 9


1    The Basis of Security Testing - 105 mins................................................................................. 11


1.1    Security Risks................................................................................................................. 12


1.1.1    The Role of Risk Assessment in Security Testing....................................................... 12


1.1.2    Asset Identification................................................................................................... 13


1.1.3    Analysis of Risk Assessment Techniques.................................................................. 14


1.2    Information Security Policies and Procedures................................................................... 15


1.2.1    Understanding Security Policies and Procedures........................................................ 15


1.2.2    Analysis of Security Policies and Procedures............................................................ 18


1.3    Security Auditing and Its Role in Security Testing.............................................................. 19


1.3.1    Purpose of a Security Audit...................................................................................... 20


1.3.2    Risk Identification, Assessment and Mitigation........................................................... 21


1.3.3    People, Process and Technology.............................................................................. 24


2.   Security Testing Purposes, Goals and Strategies - 130 mins................................................... 26


2.1    Introduction..................................................................................................................... 27


2.2    The Purpose of Security Testing...................................................................................... 27


2.3    The Organizational Context.............................................................................................. 28


2.4    Security Testing Objectives.............................................................................................. 28


2.4.1 The Alignment of Security Testing Goals....................................................................... 28


2.4.2  Identification of Security Test Objectives.................................................................... 28


2.4.3 The Difference Between Information Assurance and Security Testing.............................. 29


2.5    The Scope and Coverage of Security Testing Objectives................................................... 29


2.6    Security Testing Approaches........................................................................................... 29


2.6.1  Analysis of Security Test Approaches......................................................................... 29


2.6.2    Analysis of Failures in Security Test Approaches....................................................... 30


2.6.3  Stakeholder Identification........................................................................................... 31


2.7    Improving the Security Testing Practices.......................................................................... 31


3. Security Testing Processes - 140 mins...................................................................................... 32


3.1     Security Test Process Definition...................................................................................... 33


3.1.1    ISTQB Security Testing Process................................................................................ 33


3.1.2    Aligning the Security Testing Process to a Particular Application Lifecycle Model........ 35


3.2     Security Test Planning.................................................................................................... 38


3.2.1  Security Test Planning Objectives............................................................................... 38


3.2.2    Key Security Test Plan Elements............................................................................... 38


3.3    Security Test Design....................................................................................................... 39


3.3.1 Security Test Design.................................................................................................... 40


3.3.2 Security Test Design Based on Policies and Procedures............................................... 44


3.4     Security Test Execution.................................................................................................. 45


3.4.1  Key Elements and Characteristics of an Effective Security Test Environment................ 45


3.4.2   The Importance Of Planning and Approvals in Security Testing................................... 46


3.5    Security Test Evaluation.................................................................................................. 46


3.6    Security Test Maintenance............................................................................................... 47


4. Security Testing Throughout the Software Lifecycle -  225 mins................................................. 48


4.1    The Role of Security Testing in a Software Lifecycle......................................................... 49


4.1.1  The Lifecycle View of Security Testing........................................................................ 49


4.1.2  Security-Related Activities in the Software Lifecycle.................................................... 49


4.2    The Role of Security Testing in Requirements................................................................... 52


4.3    The Role of Security Testing in Design............................................................................. 53


4.4    The Role of Security Testing in Implementation Activities................................................... 53


4.4.1  Security Testing During Component Testing................................................................ 53


4.4.2  Security Test Design at the Component Level.............................................................. 54


4.4.3  Analysis of Security Tests at the Component Level...................................................... 54


4.4.4  Security Testing During Component Integration Testing................................................ 55


4.4.5  Security Test Design at the Component Integration Level............................................. 55


4.5    The Role of Security Testing in System and Acceptance Test Activities.............................. 56


4.5.1    The Role of Security Testing in System Testing.......................................................... 56


4.5.2    The Role of Security Testing in Acceptance Testing.................................................... 56


4.6 The Role of Security Testing in Maintenance........................................................................ 56


5.  Testing Security Mechanisms - 240 mins................................................................................. 58


5.1     System Hardening......................................................................................................... 60


5.1.1    Understanding System Hardening.............................................................................. 60


5.1.2    Testing the Effectiveness of System Hardening Mechanisms...................................... 61


5.2     Authentication and Authorization..................................................................................... 61


5.2.1    The Relationship Between Authentication and Authorization......................................... 61


5.2.2    Testing the Effectiveness of Authentication and Authorization Mechanisms................. 62


5.3     Encryption.................................................................................................................... 62


5.3.1    Understanding Encryption......................................................................................... 62


5.3.2    Testing the Effectiveness of Common Encryption Mechanisms.................................. 63


5.4     Firewalls and Network Zones.......................................................................................... 63


5.4.1    Understanding Firewalls............................................................................................ 63


5.4.2    Testing Firewall Effectiveness................................................................................... 64


5.5    Intrusion Detection.......................................................................................................... 64


5.5.1    Understanding Intrusion Detection Tools.................................................................... 64


5.5.2    Testing the Effectiveness of Intrusion Detection Tools............................................... 65


5.6    Malware Scanning........................................................................................................... 65


5.6.1    Understanding Malware Scanning Tools..................................................................... 65


5.6.2    Testing the Effectiveness of Malware Scanning Tools................................................ 65


5.7    Data Obfuscation............................................................................................................ 66


5.7.1    Understanding Data Obfuscation............................................................................... 66


5.7.2    Testing the Effectiveness of Data Obfuscation Approaches....................................... 66


5.8     Training.......................................................................................................................... 67


5.8.1    The Importance of Security Training........................................................................... 67


5.8.2    How to Test the Effectiveness of Security Training..................................................... 67


6.  Human Factors in Security Testing - 105 mins.......................................................................... 68


6.1    Understanding the Attackers............................................................................................ 69


6.1.1    The Impact of Human Behavior on Security Risks....................................................... 69


6.1.2    Understanding the Attacker Mentality......................................................................... 69


6.1.3    Common Motivations and Sources of Computer System Attacks................................ 70


6.1.4    Understanding Attack Scenarios and Motivations....................................................... 70


6.2    Social Engineering.......................................................................................................... 72


6.3    Security Awareness......................................................................................................... 73


6.3.1    The Importance Of Security Awareness...................................................................... 73


6.3.2    Increasing Security Awareness.................................................................................. 73


7.  Security Test Evaluation and Reporting - 70 mins..................................................................... 74


7.1    Security Test Evaluation.................................................................................................. 75


7.2    Security Test Reporting................................................................................................... 75


7.2.1    Confidentiality of Security Test Results...................................................................... 75


7.2.2    Creating Proper Controls and Data Gathering Mechanisms for Reporting Security Test Status….           75


7.2.3    Analyzing Interim Security Test Status Reports........................................................... 75


8.    Security Testing Tools - 55 mins............................................................................................ 77


8.1    Types and Purposes of Security Testing Tools................................................................. 78


8.2    Tool Selection................................................................................................................. 79


8.2.1    Analyzing and Documenting Security Testing Needs................................................... 79


8.2.2    Issues with Open Source Tools................................................................................. 79


8.2.3    Evaluating a Tool Vendor’s Capabilities..................................................................... 80


9.    Standards and Industry Trends - 40 mins.............................................................................. 81


9.1    Understanding Security Testing Standards........................................................................ 82


9.1.1    The Benefits of Using Security Testing Standards...................................................... 82


9.1.2    Applicability of Standards in Regulatory Versus Contractual Situations....................... 82


9.1.3    Selection of Security Standards................................................................................ 82


9.2    Applying Security Standards............................................................................................ 82


9.3    Industry Trends............................................................................................................... 83


9.3.1    Where to Learn of Industry Trends in Information Security........................................... 83


9.3.2    Evaluating Security Testing Practices for Improvements............................................. 83


10.    References......................................................................................................................... 84




 

Total Reply 0

Total 1,270
Number Title Author Date Votes Views
Notice
CTFL (Certified Tester Foundation Level) Syllabus 4.0
admin | 2024.09.15 | Votes 0 | Views 8532251
admin 2024.09.15 0 8532251
Notice
ISTQB Foundation - Certified Tester (2018) : Official Sample Exam Set 2 with Answer (4)
Testersbest | 2019.06.21 | Votes 0 | Views 17634071
Testersbest 2019.06.21 0 17634071
Notice
ISTQB Foundation - Certified Tester (2018) : Official Sample Exam Set 1 with Answer (3)
Testersbest | 2019.06.21 | Votes 0 | Views 18340522
Testersbest 2019.06.21 0 18340522
Notice
ISTQB Foundation Certified Tester (2018) : New Exam Rule (1)
Testersbest | 2019.06.21 | Votes 0 | Views 18271046
Testersbest 2019.06.21 0 18271046
Notice
ISTQB Foundation - Certified Tester Syllabus (2018)
VTB | 2018.11.14 | Votes 0 | Views 18324459
VTB 2018.11.14 0 18324459
Notice
ISTQB Advanced Level Syllabus (2016) Security Tester
VTB | 2018.10.26 | Votes 0 | Views 18536803
VTB 2018.10.26 0 18536803
Notice
ISTQB Advanced Level Syllabus (2012) Technical Test Analyst
VTB | 2016.05.06 | Votes 0 | Views 18254568
VTB 2016.05.06 0 18254568
Notice
ISTQB Advanced Level Syllabus (2012) Test Manager
VTB | 2016.05.06 | Votes 0 | Views 18155692
VTB 2016.05.06 0 18155692
Notice
ISTQB Advanced Level Syllabus (2012) Test Analyst
VTB | 2016.05.06 | Votes 0 | Views 18127367
VTB 2016.05.06 0 18127367
Notice
ISTQB Glossary of Testing Terms Version:2.2
VTB | 2016.05.06 | Votes 0 | Views 18021520
VTB 2016.05.06 0 18021520
Notice
ISTQB Expert Level (CTEL) Syllabus -Test Management (3)
VTB | 2015.09.13 | Votes 0 | Views 17935066
VTB 2015.09.13 0 17935066
Notice
ISTQB Expert Level (CTEL) Syllabus - Improving the Testing Process (1)
VTB | 2015.09.13 | Votes 0 | Views 18466913
VTB 2015.09.13 0 18466913
Notice
ISTQB Foundation Level (CTFL) Syllabus 2011 (12)
VTB | 2014.10.11 | Votes 0 | Views 17925992
VTB 2014.10.11 0 17925992
1257
ISTQB Question and Answers (Advanced Level)
Steveskok | 2021.02.07 | Votes 0 | Views 17792064
Steveskok 2021.02.07 0 17792064
1256
ISTQB Certified Tester Foundation Level Syllabus Version 2018 V3.1
(TestExpert) | 2020.02.03 | Votes 0 | Views 17800641
(TestExpert) 2020.02.03 0 17800641
1255
ISTQB Advanced - Technical Test Analyst Sample Exam
ItSeTsQtB | 2019.08.08 | Votes 0 | Views 18682467
ItSeTsQtB 2019.08.08 0 18682467
1254
ISTQB Certification and Training Value
^Software^ | 2019.07.22 | Votes 0 | Views 18423142
^Software^ 2019.07.22 0 18423142
1253
ISTQB Foundation - Agile Tester (Sample Exam)
IT-Tester | 2019.07.08 | Votes 0 | Views 17772241
IT-Tester 2019.07.08 0 17772241
1252
ISTQB Advanced - Technical Test Analyst (Sample Exam)
IT-Tester | 2019.07.08 | Votes 0 | Views 18453382
IT-Tester 2019.07.08 0 18453382
1251
ISTQB Advanced - Test Analyst (Sample Exam) (1)
IT-Tester | 2019.07.08 | Votes 0 | Views 17724955
IT-Tester 2019.07.08 0 17724955
1250
Premium Question Paper 4 (3)
iknev | 2019.02.22 | Votes 0 | Views 18245849
iknev 2019.02.22 0 18245849
1249
Premium Question Paper 3 (6)
iknev | 2019.02.22 | Votes 0 | Views 18337571
iknev 2019.02.22 0 18337571
1248
Premium Question Paper 1 (2)
iknev | 2019.02.22 | Votes 0 | Views 18111480
iknev 2019.02.22 0 18111480
1247
ISTQB Question Bank_ Test Manager Sample Question Set 1
iknev | 2019.02.22 | Votes 0 | Views 18085212
iknev 2019.02.22 0 18085212
1246
ISTQB Certified Tester List (FULL)
VTB | 2018.10.31 | Votes 0 | Views 18630870
VTB 2018.10.31 0 18630870
1245
ISTQB Agile Exam (Auckland, NZ)
VTB | 2018.10.28 | Votes 0 | Views 18825967
VTB 2018.10.28 0 18825967
1244
ISTQB Foundation Exam (Auckland, NZ)
VTB | 2018.10.28 | Votes 0 | Views 17993689
VTB 2018.10.28 0 17993689
1243
ISTQB Foundation Course (Auckland, NZ)
VTB | 2018.10.28 | Votes 0 | Views 18308737
VTB 2018.10.28 0 18308737
1242
ISTQB Foundation Agile Course (Auckland, NZ)
VTB | 2018.10.28 | Votes 0 | Views 18244889
VTB 2018.10.28 0 18244889
1241
ISTQB Course + Internship (Auckland, NZ)
VTB | 2018.10.28 | Votes 0 | Views 18336085
VTB 2018.10.28 0 18336085
1240
ISTQB Expert - Improving the Test Process [Sample Exam & Answer] - ISTQB Official
VTB | 2018.10.26 | Votes 0 | Views 17847861
VTB 2018.10.26 0 17847861
1239
ISTQB Expert - Test Manager [Sample Exam & Answer] - ISTQB Official (1)
VTB | 2018.10.26 | Votes 0 | Views 18237017
VTB 2018.10.26 0 18237017
1238
ISTQB Advanced - Technical Test Analyst [Sample Exam & Answer] - ISTQB Official
VTB | 2018.10.26 | Votes 0 | Views 18251309
VTB 2018.10.26 0 18251309
1237
ISTQB Advanced - Test Analyst [Sample Exam & Answer] - ISTQB Official
VTB | 2018.10.26 | Votes 0 | Views 18975014
VTB 2018.10.26 0 18975014
1236
ISTQB Advanced - Test Manager [Sample Exam & Answer] - ISTQB Official (1)
VTB | 2018.10.26 | Votes 0 | Views 17879967
VTB 2018.10.26 0 17879967
1235
ISTQB Foundation - Model Based Tester [Sample Exam & Answers] - ISTQB Official
VTB | 2018.10.26 | Votes 0 | Views 18944268
VTB 2018.10.26 0 18944268
1234
ISTQB Foundation - Agile Tester [Sample Exam & Answer] - ISTQB Official
VTB | 2018.10.26 | Votes 0 | Views 18005233
VTB 2018.10.26 0 18005233
1233
ISTQB Foundation - Certified Tester [Sample Exam & Answer] - ISTQB Official (1)
VTB | 2018.10.26 | Votes 0 | Views 18013658
VTB 2018.10.26 0 18013658
1232
ISTQB Exam Tips and Tricks
VTB | 2018.10.16 | Votes 0 | Views 18230597
VTB 2018.10.16 0 18230597
1231
ISTQB Foundation Level Quiz 20 Questions (1)
aiitistqb | 2018.10.16 | Votes 0 | Views 19074969
aiitistqb 2018.10.16 0 19074969
1230
ISTQB Free Sample Exam and Answers
aiitistqb | 2018.10.16 | Votes 0 | Views 18526519
aiitistqb 2018.10.16 0 18526519
1229
ISTQB Foundation - Agile Extension Online Courses is live!!
VTB | 2018.10.16 | Votes 0 | Views 18163141
VTB 2018.10.16 0 18163141
1228
ISTQB Foundation Online Courses are Live!!
VTB | 2018.10.12 | Votes 0 | Views 18773677
VTB 2018.10.12 0 18773677
1227
ISTQB Foundation (Practice Exam)
VTB | 2018.10.12 | Votes 0 | Views 17908867
VTB 2018.10.12 0 17908867
1226
CTAL TM Questions (23)
ulissesmafra | 2018.10.09 | Votes 1 | Views 18357926
ulissesmafra 2018.10.09 1 18357926
1225
Syllabus 2012 (2)
ulissesmafra | 2018.10.09 | Votes 0 | Views 17865782
ulissesmafra 2018.10.09 0 17865782
1224
ISEB & ISTQB EXAM TIPS (3)
Sky Driver | 2018.09.24 | Votes 0 | Views 17900754
Sky Driver 2018.09.24 0 17900754
1223
Tips for clearing ISTQB Foundation Level Exam (1)
Sky Driver | 2018.09.24 | Votes 0 | Views 18677122
Sky Driver 2018.09.24 0 18677122
1222
Tips for passing the ISTQB Foundation Level exam – Do’s and Don’t’s
Sky Driver | 2018.09.24 | Votes 0 | Views 18876977
Sky Driver 2018.09.24 0 18876977
1221
Why do people fail the ISTQB Foundation Certificate? (1)
Sky Driver | 2018.09.24 | Votes 0 | Views 18208913
Sky Driver 2018.09.24 0 18208913
1220
ISTQB Foundation Mock Exam 2 (3)
peter_hey | 2018.09.19 | Votes 3 | Views 18689134
peter_hey 2018.09.19 3 18689134
1219
ISTQB Foundation Mock Exam 1 (3)
peter_hey | 2018.09.19 | Votes 0 | Views 17895938
peter_hey 2018.09.19 0 17895938
1218
What is ISTQB? (1)
master15 | 2018.09.19 | Votes 0 | Views 18204505
master15 2018.09.19 0 18204505
1217
Syllabus (2)
richp | 2018.09.18 | Votes 0 | Views 18776178
richp 2018.09.18 0 18776178
1216
Learning Objectives for ISTQB Advanced Level Technical Test Analyst Exam (1)
master15 | 2018.09.16 | Votes 0 | Views 17744697
master15 2018.09.16 0 17744697
1215
Software Testing Tools used by ISTQB certified Experts like Test Analysts and Technical Test Analysts (2)
master15 | 2018.09.16 | Votes 0 | Views 18933890
master15 2018.09.16 0 18933890
1214
What are the Advantages of ISTQB Certifications? (1)
master15 | 2018.09.13 | Votes 0 | Views 18591264
master15 2018.09.13 0 18591264
1213
How many Levels of Certification are provided by ISTQB? (1)
master15 | 2018.09.13 | Votes 0 | Views 18652162
master15 2018.09.13 0 18652162
1212
Syllabus CTAL-TTA - [BR] (1)
tcorteletti | 2018.09.09 | Votes 0 | Views 17705534
tcorteletti 2018.09.09 0 17705534
1211
Syllabus CTFL - [BR] (1)
tcorteletti | 2018.09.09 | Votes 0 | Views 18324148
tcorteletti 2018.09.09 0 18324148
1210
ISTQB Certification – Foundation Level syllabus
Sky Driver | 2018.09.05 | Votes 0 | Views 18226293
Sky Driver 2018.09.05 0 18226293
1209
Documents to be submitted at the time of registration of ISTQB Advanced Level (2)
Sky Driver | 2018.09.05 | Votes 0 | Views 18180753
Sky Driver 2018.09.05 0 18180753
1208
The prerequisites for applying for the ISTQB Advanced Level (1)
Sky Driver | 2018.09.05 | Votes 0 | Views 18287616
Sky Driver 2018.09.05 0 18287616