News about software testing, software testers and certification
Exam information
Request information
Subscribe to the
free e-newsletter
ISTQB exam syllabi
ISTQB glossary
List of Certified Testers

 

2013 Issue #1

In this issue of "ISTQB Certification News," learn why security testing is increasingly important to our industry – and your career.

Articles in this issue:


Security Testing as an Expert Specialty

A Free ASTQB Webinar: “The New ISTQB Advanced Syllabus: A Career Ladder for Test Managers and Testers”

ISTQB Foundation E-Book Now Available

New Business Analyst Certification Soon Available

Reader Comment: “Good Stuff”

News and Offers from ASTQB Accredited Course Providers

See You at These Upcoming Events

 

Security Testing as an Expert Specialty

Randall Rice, CTAL
Leader of the ISTQB Expert Security Testing Working Group

Software testers are looking at a future with many challenges, but also opportunities. The role of testers is not just functional testing anymore. More and more organizations are looking for testers with skills in mobile testing, test automation, performance testing and security testing.
If you examine where technology seems to be heading, it’s all about mobile, the cloud and security.

Traditionally, many testers have stayed in the domain of functional testing. However, as technology is changing the clear trend is toward testers that have specialties.

To meet this need the ISTQB is developing expert level certifications in areas such as test automation, test process improvement, test management and security testing.

Why Security Testing as an Expert Level Certification?

In this article, I want to explore with you the need for the expert level security testing certification and what the certification includes.

There are many prominent security certifications available such as the Certified Information Systems Security Professional (CISSP) and Security+. There are also degree programs in Information Assurance and Security. One of the missing pieces, however, is a certification focused specifically on how to test the implementation of information security measures.

Many organizations have either outsourced the security testing effort, made it a small subset of functional testing, or have ignored it altogether. It is interesting that even with the availability of many security technologies, security and privacy breaches still occur. There is clearly work to be done to effectively protect digital assets. It is not just the security team’s job, or the test team’s job, or the vendor’s job – but it is everyone’s job.

Why Security Testing?

Much like quality, until individuals fully take to heart the need for privacy, there will still be lapses and breaches. For example, all the firewalls and encryption levels in the world are no match for the human with a username and password written on a sticky note!

Then there is the correct and effective implementation of security measures, which testing can verify and validate.  Like airbags in the back seat of a vehicle, a security measure is useless if it applied in the wrong areas of a system.

However, there are ways to test the effective implementation of technical security controls and the following of internal controls. These tests can be designed and performed by people who know the underlying principles and standards of information security.

Furthermore, more and more organizations are being subject to laws and regulations regarding security practices. While there are no regulations around the level of training need to be a security tester, there are regulations in the DoD requiring certification of people working with secure networks and applications.

The ISTQB Expert Level Security Testing certification is a step toward giving a way to do that in the testing realm for organizations that do have the requirement to show due diligence in information security.

The Outlook

Lessons learned indicate that the cyber attackers stay a step ahead of the security professionals. The threat of cyber terror is getting nothing but larger. With new technologies such as mobile and the cloud come many new security concerns.

Hardly a day goes by that security and privacy breaches are in the news. Not only are these events becoming more common, they can be very expensive are erode a company’s reputation.

On January 31, Homeland Security Janet Napolitano called for the United States Congress to take action. "We shouldn't wait until there is a 9/11 in the cyber world," Napolitano told reporters. "There are things we can and should be doing right now that, if not prevent, would mitigate the extent of damage."

This is not a threat just to the United States. These security threats extend to nearly every part of every country’s infrastructure, such as banking, energy and defense.

The team of writers for the ISTQB Expert Security Testing Syllabus are international, which gives a global perspective to the security testing processes covered.

What is an Expert?

The ISTQB sees an expert as “a person with the special skills and knowledge representing mastery of a particular testing subject. Being a testing expert means possessing and displaying special skills and knowledge derived from training and experience and being able to apply that knowledge in real-life situations.

A testing expert is one that combines a broad understanding of testing in general with an in-depth understanding in a special test area. An in-depth understanding means sufficient knowledge of testing theory and practice to be able to influence the direction that an organization and/or project takes when creating, implementing and executing testing activities related to the special area.”

Conclusion

The basis for good testing is a strong foundation of knowledge, which certification can help achieve. In specialty areas such as security testing, a deeper dive is needed to understand the details of what it takes to align security testing with organizational security requirements and to test the effective application of security measures.

Companies that take proactive steps toward better information security will build trust with their customers, while those who don’t will be in reaction mode after a security breach has occurred.

We believe that the ISTQB Expert Level Security Testing certification is a big step in the right direction of better information security, not only for building the knowledge of individual testers, but for the organizations that hire them.

Randall (Randy) W. Rice is a thought-leading author, speaker and consultant in the field of software testing and software quality. Rice, a Certified Quality Analyst (CSQA), Certified Software Tester - QAI (CSTE), Certified Tester - Foundation Level (CTFL - ASTQB), Certified Tester - Advanced Level (Full - Test Manager, Test Analyst, Technical Test Analyst) and a Fellow of the Life Office Management Association (FLMI), has worked with organizations worldwide to improve the quality of their information systems and optimize their testing processes. You can contact him at http://riceconsulting.com.

 

A Free ASTQB Webinar: “The New ISTQB Advanced Syllabus: A Career Ladder for Test Managers and Testers”

Monday, March 11, 3:00 p.m. ET

The International Software Testing Qualification Board (ISTQB) has already effected profound change in the software testing field, with over 250,000 people having attained Foundation certification.  But a Foundation certification is just that: only a Foundation.  The ISTQB Advanced program is achieving great success, with tens of thousands of people getting one or more of the Advanced certifications. Now the ISTQB has made that program even better, releasing a new version, more streamlined, more market-friendly version of the Advanced syllabus in October 2012.  In this webinar, Rex Black, co-author of the new Advanced syllabus, will explain what’s new and what’s great about the ISTQB Advanced syllabus, and how it can guide you, your testing colleagues, and your organization toward better testing, reduced risk, and higher quality.

Rex Black

About the Speaker: With 30 years of software and systems engineering experience, Rex Black, CTAL is President of RBCS (www.rbcs-us.com), a leader in software, hardware, and systems testing. Rex is the past President of the International Software Testing Qualifications Board (ISTQB) and of the American Software Testing Qualifications Board (ASTQB).  His popular first book, Managing the Testing Process, has sold over 50,000 copies around the world and is now in its third edition. He is the author of ten other books on testing, as well as more than forty articles. Rex is a popular speaker at conferences and events around the world.

Register now for this free webinar

 

ISTQB Foundation E-Book Now Available

Do you prefer EPUB or MOBI formats instead of PDF? We are excited to announce the ISTQB Foundation Level Certification Syllabus is now available in EPUB and MOBI formats, as well as PDF format. Get them on the ASTQB website. The Advanced version will also soon be available in these formats.

 

New Business Analyst Certification Soon Available

ASTQB has agreed on cooperation with the International Business Analyst Qualifications Board (IBAQB) and the Requirements Engineering Qualifications Board (REQB). The ASTQB will be the national IBAQB and REQB board in the U.S., and ASTQB will be the single point of contact for IBAQB and REQB exams and accreditations in America.

Judy McKay, president of the ASTQB, said, “Business Analysis and Requirements Engineering are becoming more and more important in US. We are seeing a significant overlap in the duties of business analysts and software testers.  Improving the foundational business analysis knowledge for both groups is important for the production and maintenance of quality software.  IBAQB and REQB target the needs of these groups and allow the ASTQB to address this growing market demand.”

Learn more about the IBAQB business analyst certification

 

Reader Comment: “Good Stuff”

Editor's note:  We enjoy receiving insightful comments from our readers.  The following comment was in response to the article, “Ask the Instructor FAQ,” in which longtime software testing instructor Ed Weller wrote about the lack of development managers and developers in the Foundation Level classes.

“Good stuff.  Having spent a decade plus in QA doing automated regression testing, I can tell you absolutely that the ball gets dropped on the development side of the quality equation all of the time.  Rework accounts for a huge amount of the cost.  Routinely you have to fight the 'throw it over the wall' mentality, even with seasoned developers that should know better.  This leads me to believe that testing certification and education should be company wide including tech writers, marketing, executive staff and anyone else involved in production and distribution of software.  In order to truly get a handle on quality improvement, all parties need to know where the bottlenecks and problems actually exist.  If I were running a software company, the course I took in preparation for the Foundation level exam would be a requirement for all, especially executive management.  Without a understanding of the how it all works and fits together, management is easily deceived.” - Dave Hastings

 

News and Offers from ASTQB Accredited Course Providers

Rice Consulting Services: Rice Consulting Services is offering a special bonus on Foundation Level e-learning team pricing. Enroll five or more people in pre-recorded e-learning CTFL training and get one extra registration free, including exams and textbooks. Use code "ASTQB2013" at www.mysoftwaretesting.com when purchasing the 5-person enrollment.

RBCS: RBCS has all three ISTQB Advanced Level courses accredited and on the 2013 schedule!  Register for any ISTQB Advanced Level Public course in 2013 and receive a 15% discount on total tuition.  Enter code April19ADV in the promo code field in your cart.  Discount will be reflected on final receipt.  Offer expires April 19, 2013. http://www.rbcs-us.com

ALP International (ALPI): Exclusive offer to ASTQB Newsletter readers: Sign-up for ALPI’s ISTQB Certification Training class, April 22-24, 2013, and receive a 20% discount toward any HP Test Tools class (QuickTest Pro, Quality Center, LoadRunner). NEW for 2013: ISTQB Advanced Level Certification Training (Test Manager, Test Analyst, Technical Test Analyst). Contact our Training & Education team at training@alpi.com or 301-654-9200 ext. 403.

SQE Training: SQE Training – Spring into Savings with our eSoftware Tester Certification—Foundation Level course offer and get half off a second eLearning registration using promo code SPRING. Offer expires March 31, 2013. Click here for details. Prefer traditional classroom training? Check out our over 40 public Software Tester Certification—Foundation Level classes here.

ASPE-SDLC: Save 20% on Agile Testing Training. Transition sound traditional test practices into an Agile development environment. Just enough, just in time, with responsive high-level quality. ASTQB certified individuals save 20% with code ASTQB20. You will learn how traditional test practices impede the speed of software delivery and how an Agile testing approach enhances delivery speed and improves quality. Learning the goals of Agile will help you transition, implement and monitor testing in an Agile testing environment.

 

See You at These Upcoming Events

If you are headed to any of these upcoming events, be sure to stop by and say hello to the ASTQB staff and volunteers!

  • STAREAST, May 1-2.  Save up to $600 off your conference registration using the discount code ATEV by March 1st.
  • Software Test Professionals Conference (STP Con), April 22-25. Register by March 1st to save up to $500.00 (no code required).

 

What Would You Like to Learn About?
As always, we welcome your feedback and criticism. Let us know what we can do to help make you and your company better at software testing at info@astqb.org.

About ISTQB Certification News
ISTQB Certification News is a free software testing newsletter from ASTQB providing news, analysis, and interviews for the software tester community. Feel free to forward to colleagues or ask them to subscribe at: <http://www.astqb.org/sections/newsletter.php>

Non-profit, non-commercial publications and Web sites may reprint or link to articles if full credit is given. Publication, product, and company names may be registered trademarks of their companies.

Copyright 2013 American Software Testing Qualifications Board, Inc. (ASTQB) 12000 N. Dale Mabry Hwy., Suite 110 Tampa, FL 33618 USA Phone 813.319.0890 Fax 813.968.3597 info@astqb.org www.astqb.org

If you want to change your address, use this link: <http://www.astqb.org/sections/information.php>