ISO/IEC 27034 Certified Lead Auditor

Formations ISO/IEC 27034 Certified Lead Auditor

OBJECTIF

The ISO / IEC 27034 Lead Auditor Course will provide you with the expertise to perform Application Security (AS) audits using generally accepted auditing principles, procedures, and techniques. During this training, you will gain the knowledge and skills to plan and perform application security audits. Through hands-on exercises, you will be able to master auditing techniques and have the skills to manage an audit program, audit team, client communication and conflict resolution.

In particular, the objectives of the training are:

  • Explain the correlation between ISO / IEC 27034 and other standards and regulatory frameworks.
  • Know how to lead an audit and an audit team.

PREREQUISITES

• No

GENERAL INFORMATION

• Code : ISO/IEC 27034
• Durée : 5 Days
• schedule : 8h30 - 17h30
• place : training center, Center Urbain Nord

TARGETED AUDIENCE

• Anyone responsible for maintaining compliance with the application security requirements of the organization
• Auditors wishing to conduct and conduct security audits of applications

RESOURCES

• Course materials
• 40% demonstration
• 40% of theory
• 20% practical exercises

PROGRAM OF TRAINING

  • Days 1
  • Introduction to Application Security and ISO / IEC 27034
  • • Objectives and structure of the training
    • Normative and regulatory frameworks
    • Validation process
    • Fundamentals of Application Security
    • Overview of application security

  • Days 2
  • Principles, preparation and triggering of an application security audit
  • • Business Risks to Application Threats
    • Understand vulnerabilities
    • Discover the vulnerabilities
    • Test methods
    • Session Management
    • Authentication issues
    • Authorization issues
    • Specification of tools

  • Days 3
  • Application security audit activities
  • • Best practices in application security
    • Code evaluation techniques
    • Analyze the flow of information across the entire application environment
    • Validation of data
    • Cryptography
    • Dynamic tests or random data tests (Fuzzing)
    • Define quality gates / bug bar
    • Analyze security and privacy risks

  • Days 4
  • Closing the Application Security Audit
  • • Check the threat / attack surface models
    • Threat modeling
    • Imposing prohibited functions
    • Static Analysis
    • Intervention plan
    • Final Review of Security
    • Competence and assessment of auditors
    • Closing the training

  • Days 5
  • Passing the exam
  • Download the document

Do not hesitate to contact our experts for any additional information, study and free calculation of an audit service.