Home About
Services
Consulting and Expertise Security Management Security Governance Business Continuity Security Awareness
Formations
SECURITE OFFENSIVE - ETHICAL HACKING
Cybersecurity Awareness Hacking & Security: Fundamentals Hacking & Security: Advanced Hacking & Security: Expert Certified Ethical Hacker v10 Penetration Testing: Audit Simulation Web Site Audit Social Engineering and Countermeasures Conducting a Security Audit: SI Audit Method Certified Web Application Security Pentester Python for Pentesting Advanced Exploitation with Metasploit Certified of Cloud Security Knowledge Intelligent Android Application Testing Computer Hacking Forensic Investigator v9
INFORENSIQUE
Computer Hacking Forensic Investigator v9 Advanced Forensic Analysis and Incident Response Mobile Device Forensics
MANAGEMENT
ISO 27001: Certified Lead Implementer ISO 27001: Certified Lead Auditor ISO 27005: Certified Risk Manager ISO 27005: Certified Risk Manager + EBIOS Method Certified Information Systems Auditor Certified Information Systems Security Professional Certified Data Protection Officer Certified Information Security Manager ISO 31000: Certified Risk Management ISO/IEC 22301 Certified Lead Auditor ISO/IEC 22301 Certified Lead Implementer ISO/IEC 27032 Certified Cybersecurity Manager ISO/IEC 27034 Certified Lead Auditor ISO/IEC 27034 Certified Lead Implementer ISO/IEC 27035 Lead Incident Manager Certified Lead Pen Test Professional ISO 9001 Certified Lead Auditor ISO 9001 Certified Lead Implementer
SECURITE DEFENSIVE
Android Device Security Awareness >Linux Security Windows Security Network Security Technology Watch Security SIEM Implementation Secure Web Development: Python Session Secure Web Development: PHP Session
Team Contact

Language

FR EN AR
Home / Training / ISO/IEC 27034 Certified Lead Auditor

ISO/IEC 27034 Certified Lead Auditor

Become an expert in application security auditing according to ISO/IEC 27034.

Application Security Audit
ISO/IEC 27034
Lead Auditor

Objective

The ISO/IEC 27034 Lead Auditor training enables you to acquire the necessary expertise to perform application security (SA) audits by applying recognized audit principles, procedures and techniques. You will learn to plan and conduct application security audits, manage an audit program, a team, client communication and conflict resolution.

Specific objectives:

  • Explain the correlation between ISO/IEC 27034 and other standards and regulatory frameworks
  • Know how to lead an audit and an audit team

Prerequisites

  • None

General Information

  • Code: ISO/IEC 27034
  • Duration: 5 days
  • Schedule: 8:30 AM - 5:30 PM
  • Location: Training center, North Urban Center

Target audience

  • Anyone responsible for maintaining compliance with application security requirements
  • Auditors wishing to perform and lead application security audits

Resources

  • Course materials
  • 40% demonstration
  • 40% theory
  • 20% practical exercises

Training Program

  • Day 1: Introduction to application security and ISO/IEC 27034 standard
    • Training objectives and structure
    • Normative and regulatory frameworks
    • Validation process
    • Fundamental principles of application security
    • General overview of application security
  • Day 2: Principles, preparation and initiation of an application audit
    • Business risks facing application threats
    • Understanding and discovering vulnerabilities
    • Testing methods
    • Session management
    • Authentication and authorization issues
    • Tool specifications
  • Day 3: Application security audit activities
    • Best practices in application security
    • Code evaluation techniques
    • Information flow analysis
    • Data validation
    • Cryptography
    • Dynamic testing (fuzzing)
    • Defining quality gates/bug bar
    • Security and privacy risk analysis
  • Day 4: Closing the application audit
    • Verification of threat models/attack surface
    • Threat modeling
    • Enforcing forbidden functions
    • Static analysis
    • Intervention plan
    • Final security review
    • Auditor competence and evaluation
    • Training closure
  • Day 5: Exam
Download PDF Program

Do not hesitate to contact our experts for any additional information, free study and calculation of an audit service.

Information security is essential for any company that must protect and improve its information assets.

Contact us