Security Testing Orchestration Certifications
Seamlessly integrate security scanners and orchestrate tests anywhere across your build pipelines. Enable developers to rapidly remediate vulnerabilities through intelligent prioritization and deduplication.
- For Developers
- For Administrators
- For Architects
Prepare for the Exam
Get Certified | Harness Expert
Security Testing Orchestration - Developer (BETA COMING SOON)
Product version: Security Testing Orchestration Free/Team PlansReview Study Guide (BETA)
Assesses the fundamental skills to deploy your applications with STO projects.
| Objective | Material |
|---|---|
| 1. Introduction to Harness Security Testing Orchestration | |
| Explain the importance of security testing in modern software development. | Harness Security Testing Orchestration (STO) Overview |
| Describe the common issues in current security testing practices, including manual and standalone scanning, slow identification of vulnerabilities, siloed visibility, and inconsistent governance. | Common Scanning Problems |
| 2. Setting up the Environment | |
| Install and configure Harness Security Testing Orchestration on a local development environment. | Onboarding Guide |
| Connect Harness Security Testing Orchestration to version control systems (e.g., Git) and CI/CD pipelines, emphasizing the integration aspect to address manual and standalone scanning. | Set up a build infrastructure for STO |
| 3. Creating Test Plans | |
| Create a basic security test plan using Harness Security Testing Orchestration. | Create a base pipeline for STO |
| Define test scenarios, including target applications, endpoints, and test inputs, with a focus on automation to eliminate delays. | Targets, baselines, and variants in STO |
| 4. Test Automation | |
| Implement basic security tests, such as OWASP Top Ten vulnerabilities scanning, and automate them within CI/CD pipelines to address the issue of delayed identification of vulnerabilities. | Orchestrate scans and ingest data |
| Integrate third-party security testing tools into Harness Security Testing Orchestration to expand automated scanning capabilities. | Ingest scan results from unsupported scanners into Harness STO |
| 5. Test Execution and Reporting | |
| Execute security tests within a CI/CD pipeline as gate checks, ensuring that vulnerabilities are identified before release. | Create a base pipeline for STO |
| Analyze and interpret security test results and generate reports, promoting visibility into vulnerabilities throughout the development process. | View and troubleshoot vulnerabilities |
| 6. Integration and Extensibility | |
| Customize security testing workflows in Harness Security Testing Orchestration to align with specific release processes, addressing inconsistent governance. | Run an Orchestrated scan in an STO Pipeline |
| Integrate additional security testing tools or plugins seamlessly to consolidate scanning efforts. | Create an integrated STO/CI pipeline |
| 7. Security Best Practices | |
| Apply security best practices to code and infrastructure within the CI/CD pipeline, ensuring that scans are integrated into the release process. | STO Key Concepts |
| Implement security testing as an integral part of the software development lifecycle, avoiding siloed visibility. | STO setup procedures |
| 8. Compliance and Regulations | |
| Understand and adhere to relevant compliance standards (e.g., GDPR, HIPAA) in security testing. | Set up target baselines in STO |
| Ensure that security testing processes align with regulatory requirements, emphasizing the importance of integration and governance. | Use governance policies and security scan results to stop STO pipelines automatically |
| 9. Troubleshooting and Debugging | |
| Identify and resolve common issues and errors in security testing, including problems related to integration and automation. | Discover and remediate issues in an STO scan |
| Debug integration problems between Harness Security Testing Orchestration and other tools to maintain a smooth CI/CD pipeline. | Discover and remediate issues in an STO scan |
| 10. Performance Optimization | |
| Optimize security testing processes for efficiency and speed within the CI/CD pipeline. | STO Troubleshooting Guide |
| Implement caching and parallelization strategies for security tests to address the issue of speed and delays in vulnerability identification. | STO ingestion workflows |
Exam Details (BETA)
The Security Testing Orchestration(STO) Developer exam tests your knowledge and skills of the Harness Security Testing Orchestration module.
Prerequisites
- Basic terminal skills
- Basic understanding of on-premise or cloud architecture
Exam Details
| Exam Type | Duration |
|---|---|
| Knowledge Exam | 90 minutes |
| Covered Domain | Coverage |
|---|---|
| Introduction to Harness Security Testing Orchestration | 10% |
| Setting up the Environment | 10% |
| Creating Test Plans | 10% |
| Test Automation | 15% |
| Test Execution and Reporting | 15% |
| Integration and Extensibility | 10% |
| Security Best Practices | 10% |
| Compliance and Regulations | 5% |
| Troubleshooting and Debugging | 10% |
| Performance Optimization | 5% |
Exam Objectives
List of Objectives
The following is a detailed list of exam objectives:
| # | Objective |
|---|---|
| 1 | Introduction to Harness Security Testing Orchestration |
| 1.1 | Explain the importance of security testing in modern software development. |
| 1.2 | Describe the common issues in current security testing practices, including manual and standalone scanning, slow identification of vulnerabilities, siloed visibility, and inconsistent governance. |
| 2 | Setting up the Environment |
| 2.1 | Install and configure Harness Security Testing Orchestration on a local development environment. |
| 2.2 | Connect Harness Security Testing Orchestration to version control systems (e.g., Git) and CI/CD pipelines, emphasizing the integration aspect to address manual and standalone scanning. |
| 3 | Creating Test Plans |
| 3.1 | Create a basic security test plan using Harness Security Testing Orchestration. |
| 3.2 | Define test scenarios, including target applications, endpoints, and test inputs, with a focus on automation to eliminate delays. |
| 4 | Test Automation |
| 4.1 | Implement basic security tests, such as OWASP Top Ten vulnerabilities scanning, and automate them within CI/CD pipelines to address the issue of delayed identification of vulnerabilities. |
| 4.2 | Integrate third-party security testing tools into Harness Security Testing Orchestration to expand automated scanning capabilities. |
| 5 | Test Execution and Reporting |
| 5.1 | Execute security tests within a CI/CD pipeline as gate checks, ensuring that vulnerabilities are identified before release. |
| 5.2 | Analyze and interpret security test results and generate reports, promoting visibility into vulnerabilities throughout the development process. |
| 6 | Integration and Extensibility |
| 6.1 | Customize security testing workflows in Harness Security Testing Orchestration to align with specific release processes, addressing inconsistent governance. |
| 6.2 | Integrate additional security testing tools or plugins seamlessly to consolidate scanning efforts. |
| 7 | Security Best Practices |
| 7.1 | Apply security best practices to code and infrastructure within the CI/CD pipeline, ensuring that scans are integrated into the release process. |
| 7.2 | Implement security testing as an integral part of the software development lifecycle, avoiding siloed visibility. |
| 8 | Compliance and Regulations |
| 8.1 | Understand and adhere to relevant compliance standards (e.g., GDPR, HIPAA) in security testing. |
| 8.2 | Ensure that security testing processes align with regulatory requirements, emphasizing the importance of integration and governance. |
| 9 | Troubleshooting and Debugging |
| 9.1 | Identify and resolve common issues and errors in security testing, including problems related to integration and automation. |
| 9.2 | Debug integration problems between Harness Security Testing Orchestration and other tools to maintain a smooth CI/CD pipeline. |
| 10 | Performance Optimization |
| 10.1 | Optimize security testing processes for efficiency and speed within the CI/CD pipeline. |
| 10.2 | Implement caching and parallelization strategies for security tests to address the issue of speed and delays in vulnerability identification. |
Next Steps
The Security Testing Orchestration Developer exam can start immediately after registering. Please allow up to 90 mins to complete the knowledge exam.
- Create an account in Harness University
- Review the Study Guide above.
- Register for an exam.
- Take the exam.
Prepare for the Exam
Get Certified | Harness Expert
Security Testing Orchestration - Administrator (BETA COMING SOON)
Product version: Security Testing Orchestration Enterprise PlanComing Soon...
Assesses the fundamental skills to deploy and maintain STO projects and the overall Harness Platform.
Prepare for the Exam
Get Certified | Harness Expert
Security Testing Orchestration - Architect (BETA COMING SOON)
Product version: Security Testing Orchestration Enterprise PlanComing Soon...
Assess key technical job functions and advanced skills in design, implementation and management of STO.