Security Testing Orchestration
Seamlessly integrate security scanners and orchestrate tests anywhere across your build pipelines. Enable developers to rapidly remediate vulnerabilities through intelligent prioritization and deduplication.
Certifications
- For Developers
- For Administrators
- For Architects
Prepare for the Exam
Get Certified | Harness Expert
Security Testing Orchestration - Developer
Product version: Security Testing Orchestration Free/Team PlansReview Study Guide
Assesses the fundamental skills to deploy your applications with STO projects.
| Objective | Material |
|---|---|
| 1. Introduction to Harness Security Testing Orchestration | |
| Explain the importance of security testing in modern software development. | Harness Security Testing Orchestration (STO) Overview |
| Describe the common issues in current security testing practices, including manual and standalone scanning, slow identification of vulnerabilities, siloed visibility, and inconsistent governance. | Common Scanning Problems |
| 2. Setting up the Environment | |
| Install and configure Harness Security Testing Orchestration on a local development environment. | Onboarding Guide |
| Connect Harness Security Testing Orchestration to version control systems (e.g., Git) and CI/CD pipelines, emphasizing the integration aspect to address manual and standalone scanning. | Set up a build infrastructure for STO |
| 3. Creating Test Plans | |
| Create a basic security test plan using Harness Security Testing Orchestration. | Create a base pipeline for STO |
| Define test scenarios, including target applications, endpoints, and test inputs, with a focus on automation to eliminate delays. | Targets, baselines, and variants in STO |
| 4. Test Automation | |
| Implement basic security tests, such as OWASP Top Ten vulnerabilities scanning, and automate them within CI/CD pipelines to address the issue of delayed identification of vulnerabilities. | Orchestrate scans and ingest data |
| Integrate third-party security testing tools into Harness Security Testing Orchestration to expand automated scanning capabilities. | Ingest scan results from unsupported scanners into Harness STO |
| 5. Test Execution and Reporting | |
| Execute security tests within a CI/CD pipeline as gate checks, ensuring that vulnerabilities are identified before release. | Create a base pipeline for STO |
| Analyze and interpret security test results and generate reports, promoting visibility into vulnerabilities throughout the development process. | View and troubleshoot vulnerabilities |
| 6. Integration and Extensibility | |
| Customize security testing workflows in Harness Security Testing Orchestration to align with specific release processes, addressing inconsistent governance. | Run an Orchestrated scan in an STO Pipeline |
| Integrate additional security testing tools or plugins seamlessly to consolidate scanning efforts. | |
| 7. Security Best Practices | |
| Apply security best practices to code and infrastructure within the CI/CD pipeline, ensuring that scans are integrated into the release process. | STO Key Concepts |
| Implement security testing as an integral part of the software development lifecycle, avoiding siloed visibility. | STO setup procedures |
| 8. Compliance and Regulations | |
| Understand and adhere to relevant compliance standards (e.g., GDPR, HIPAA) in security testing. | Set up target baselines in STO |
| Ensure that security testing processes align with regulatory requirements, emphasizing the importance of integration and governance. | Use governance policies and security scan results to stop STO pipelines automatically |
| 9. Troubleshooting and Debugging | |
| Identify and resolve common issues and errors in security testing, including problems related to integration and automation. | Discover and remediate issues in an STO scan |
| Debug integration problems between Harness Security Testing Orchestration and other tools to maintain a smooth CI/CD pipeline. | Discover and remediate issues in an STO scan |
| 10. Performance Optimization | |
| Optimize security testing processes for efficiency and speed within the CI/CD pipeline. | STO Troubleshooting Guide |
| Implement caching and parallelization strategies for security tests to address the issue of speed and delays in vulnerability identification. | STO ingestion workflows |
Exam Details
The Security Testing Orchestration(STO) Developer exam tests your knowledge and skills of the Harness Security Testing Orchestration module.
Prerequisites
- Basic terminal skills
- Basic understanding of on-premise or cloud architecture
Exam Details
| Exam Type | Duration |
|---|---|
| Knowledge Exam | 90 minutes |
| Covered Domain | Coverage |
|---|---|
| Introduction to Harness Security Testing Orchestration | 10% |
| Setting up the Environment | 10% |
| Creating Test Plans | 10% |
| Test Automation | 15% |
| Test Execution and Reporting | 15% |
| Integration and Extensibility | 10% |
| Security Best Practices | 10% |
| Compliance and Regulations | 5% |
| Troubleshooting and Debugging | 10% |
| Performance Optimization | 5% |
Exam Objectives
List of Objectives
The following is a detailed list of exam objectives:
| # | Objective |
|---|---|
| 1 | Introduction to Harness Security Testing Orchestration |
| 1.1 | Explain the importance of security testing in modern software development. |
| 1.2 | Describe the common issues in current security testing practices, including manual and standalone scanning, slow identification of vulnerabilities, siloed visibility, and inconsistent governance. |
| 2 | Setting up the Environment |
| 2.1 | Install and configure Harness Security Testing Orchestration on a local development environment. |
| 2.2 | Connect Harness Security Testing Orchestration to version control systems (e.g., Git) and CI/CD pipelines, emphasizing the integration aspect to address manual and standalone scanning. |
| 3 | Creating Test Plans |
| 3.1 | Create a basic security test plan using Harness Security Testing Orchestration. |
| 3.2 | Define test scenarios, including target applications, endpoints, and test inputs, with a focus on automation to eliminate delays. |
| 4 | Test Automation |
| 4.1 | Implement basic security tests, such as OWASP Top Ten vulnerabilities scanning, and automate them within CI/CD pipelines to address the issue of delayed identification of vulnerabilities. |
| 4.2 | Integrate third-party security testing tools into Harness Security Testing Orchestration to expand automated scanning capabilities. |
| 5 | Test Execution and Reporting |
| 5.1 | Execute security tests within a CI/CD pipeline as gate checks, ensuring that vulnerabilities are identified before release. |
| 5.2 | Analyze and interpret security test results and generate reports, promoting visibility into vulnerabilities throughout the development process. |
| 6 | Integration and Extensibility |
| 6.1 | Customize security testing workflows in Harness Security Testing Orchestration to align with specific release processes, addressing inconsistent governance. |
| 6.2 | Integrate additional security testing tools or plugins seamlessly to consolidate scanning efforts. |
| 7 | Security Best Practices |
| 7.1 | Apply security best practices to code and infrastructure within the CI/CD pipeline, ensuring that scans are integrated into the release process. |
| 7.2 | Implement security testing as an integral part of the software development lifecycle, avoiding siloed visibility. |
| 8 | Compliance and Regulations |
| 8.1 | Understand and adhere to relevant compliance standards (e.g., GDPR, HIPAA) in security testing. |
| 8.2 | Ensure that security testing processes align with regulatory requirements, emphasizing the importance of integration and governance. |
| 9 | Troubleshooting and Debugging |
| 9.1 | Identify and resolve common issues and errors in security testing, including problems related to integration and automation. |
| 9.2 | Debug integration problems between Harness Security Testing Orchestration and other tools to maintain a smooth CI/CD pipeline. |
| 10 | Performance Optimization |
| 10.1 | Optimize security testing processes for efficiency and speed within the CI/CD pipeline. |
| 10.2 | Implement caching and parallelization strategies for security tests to address the issue of speed and delays in vulnerability identification. |
Next Steps
The Security Testing Orchestration Developer exam can start immediately after registering. Please allow up to 90 mins to complete the knowledge exam.
- Create an account in Harness University
- Review the Study Guide above.
- Register for an exam.
- Take the exam.
Prepare for the Exam
Get Certified | Harness Expert
Security Testing Orchestration - Administrator
Product version: Security Testing Orchestration Enterprise PlanReview Study Guide
Assesses the fundamental skills to deploy and maintain STO Engineering projects and the overall Harness Platform. This exam builds upon the STO Developer Certification.
| Topic | Material |
|---|---|
| 1. Harness Security Testing Overview | |
| Understand the core principles and concepts of Harness Security Testing Orchestration. | Harness Security Testing Orchestration (STO) Overview |
| Explain the importance of security testing in the software development lifecycle. | Harness Security Testing Orchestration (STO) Overview |
| Differentiate between various types of security testing (e.g., static analysis, dynamic analysis, penetration testing) and their relevance in Harness. | What's supported in Harness STO |
| 2. Setting Up Harness Security Testing Environment | |
| Install and configure Harness Security Testing Orchestration in a lab or testing environment. | Onboarding Guide for STO |
| Integrate Harness with popular security testing tools and platforms. | Orchestrate scans and ingest data |
| Create and manage user accounts and permissions for Harness Security Testing. | Managing Users and Groups (RBAC) |
| 3. Creating Security Testing Pipelines | |
| Define security testing workflows within Harness, including pre-test and post-test actions. | Orchestrate scans and ingest data |
| Configure pipeline triggers and conditions for automated security testing. | Trigger automated scans using GitLab merge requests |
| Establish notification and alerting mechanisms for test results. | Generate automated emails for detected issues in STO |
| 4. Managing Test Artifacts | |
| Upload and manage security test artifacts, including source code, binaries, and test data. | Orchestrate scans and ingest data |
| Implement version control and artifact tagging strategies within Harness. | CD artifact sources |
| Optimize storage and resource utilization for test artifacts. | Optimize STO pipelines |
| 5. Automated Security Test Execution | |
| Execute automated security tests using various testing tools and frameworks through Harness. | Orchestrate scans and ingest data |
| Schedule and orchestrate recurring security test runs. | Run an Orchestrated scan in an STO Pipeline |
| Monitor and analyze test execution results and log data. | Navigate and drill down into detected issues in the Security Testing Dashboard |
| 6. Security Test Reporting and Analysis | |
| Generate comprehensive security test reports and dashboards. | Navigate and drill down into detected issues in the Security Testing Dashboard |
| Analyze test results to identify vulnerabilities and security issues. | View issues in target baselines over time in the Security Testing Overview |
| Provide recommendations for remediation based on test findings. | Fix security issues using AI-enhanced remediation steps in STO |
| 7. Integration with CI/CD | |
| Integrate Harness Security Testing into continuous integration and continuous deployment (CI/CD) pipelines. | Create a base pipeline for STO |
| Ensure seamless automation and feedback loops between development and security teams. | Use looping strategies |
| Implement version control and artifact tagging strategies within Harness. | Tags Reference |
| 8. Security Testing Best Practices | |
| Demonstrate an understanding of industry best practices in security testing. | Targets, baselines, and variants in STO |
| Apply secure coding principles and techniques to reduce vulnerabilities. | Targets, baselines, and variants in STO |
| Stay updated with the latest security threats and vulnerabilities relevant to software development. | Severity scores and levels in STO |
| 9. Security Compliance and Governance | |
| Implement security compliance policies and standards within Harness Security Testing. | Severity scores and levels in STO |
| Ensure regulatory and industry-specific compliance (e.g., GDPR, HIPAA) in security testing processes. | Use governance policies and security scan results to stop STO pipelines automatically |
| Perform security risk assessments and provide recommendations for risk mitigation. | Discover and remediate issues in Security Tests |
Exam Details
The Security Testing Orchestration Administrator exam tests your knowledge and skills of the Harness Security Testing Orchestration module.
Prerequisites
- Intermediate terminal skills
- Basic understanding of on-premise or cloud architecture
- This exam builds upon the Security Testing Orchestration Developer Exam
Exam Details
| Exam Type | Duration |
|---|---|
| Knowledge Exam | 90 minutes |
| Hands On Exam | 120 minutes |
| Covered Domain | % of Coverage |
|---|---|
| 1. Harness Security Testing Overview | 16% |
| 2. Setting Up Harness Security Testing Environment | 15% |
| 3. Creating Security Testing Pipelines | 14% |
| 4. Managing Test Artifacts | 11% |
| 5. Automated Security Test Execution | 13% |
| 6. Security Test Reporting and Analysis | 10% |
| 7. Integration with CI/CD | 9% |
| 8. Security Testing Best Practices | 6% |
| 9. Security Compliance and Governance | 6% |
Exam Objectives
List of Objectives
The following is a detailed list of exam objectives:
| # | Objective |
|---|---|
| 1 | Harness Security Testing Overview |
| 1.1 | Understand the core principles and concepts of Harness Security Testing Orchestration. |
| 1.2 | Explain the importance of security testing in the software development lifecycle. |
| 1.3 | Differentiate between various types of security testing (e.g., static analysis, dynamic analysis, penetration testing) and their relevance in Harness. |
| 2 | Setting Up Harness Security Testing Environment |
| 2.1 | Install and configure Harness Security Testing Orchestration in a lab or testing environment. |
| 2.2 | Integrate Harness with popular security testing tools and platforms. |
| 2.3 | Create and manage user accounts and permissions for Harness Security Testing. |
| 3 | Creating Security Testing Pipelines |
| 3.1 | Define security testing workflows within Harness, including pre-test and post-test actions. |
| 3.2 | Configure pipeline triggers and conditions for automated security testing. |
| 3.3 | Establish notification and alerting mechanisms for test results. |
| 4 | Managing Test Artifacts |
| 4.1 | Upload and manage security test artifacts, including source code, binaries, and test data. |
| 4.2 | Implement version control and artifact tagging strategies within Harness. |
| 4.3 | Optimize storage and resource utilization for test artifacts. |
| 5 | Automated Security Test Execution |
| 5.1 | Execute automated security tests using various testing tools and frameworks through Harness. |
| 5.2 | Schedule and orchestrate recurring security test runs. |
| 5.3 | Monitor and analyze test execution results and log data. |
| 6 | Security Test Reporting and Analysis |
| 6.1 | Generate comprehensive security test reports and dashboards. |
| 6.2 | Analyze test results to identify vulnerabilities and security issues. |
| 6.3 | Provide recommendations for remediation based on test findings. |
| 7 | Integration with CI/CD |
| 7.1 | Integrate Harness Security Testing into continuous integration and continuous deployment (CI/CD) pipelines. |
| 7.2 | Ensure seamless automation and feedback loops between development and security teams. |
| 7.3 | Implement version control and artifact tagging strategies within Harness. |
| 8 | Security Testing Best Practices |
| 8.1 | Demonstrate an understanding of industry best practices in security testing. |
| 8.2 | Apply secure coding principles and techniques to reduce vulnerabilities. |
| 8.3 | Stay updated with the latest security threats and vulnerabilities relevant to software development. |
| 9 | Security Compliance and Governance |
| 9.1 | Implement security compliance policies and standards within Harness Security Testing. |
| 9.2 | Ensure regulatory and industry-specific compliance (e.g., GDPR, HIPAA) in security testing processes. |
| 9.3 | Perform security risk assessments and provide recommendations for risk mitigation. |
Next Steps
The Security Testing Orchestration Administrator exam can start immediately after registering. Please allow 90 mins for the knowledge exam and approximately 120 minutes for the hands on exam.
- Create an account in Harness University
- Register for an exam. There is a $50 fee for the exam
- Review the instructions for the Hands On Exam
- Take the exams
- There will be a knowledge and hands on portion.
Prepare for the Exam
Get Certified | Harness Expert
Security Testing Orchestration - Architect (BETA COMING SOON)
Product version: Security Testing Orchestration Enterprise PlanComing Soon...
Assess key technical job functions and advanced skills in design, implementation and management of STO.