Skip to main content

Security Testing Orchestration

Seamlessly integrate security scanners and orchestrate tests anywhere across your build pipelines. Enable developers to rapidly remediate vulnerabilities through intelligent prioritization and deduplication.
Harness Certified Expert - DeveloperHarness Certified Expert - AdministratorHarness Certified Expert - Architect

Certifications

  • For Developers
  • For Administrators
  • For Architects

Prepare for the Exam

Get Certified | Harness Expert

Security Testing Orchestration - Developer

Harness Certified Expert - STO Engineering DeveloperProduct version: Harness STO Free/Team Plans

Review Study Guide

Assesses the fundamental skills to deploy your applications with STO projects.
ObjectiveMaterial
1. Introduction to Harness Security Testing Orchestration
Explain the importance of security testing in modern software development.Harness Security Testing Orchestration (STO) Overview
Describe the common issues in current security testing practices, including manual and standalone scanning, slow identification of vulnerabilities, siloed visibility, and inconsistent governance.Common Scanning Problems
2. Setting up the Environment
Install and configure Harness Security Testing Orchestration on a local development environment.Onboarding Guide
Connect Harness Security Testing Orchestration to version control systems (e.g., Git) and CI/CD pipelines, emphasizing the integration aspect to address manual and standalone scanning.Set up a build infrastructure for STO
3. Creating Test Plans
Create a basic security test plan using Harness Security Testing Orchestration.Create a base pipeline for STO
Define test scenarios, including target applications, endpoints, and test inputs, with a focus on automation to eliminate delays.Targets, baselines, and variants in STO
4. Test Automation
Implement basic security tests, such as OWASP Top Ten vulnerabilities scanning, and automate them within CI/CD pipelines to address the issue of delayed identification of vulnerabilities.Orchestrate scans and ingest data
Integrate third-party security testing tools into Harness Security Testing Orchestration to expand automated scanning capabilities.Ingest scan results from unsupported scanners into Harness STO
5. Test Execution and Reporting
Execute security tests within a CI/CD pipeline as gate checks, ensuring that vulnerabilities are identified before release.Create a base pipeline for STO
Analyze and interpret security test results and generate reports, promoting visibility into vulnerabilities throughout the development process.View and troubleshoot vulnerabilities
6. Integration and Extensibility
Customize security testing workflows in Harness Security Testing Orchestration to align with specific release processes, addressing inconsistent governance.Run an Orchestrated scan in an STO Pipeline
Integrate additional security testing tools or plugins seamlessly to consolidate scanning efforts.
7. Security Best Practices
Apply security best practices to code and infrastructure within the CI/CD pipeline, ensuring that scans are integrated into the release process.STO Key Concepts
Implement security testing as an integral part of the software development lifecycle, avoiding siloed visibility.STO setup procedures
8. Compliance and Regulations
Understand and adhere to relevant compliance standards (e.g., GDPR, HIPAA) in security testing.Set up target baselines in STO
Ensure that security testing processes align with regulatory requirements, emphasizing the importance of integration and governance.Use governance policies and security scan results to stop STO pipelines automatically
9. Troubleshooting and Debugging
Identify and resolve common issues and errors in security testing, including problems related to integration and automation.Discover and remediate issues in an STO scan
Debug integration problems between Harness Security Testing Orchestration and other tools to maintain a smooth CI/CD pipeline.Discover and remediate issues in an STO scan
10. Performance Optimization
Optimize security testing processes for efficiency and speed within the CI/CD pipeline.STO Troubleshooting Guide
Implement caching and parallelization strategies for security tests to address the issue of speed and delays in vulnerability identification.STO ingestion workflows

Exam Details

The Security Testing Orchestration(STO) Developer exam tests your knowledge and skills of the Harness Security Testing Orchestration module.

Prerequisites

  • Basic terminal skills
  • Basic understanding of on-premise or cloud architecture

Exam Details

Exam TypeDuration
Knowledge Exam90 minutes
Covered DomainCoverage
Introduction to Harness Security Testing Orchestration10%
Setting up the Environment10%
Creating Test Plans10%
Test Automation15%
Test Execution and Reporting15%
Integration and Extensibility10%
Security Best Practices10%
Compliance and Regulations5%
Troubleshooting and Debugging10%
Performance Optimization5%

Exam Objectives

List of Objectives

The following is a detailed list of exam objectives:

#Objective
1Introduction to Harness Security Testing Orchestration
1.1Explain the importance of security testing in modern software development.
1.2Describe the common issues in current security testing practices, including manual and standalone scanning, slow identification of vulnerabilities, siloed visibility, and inconsistent governance.
2Setting up the Environment
2.1Install and configure Harness Security Testing Orchestration on a local development environment.
2.2Connect Harness Security Testing Orchestration to version control systems (e.g., Git) and CI/CD pipelines, emphasizing the integration aspect to address manual and standalone scanning.
3Creating Test Plans
3.1Create a basic security test plan using Harness Security Testing Orchestration.
3.2Define test scenarios, including target applications, endpoints, and test inputs, with a focus on automation to eliminate delays.
4Test Automation
4.1Implement basic security tests, such as OWASP Top Ten vulnerabilities scanning, and automate them within CI/CD pipelines to address the issue of delayed identification of vulnerabilities.
4.2Integrate third-party security testing tools into Harness Security Testing Orchestration to expand automated scanning capabilities.
5Test Execution and Reporting
5.1Execute security tests within a CI/CD pipeline as gate checks, ensuring that vulnerabilities are identified before release.
5.2Analyze and interpret security test results and generate reports, promoting visibility into vulnerabilities throughout the development process.
6Integration and Extensibility
6.1Customize security testing workflows in Harness Security Testing Orchestration to align with specific release processes, addressing inconsistent governance.
6.2Integrate additional security testing tools or plugins seamlessly to consolidate scanning efforts.
7Security Best Practices
7.1Apply security best practices to code and infrastructure within the CI/CD pipeline, ensuring that scans are integrated into the release process.
7.2Implement security testing as an integral part of the software development lifecycle, avoiding siloed visibility.
8Compliance and Regulations
8.1Understand and adhere to relevant compliance standards (e.g., GDPR, HIPAA) in security testing.
8.2Ensure that security testing processes align with regulatory requirements, emphasizing the importance of integration and governance.
9Troubleshooting and Debugging
9.1Identify and resolve common issues and errors in security testing, including problems related to integration and automation.
9.2Debug integration problems between Harness Security Testing Orchestration and other tools to maintain a smooth CI/CD pipeline.
10Performance Optimization
10.1Optimize security testing processes for efficiency and speed within the CI/CD pipeline.
10.2Implement caching and parallelization strategies for security tests to address the issue of speed and delays in vulnerability identification.

Next Steps

The Security Testing Orchestration Developer exam can start immediately after registering. Please allow up to 90 mins to complete the knowledge exam.

  1. Create an account in Harness University
  2. Review the Study Guide above.
  3. Register for an exam.
  4. Take the exam.

Prepare for the Exam

Get Certified | Harness Expert

Security Testing Orchestration - Administrator

Harness Certified Expert - STO AdministratorProduct version: Harness STO Enterprise Plan

Review Study Guide

Assesses the fundamental skills to deploy and maintain STO Engineering projects and the overall Harness Platform. This exam builds upon the STO Developer Certification.
TopicMaterial
1. Harness Security Testing Overview
Understand the core principles and concepts of Harness Security Testing Orchestration.Harness Security Testing Orchestration (STO) Overview
Explain the importance of security testing in the software development lifecycle.Harness Security Testing Orchestration (STO) Overview
Differentiate between various types of security testing (e.g., static analysis, dynamic analysis, penetration testing) and their relevance in Harness.What's supported in Harness STO
2. Setting Up Harness Security Testing Environment
Install and configure Harness Security Testing Orchestration in a lab or testing environment.Onboarding Guide for STO
Integrate Harness with popular security testing tools and platforms.Orchestrate scans and ingest data
Create and manage user accounts and permissions for Harness Security Testing.Managing Users and Groups (RBAC)
3. Creating Security Testing Pipelines
Define security testing workflows within Harness, including pre-test and post-test actions.Orchestrate scans and ingest data
Configure pipeline triggers and conditions for automated security testing.Trigger automated scans using GitLab merge requests
Establish notification and alerting mechanisms for test results.Generate automated emails for detected issues in STO
4. Managing Test Artifacts
Upload and manage security test artifacts, including source code, binaries, and test data.Orchestrate scans and ingest data
Implement version control and artifact tagging strategies within Harness.CD artifact sources
Optimize storage and resource utilization for test artifacts.Optimize STO pipelines
5. Automated Security Test Execution
Execute automated security tests using various testing tools and frameworks through Harness.Orchestrate scans and ingest data
Schedule and orchestrate recurring security test runs.Run an Orchestrated scan in an STO Pipeline
Monitor and analyze test execution results and log data.Navigate and drill down into detected issues in the Security Testing Dashboard
6. Security Test Reporting and Analysis
Generate comprehensive security test reports and dashboards.Navigate and drill down into detected issues in the Security Testing Dashboard
Analyze test results to identify vulnerabilities and security issues.View issues in target baselines over time in the Security Testing Overview
Provide recommendations for remediation based on test findings.Fix security issues using AI-enhanced remediation steps in STO
7. Integration with CI/CD
Integrate Harness Security Testing into continuous integration and continuous deployment (CI/CD) pipelines.Create a base pipeline for STO
Ensure seamless automation and feedback loops between development and security teams.Use looping strategies
Implement version control and artifact tagging strategies within Harness.Tags Reference
8. Security Testing Best Practices
Demonstrate an understanding of industry best practices in security testing.Targets, baselines, and variants in STO
Apply secure coding principles and techniques to reduce vulnerabilities.Targets, baselines, and variants in STO
Stay updated with the latest security threats and vulnerabilities relevant to software development.Severity scores and levels in STO
9. Security Compliance and Governance
Implement security compliance policies and standards within Harness Security Testing.Severity scores and levels in STO
Ensure regulatory and industry-specific compliance (e.g., GDPR, HIPAA) in security testing processes.Use governance policies and security scan results to stop STO pipelines automatically
Perform security risk assessments and provide recommendations for risk mitigation.Discover and remediate issues in Security Tests

Exam Details

The Security Testing Orchestration Administrator exam tests your knowledge and skills of the Harness Security Testing Orchestration module.

Prerequisites

Exam Details

Exam TypeDuration
Knowledge Exam90 minutes
Hands On Exam120 minutes
Covered Domain% of Coverage
1. Harness Security Testing Overview16%
2. Setting Up Harness Security Testing Environment15%
3. Creating Security Testing Pipelines14%
4. Managing Test Artifacts11%
5. Automated Security Test Execution13%
6. Security Test Reporting and Analysis10%
7. Integration with CI/CD9%
8. Security Testing Best Practices6%
9. Security Compliance and Governance6%

Exam Objectives

List of Objectives

The following is a detailed list of exam objectives:

#Objective
1Harness Security Testing Overview
1.1Understand the core principles and concepts of Harness Security Testing Orchestration.
1.2Explain the importance of security testing in the software development lifecycle.
1.3Differentiate between various types of security testing (e.g., static analysis, dynamic analysis, penetration testing) and their relevance in Harness.
2Setting Up Harness Security Testing Environment
2.1Install and configure Harness Security Testing Orchestration in a lab or testing environment.
2.2Integrate Harness with popular security testing tools and platforms.
2.3Create and manage user accounts and permissions for Harness Security Testing.
3Creating Security Testing Pipelines
3.1Define security testing workflows within Harness, including pre-test and post-test actions.
3.2Configure pipeline triggers and conditions for automated security testing.
3.3Establish notification and alerting mechanisms for test results.
4Managing Test Artifacts
4.1Upload and manage security test artifacts, including source code, binaries, and test data.
4.2Implement version control and artifact tagging strategies within Harness.
4.3Optimize storage and resource utilization for test artifacts.
5Automated Security Test Execution
5.1Execute automated security tests using various testing tools and frameworks through Harness.
5.2Schedule and orchestrate recurring security test runs.
5.3Monitor and analyze test execution results and log data.
6Security Test Reporting and Analysis
6.1Generate comprehensive security test reports and dashboards.
6.2Analyze test results to identify vulnerabilities and security issues.
6.3Provide recommendations for remediation based on test findings.
7Integration with CI/CD
7.1Integrate Harness Security Testing into continuous integration and continuous deployment (CI/CD) pipelines.
7.2Ensure seamless automation and feedback loops between development and security teams.
7.3Implement version control and artifact tagging strategies within Harness.
8Security Testing Best Practices
8.1Demonstrate an understanding of industry best practices in security testing.
8.2Apply secure coding principles and techniques to reduce vulnerabilities.
8.3Stay updated with the latest security threats and vulnerabilities relevant to software development.
9Security Compliance and Governance
9.1Implement security compliance policies and standards within Harness Security Testing.
9.2Ensure regulatory and industry-specific compliance (e.g., GDPR, HIPAA) in security testing processes.
9.3Perform security risk assessments and provide recommendations for risk mitigation.

Next Steps

The Security Testing Orchestration Administrator exam can start immediately after registering. Please allow 90 mins for the knowledge exam and approximately 120 minutes for the hands on exam.

  1. Create an account in Harness University
  2. Register for an exam. There is a $50 fee for the exam
  3. Review the instructions for the Hands On Exam
  4. Take the exams
    1. There will be a knowledge and hands on portion.

Prepare for the Exam

Get Certified | Harness Expert

Security Testing Orchestration - Architect (BETA COMING SOON)

Harness Certified Expert - STO ArchitectProduct version: Harness STO Enterprise Plan

Coming Soon...

Assess key technical job functions and advanced skills in design, implementation and management of STO.