Security Testing Orchestration
Seamlessly integrate security scanners and orchestrate tests anywhere across your build pipelines. Enable developers to rapidly remediate vulnerabilities through intelligent prioritization and deduplication.
Certifications
- For Developers
- For Administrators
- For Architects
Prepare for the Exam
Get Certified | Harness Expert
Security Testing Orchestration - Developer
Product version: Harness STO Free/Team PlansReview Study Guide
Assesses the fundamental skills to deploy your applications with STO projects.
| Objective | Material |
|---|---|
| 1. Introduction to Harness Security Testing Orchestration | |
| Explain the importance of security testing in modern software development. | Harness Security Testing Orchestration (STO) Overview |
| Describe the common issues in current security testing practices, including manual and standalone scanning, slow identification of vulnerabilities, siloed visibility, and inconsistent governance. | Common Scanning Problems |
| 2. Setting up the Environment | |
| Install and configure Harness Security Testing Orchestration on a local development environment. | Onboarding Guide |
| Connect Harness Security Testing Orchestration to version control systems (e.g., Git) and CI/CD pipelines, emphasizing the integration aspect to address manual and standalone scanning. | Set up a build infrastructure for STO |
| 3. Creating Test Plans | |
| Create a basic security test plan using Harness Security Testing Orchestration. | Create a base pipeline for STO |
| Define test scenarios, including target applications, endpoints, and test inputs, with a focus on automation to eliminate delays. | Targets, baselines, and variants in STO |
| 4. Test Automation | |
| Implement basic security tests, such as OWASP Top Ten vulnerabilities scanning, and automate them within CI/CD pipelines to address the issue of delayed identification of vulnerabilities. | Orchestrate scans and ingest data |
| Integrate third-party security testing tools into Harness Security Testing Orchestration to expand automated scanning capabilities. | Ingest scan results from unsupported scanners into Harness STO |
| 5. Test Execution and Reporting | |
| Execute security tests within a CI/CD pipeline as gate checks, ensuring that vulnerabilities are identified before release. | Create a base pipeline for STO |
| Analyze and interpret security test results and generate reports, promoting visibility into vulnerabilities throughout the development process. | View and troubleshoot vulnerabilities |
| 6. Integration and Extensibility | |
| Customize security testing workflows in Harness Security Testing Orchestration to align with specific release processes, addressing inconsistent governance. | Run an Orchestrated scan in an STO Pipeline |
| Integrate additional security testing tools or plugins seamlessly to consolidate scanning efforts. | |
| 7. Security Best Practices | |
| Apply security best practices to code and infrastructure within the CI/CD pipeline, ensuring that scans are integrated into the release process. | STO Key Concepts |
| Implement security testing as an integral part of the software development lifecycle, avoiding siloed visibility. | STO setup procedures |
| 8. Compliance and Regulations | |
| Understand and adhere to relevant compliance standards (e.g., GDPR, HIPAA) in security testing. | Set up target baselines in STO |
| Ensure that security testing processes align with regulatory requirements, emphasizing the importance of integration and governance. | Use governance policies and security scan results to stop STO pipelines automatically |
| 9. Troubleshooting and Debugging | |
| Identify and resolve common issues and errors in security testing, including problems related to integration and automation. | Discover and remediate issues in an STO scan |
| Debug integration problems between Harness Security Testing Orchestration and other tools to maintain a smooth CI/CD pipeline. | Discover and remediate issues in an STO scan |
| 10. Performance Optimization | |
| Optimize security testing processes for efficiency and speed within the CI/CD pipeline. | STO Troubleshooting Guide |
| Implement caching and parallelization strategies for security tests to address the issue of speed and delays in vulnerability identification. | STO ingestion workflows |
Exam Details
The Security Testing Orchestration(STO) Developer exam tests your knowledge and skills of the Harness Security Testing Orchestration module.
Prerequisites
- Basic terminal skills
- Basic understanding of on-premise or cloud architecture
Exam Details
| Exam Type | Duration |
|---|---|
| Knowledge Exam | 90 minutes |
| Covered Domain | Coverage |
|---|---|
| Introduction to Harness Security Testing Orchestration | 10% |
| Setting up the Environment | 10% |
| Creating Test Plans | 10% |
| Test Automation | 15% |
| Test Execution and Reporting | 15% |
| Integration and Extensibility | 10% |
| Security Best Practices | 10% |
| Compliance and Regulations | 5% |
| Troubleshooting and Debugging | 10% |
| Performance Optimization | 5% |
Exam Objectives
List of Objectives
The following is a detailed list of exam objectives:
| # | Objective |
|---|---|
| 1 | Introduction to Harness Security Testing Orchestration |
| 1.1 | Explain the importance of security testing in modern software development. |
| 1.2 | Describe the common issues in current security testing practices, including manual and standalone scanning, slow identification of vulnerabilities, siloed visibility, and inconsistent governance. |
| 2 | Setting up the Environment |
| 2.1 | Install and configure Harness Security Testing Orchestration on a local development environment. |
| 2.2 | Connect Harness Security Testing Orchestration to version control systems (e.g., Git) and CI/CD pipelines, emphasizing the integration aspect to address manual and standalone scanning. |
| 3 | Creating Test Plans |
| 3.1 | Create a basic security test plan using Harness Security Testing Orchestration. |
| 3.2 | Define test scenarios, including target applications, endpoints, and test inputs, with a focus on automation to eliminate delays. |
| 4 | Test Automation |
| 4.1 | Implement basic security tests, such as OWASP Top Ten vulnerabilities scanning, and automate them within CI/CD pipelines to address the issue of delayed identification of vulnerabilities. |
| 4.2 | Integrate third-party security testing tools into Harness Security Testing Orchestration to expand automated scanning capabilities. |
| 5 | Test Execution and Reporting |
| 5.1 | Execute security tests within a CI/CD pipeline as gate checks, ensuring that vulnerabilities are identified before release. |
| 5.2 | Analyze and interpret security test results and generate reports, promoting visibility into vulnerabilities throughout the development process. |
| 6 | Integration and Extensibility |
| 6.1 | Customize security testing workflows in Harness Security Testing Orchestration to align with specific release processes, addressing inconsistent governance. |
| 6.2 | Integrate additional security testing tools or plugins seamlessly to consolidate scanning efforts. |
| 7 | Security Best Practices |
| 7.1 | Apply security best practices to code and infrastructure within the CI/CD pipeline, ensuring that scans are integrated into the release process. |
| 7.2 | Implement security testing as an integral part of the software development lifecycle, avoiding siloed visibility. |
| 8 | Compliance and Regulations |
| 8.1 | Understand and adhere to relevant compliance standards (e.g., GDPR, HIPAA) in security testing. |
| 8.2 | Ensure that security testing processes align with regulatory requirements, emphasizing the importance of integration and governance. |
| 9 | Troubleshooting and Debugging |
| 9.1 | Identify and resolve common issues and errors in security testing, including problems related to integration and automation. |
| 9.2 | Debug integration problems between Harness Security Testing Orchestration and other tools to maintain a smooth CI/CD pipeline. |
| 10 | Performance Optimization |
| 10.1 | Optimize security testing processes for efficiency and speed within the CI/CD pipeline. |
| 10.2 | Implement caching and parallelization strategies for security tests to address the issue of speed and delays in vulnerability identification. |
Next Steps
The Security Testing Orchestration Developer exam can start immediately after registering. Please allow up to 90 mins to complete the knowledge exam.
- Create an account in Harness University
- Review the Study Guide above.
- Register for an exam.
- Take the exam.
Prepare for the Exam
Get Certified | Harness Expert
Security Testing Orchestration - Administrator
Product version: Harness STO Enterprise PlanReview Study Guide
Assesses the fundamental skills to deploy and maintain STO Engineering projects and the overall Harness Platform. This exam builds upon the STO Developer Certification.
| Topic | Material |
|---|---|
| 1. Harness Security Testing Overview | |
| Understand the core principles and concepts of Harness Security Testing Orchestration. | Harness Security Testing Orchestration (STO) Overview |
| Explain the importance of security testing in the software development lifecycle. | Harness Security Testing Orchestration (STO) Overview |
| Differentiate between various types of security testing (e.g., static analysis, dynamic analysis, penetration testing) and their relevance in Harness. | What's supported in Harness STO |
| 2. Setting Up Harness Security Testing Environment | |
| Install and configure Harness Security Testing Orchestration in a lab or testing environment. | Onboarding Guide for STO |
| Integrate Harness with popular security testing tools and platforms. | Orchestrate scans and ingest data |
| Create and manage user accounts and permissions for Harness Security Testing. | Managing Users and Groups (RBAC) |
| 3. Creating Security Testing Pipelines | |
| Define security testing workflows within Harness, including pre-test and post-test actions. | Orchestrate scans and ingest data |
| Configure pipeline triggers and conditions for automated security testing. | Trigger automated scans using GitLab merge requests |
| Establish notification and alerting mechanisms for test results. | Generate automated emails for detected issues in STO |
| 4. Managing Test Artifacts | |
| Upload and manage security test artifacts, including source code, binaries, and test data. | Orchestrate scans and ingest data |
| Implement version control and artifact tagging strategies within Harness. | CD artifact sources |
| Optimize storage and resource utilization for test artifacts. | Optimize STO pipelines |
| 5. Automated Security Test Execution | |
| Execute automated security tests using various testing tools and frameworks through Harness. | Orchestrate scans and ingest data |
| Schedule and orchestrate recurring security test runs. | Run an Orchestrated scan in an STO Pipeline |
| Monitor and analyze test execution results and log data. | Navigate and drill down into detected issues in the Security Testing Dashboard |
| 6. Security Test Reporting and Analysis | |
| Generate comprehensive security test reports and dashboards. | Navigate and drill down into detected issues in the Security Testing Dashboard |
| Analyze test results to identify vulnerabilities and security issues. | View issues in target baselines over time in the Security Testing Overview |
| Provide recommendations for remediation based on test findings. | Fix security issues using AI-enhanced remediation steps in STO |
| 7. Integration with CI/CD | |
| Integrate Harness Security Testing into continuous integration and continuous deployment (CI/CD) pipelines. | Create a base pipeline for STO |
| Ensure seamless automation and feedback loops between development and security teams. | Use looping strategies |
| Implement version control and artifact tagging strategies within Harness. | Tags Reference |
| 8. Security Testing Best Practices | |
| Demonstrate an understanding of industry best practices in security testing. | Targets, baselines, and variants in STO |
| Apply secure coding principles and techniques to reduce vulnerabilities. | Targets, baselines, and variants in STO |
| Stay updated with the latest security threats and vulnerabilities relevant to software development. | Severity scores and levels in STO |
| 9. Security Compliance and Governance | |
| Implement security compliance policies and standards within Harness Security Testing. | Severity scores and levels in STO |
| Ensure regulatory and industry-specific compliance (e.g., GDPR, HIPAA) in security testing processes. | Use governance policies and security scan results to stop STO pipelines automatically |
| Perform security risk assessments and provide recommendations for risk mitigation. | Discover and remediate issues in Security Tests |
Exam Details
The Security Testing Orchestration Administrator exam tests your knowledge and skills of the Harness Security Testing Orchestration module.
Prerequisites
- Intermediate terminal skills
- Basic understanding of on-premise or cloud architecture
- This exam builds upon the Security Testing Orchestration Developer Exam
Exam Details
| Exam Type | Duration |
|---|---|
| Knowledge Exam | 90 minutes |
| Hands On Exam | 120 minutes |
| Covered Domain | % of Coverage |
|---|---|
| 1. Harness Security Testing Overview | 16% |
| 2. Setting Up Harness Security Testing Environment | 15% |
| 3. Creating Security Testing Pipelines | 14% |
| 4. Managing Test Artifacts | 11% |
| 5. Automated Security Test Execution | 13% |
| 6. Security Test Reporting and Analysis | 10% |
| 7. Integration with CI/CD | 9% |
| 8. Security Testing Best Practices | 6% |
| 9. Security Compliance and Governance | 6% |
Exam Objectives
List of Objectives
The following is a detailed list of exam objectives:
| # | Objective |
|---|---|
| 1 | Harness Security Testing Overview |
| 1.1 | Understand the core principles and concepts of Harness Security Testing Orchestration. |
| 1.2 | Explain the importance of security testing in the software development lifecycle. |
| 1.3 | Differentiate between various types of security testing (e.g., static analysis, dynamic analysis, penetration testing) and their relevance in Harness. |
| 2 | Setting Up Harness Security Testing Environment |
| 2.1 | Install and configure Harness Security Testing Orchestration in a lab or testing environment. |
| 2.2 | Integrate Harness with popular security testing tools and platforms. |
| 2.3 | Create and manage user accounts and permissions for Harness Security Testing. |
| 3 | Creating Security Testing Pipelines |
| 3.1 | Define security testing workflows within Harness, including pre-test and post-test actions. |
| 3.2 | Configure pipeline triggers and conditions for automated security testing. |
| 3.3 | Establish notification and alerting mechanisms for test results. |
| 4 | Managing Test Artifacts |
| 4.1 | Upload and manage security test artifacts, including source code, binaries, and test data. |
| 4.2 | Implement version control and artifact tagging strategies within Harness. |
| 4.3 | Optimize storage and resource utilization for test artifacts. |
| 5 | Automated Security Test Execution |
| 5.1 | Execute automated security tests using various testing tools and frameworks through Harness. |
| 5.2 | Schedule and orchestrate recurring security test runs. |
| 5.3 | Monitor and analyze test execution results and log data. |
| 6 | Security Test Reporting and Analysis |
| 6.1 | Generate comprehensive security test reports and dashboards. |
| 6.2 | Analyze test results to identify vulnerabilities and security issues. |
| 6.3 | Provide recommendations for remediation based on test findings. |
| 7 | Integration with CI/CD |
| 7.1 | Integrate Harness Security Testing into continuous integration and continuous deployment (CI/CD) pipelines. |
| 7.2 | Ensure seamless automation and feedback loops between development and security teams. |
| 7.3 | Implement version control and artifact tagging strategies within Harness. |
| 8 | Security Testing Best Practices |
| 8.1 | Demonstrate an understanding of industry best practices in security testing. |
| 8.2 | Apply secure coding principles and techniques to reduce vulnerabilities. |
| 8.3 | Stay updated with the latest security threats and vulnerabilities relevant to software development. |
| 9 | Security Compliance and Governance |
| 9.1 | Implement security compliance policies and standards within Harness Security Testing. |
| 9.2 | Ensure regulatory and industry-specific compliance (e.g., GDPR, HIPAA) in security testing processes. |
| 9.3 | Perform security risk assessments and provide recommendations for risk mitigation. |
Next Steps
The Security Testing Orchestration Administrator exam can start immediately after registering. Please allow 90 mins for the knowledge exam and approximately 120 minutes for the hands on exam.
- Create an account in Harness University
- Register for an exam. There is a $50 fee for the exam
- Review the instructions for the Hands On Exam
- Take the exams
- There will be a knowledge and hands on portion.
Prepare for the Exam
Get Certified | Harness Expert
Security Testing Orchestration - Architect (BETA COMING SOON)
Product version: Harness STO Enterprise PlanComing Soon...
Assess key technical job functions and advanced skills in design, implementation and management of STO.