The PECB Certified ISO/IEC 27034 Lead Auditor training course provides participants with the skills and knowledge to audit application security processes based on ISO/IEC 27034 series.
Participants will learn to assess how application security is governed, implemented, and maintained, focusing on key ISO/IEC 27034 concepts such as the Organizational Normative Framework (ONF), Application Normative Framework (ANF), and Application Security Controls (ASCs). The course draws on auditing principles from ISO 19011 and ISO/IEC 17021-1 to support a structured approach to auditing application security. These standards are used as guidance rather than for certification, as ISO/IEC 27034 itself is not a certifiable standard.
Through practical exercises and scenario-based activities, participants will build competence in conducting application security audits in various organizational contexts.
As application security threats grow increasingly complex, organizations must ensure that all applications, whether internally developed, outsourced, or commercially purchased, are properly secured throughout their lifecycle. ISO/IEC 27034 provides structured guidance for achieving this.
By attending this course, participants will gain the skills to plan, manage, and report on audit activities; evaluate an organization’s ONF, its processes, and components associated with application security, the application security management process (ASMP), and the application’s level of trust.
This training is ideal for professionals seeking to enhance their auditing capabilities, contribute to organizational compliance, and support the ongoing development of application security practices.
This training course is intended for:
By the end of this training course, participants will be able to:
This training course includes essay-type exercises, multiple-choice quizzes, examples and best practices used in application security.
Participants are strongly encouraged to interact with one another, exchange ideas, and actively participate in discussions.
The quiz structure within the course closely mirrors that of the certification exam, ensuring participants are well-prepared for the exam.
PECB offers various training course delivery formats, from traditional classroom settings to modern, technology-driven solutions. To learn more about these formats, please click here.
Participants who attend this course must be familiar with application security concepts and have in-depth knowledge of application security principles.
Download and personalize our request letter to ask your employer for funding.
