Certified Tester Security Test Engineer (CT-STE)
The ISTQB® Certified Tester Security Test Engineer (CT-STE) certification focuses on how security testing should be done, presenting security methodologies, standards, techniques, processes, and tools. As cyberattacks grow in frequency and sophistication, a robust engineering-focused approach to testing security is more critical than ever. Without security testing aligned to an IT system’s specific risk levels, vulnerabilities may be exploited—potentially during production—with devastating consequences. The CT-STE certification aims to bridge this gap, ensuring professionals can proactively create maximum transparency about effective security risk exposure to secure systems against emerging threats.
Audience
The Certified Tester Security Test Engineer is aimed at anyone involved in testing IT-based systems for security. This includes people in roles such as testers, test analysts, test managers, and even software developers, as everyone in a team should care about security. This certification is also appropriate for anyone who wants a basic understanding of executing security testing activities, such as project managers, quality managers, software development managers, business analysts, operations team members, IT directors, and management consultants.
Content
No. of Questions: 45- Total Points: 80
- Passing Score: 52
- Exam Length (mins): 120
Exam Structure
Business Outcomes
- Advanced Level testers who have passed the “Advanced Security Tester” module exam should be able to accomplish the following Business Objectives:
- Plan, perform and evaluate security tests from a variety of perspectives – policy-based, risk-based, standards-based, requirements-based and vulnerability-based.
- Align security test activities with project lifecycle activities.
- Analyze the effective use of risk assessment techniques in a given situation to identify current and future security threats and assess their severity levels.
- Evaluate the existing security test suite and identify any additional security tests.
- Analyze a given set of security policies and procedures, along with security test results, to determine effectiveness.
- For a given project scenario, identify security test objectives based on functionality, technology attributes and known vulnerabilities.
- Analyze a given situation and determine which security testing approaches are most likely to succeed in that situation.
- Identify areas where additional or enhanced security testing may be needed.
- Evaluate effectiveness of security mechanisms.
- Help the organization build information security awareness.
- Demonstrate the attacker mentality by discovering key information about a target, performing actions on a test application in a protected environment that a malicious person would perform, and understand how evidence of the attack could be deleted.
- Analyze a given interim security test status report to determine the level of accuracy, understandability, and stakeholder appropriateness.
- Analyze and document security test needs to be addressed by one or more tools.
- Analyze and select candidate security test tools for a given tool search based on specified needs.
- Understand the benefits of using security testing standards and where to find them.
More Information
Training is available from Accredited Training Providers (classroom, virtual, and e-learning). We highly recommend attending accredited training as it ensures that an ISTQB® Member Board has assessed the materials for relevance and consistency against the syllabus. Self-study, using the syllabus and recommended reading material, is also an option when preparing for the exam. Holders of this certification may choose to proceed to other Core, Agile, or Specialist stream certifications.
