The ISTQB® Certified Tester - Security Test Engineer certification focuses on ensuring that software implementations effectively safeguard data and maintain their intended functionality.

The primary objectives of security testing include:

• Evaluating the Effectiveness of Security Controls: Assessing existing security measures to ensure they perform as intended.
• Identifying Vulnerabilities and Weaknesses: Detecting flaws that could be exploited by attackers.
• Establishing a Comprehensive Security Test Strategy: Developing a strategy that includes confirmation tests to monitor the effectiveness of software patches and long-term system upgrades.

This certification equips professionals with the knowledge and skills necessary to ensure robust security testing practices and address evolving security challenges.

The ISTQB® CT-STE syllabus addresses the key aspects of the Security Test across nine chapters:

Chapter 1: Security Paradigms

• Understand different security levels of assets and their corresponding protection level.
• Describe the role of security testing in the context of security audits.
• Understand the concept of Zero Trust.
• Exemplify the concept of Open-Source Software (OSS) reuse in software development and its impacts on security testing.

Chapter 2: Security Test Techniques

• Applying Security test types according to a test context.
• Applying Security test types according to a project and technical context

Chapter 3: The Security Test Process

• Understanding the Security Test Process.
• How to Design security tests

Chapter 4: Standards and Best Practices

• Explain different sources of test standards and best practices and their applicability.
• Apply the concepts of OWASP, CVE, and CVSS and learn how to leverage them for security testing.
• Explain Pros and Cons of test oracles used for security testing.
• Understanding Pros and Cons of using security best practices and standards.

Chapter 5: Adjusting to the Organizational Context

• The Impact of Organizational Structures in the Context of Security Test.
• The Impact of regulations on security policies and how to test them.
• Analyze an Attack Scenario.

Chapter 6: Adjusting to Software Development Lifecycle Models

• The Effects of Different Software Development Lifecycle Models.
• Security Test during maintenance.

Chapter 7: Security Testing as Part of an Information Security Management System

• Acceptance Criteria for Security Testing.
• Input for an Information Security Management System (ISMS)
• Improving an ISMS by Adjusted Security Testing.

Chapter 8: Reporting Test Results

• Security Test Reporting.
• Identifying and Analyzing Vulnerabilities.
• Close Vulnerabilities.

Chapter 9: Tooling

• Categorization of Security Test Tools.
• Selecting Security Testing Tools.

How do I obtain the ISTQB® Certified Tester-Security Test Engineer certification?

To be certified you must pass the ISTQB® Certified Tester-Security Test Engineer (Ct-STE) certification exam.

You can prepare for the exam by attending an accredited training course for ISTQB® Certified Tester-Security Test Engineer; participants will have relevant content and topics from the syllabus clearly explained and taught to them. The training covers all essential topics outlined in the ISTQB® CT-STE syllabus, including:

• Security Paradigms
• Security Test Techniques
• The Security Test Process
• Standards and Best Practices
• Adjusting to the Organizational Context
• Adjusting to Software Development Lifecycle Models
• Security Testing as Part of an Information Security Management System
• Reporting Test Results
• Tooling

It is also possible to self-study. You can test your knowledge without obligation and free of charge before taking the CT-STE online mock exam

What are the entry requirements?

To take the ISTQB® Certified Tester-Security Test Engineer exam, you must hold a valid Certified Tester Foundation Level certification (CTFL 4.0 or a previous version) and have sufficient practical experience.

How does the ISTQB® Certified Tester-Security Test Engineer certification benefit me?

With this certification:

• You will have an independent, internationally recognized certification as proof of expertise in security test engineering at a specialist level.
• You will gain a strong understanding of fundamental security paradigms and their influence on security testing.
• You will be able to use and apply appropriate security test techniques and know their strengths and limitations.
• You will be able to contribute to planning, designing, and executing security tests.
• You will gain a strong understanding of how security testing standards and security best practices can be utilized for security testing.
• You will be able to adjust and perform security testing activities according to specific organization context.
• You will be able to adjust and perform security testing activities according to specific development methods and software development lifecycles.
• You will be able to feed security testing results into an information security management system (ISMS) for active security risk management.
• You will be able to collect, evaluate, and aggregate test results, and write a detailed test report which includes all evidence and findings.
• You will be able to determine the required security testing approach, identify appropriate requirements for tooling, and assist in selecting security testing tools.

Who is this certification for?

The ISTQB® Certified Tester-Security Test Engineer certification is designed for professionals involved in software testing and quality assurance who want to deepen their expertise in security testing. This certification is ideal for individuals seeking to enhance their skills in identifying vulnerabilities, verifying security controls, and ensuring secure software development practices. This certification will be a great benefit for people working in roles such as:

• Software Test Engineers looking to specialize in security testing.
• Security Analysts who want to integrate testing methodologies into security practices.
• Developers interested in understanding security testing principles.
• QA Specialists aiming to ensure applications are secure and function as intended.
• Test Managers or Leads responsible for implementing security testing strategies.
• IT Security Professionals who collaborate with testing teams to address security vulnerabilities.

What other certifications can you recommend?

ISTQB® Specialist

• ISTQB® Certified Tester - Acceptance Testing (CT-AcT)
• ISTQB® Certified Tester - AI Testing (CT-AI)
• ISTQB® Certified Tester - Automotive Software Tester (CT-AuT)
• ISTQB® Certified Tester - Game Testing (CT-GaMe)
• ISTQB® Certified Tester - Gambling Industry Tester (CT-GT)
• ISTQB® Certified Tester - Mobile Application Testing (CT-MAT)
• ISTQB® Certified Tester - Model-Based Testing (CT-MBT)
• ISTQB® Certified Tester - Performance Testing (CT-PT)
• ISTQB® Certified Tester - Security Tester (CT-SEC)
• ISTQB® Certified Tester - Test Automation Strategy (CT-TAS)
• ISTQB® Certified Tester - Usability Testing (CT-UT)
• ISTQB® Certified Tester Agile Test Leadership at Scale (CT-ATLaS)

ISTQB® Agile

• ISTQB® Certified Tester Foundation Level – Agile Tester (CTFL-AT)
• ISTQB® Certified Tester Advanced Level - Agile Technical Tester (CTAL-ATT)

ISTQB® Advanced Level

• ISTQB® Certified Tester Advanced Level - Test Analyst (CTAL-TA)
• ISTQB® Certified Tester Advanced Level - Test Manager v3.0 (CTAL-TM)
• ISTQB® Certified Tester Advanced Level - Technical Test Analyst (CTAL-TTA)
• ISTQB® Certified Tester Advanced Level – Test Automation Engineering v2.0

ISTQB® Expert Level

• ISTQB® Certified Tester Expert Level - Assessing the Test Process (CTEL-ITP-ATP)
• ISTQB® Certified Tester Expert Level - Implementing Test Process Improvements (CTEL-ITP-ITPI)
• ISTQB® Certified Tester Expert Level Test Management Strategic Test Management (CTEL-TM-SM)
• ISTQB® Certified Tester Expert Level Test Management Operational Test Management (CTEL-TM-OTM)
• ISTQB® Certified Tester Expert Level Test Management Managing the Test Team (CTEL-TM-MTT)