Security Tester
- Audience
- Contents
- Business Outcomes
- Learning Objectives
- Syllabus
- Exam Structure
- Materials for Download
Audience
The Advanced Level Security Tester qualification is aimed at people who have already achieved an advanced point in their careers in software testing and wish to develop further their expertise in security testing. The modules offered at the Advanced Level cover a wide range of testing topics.
What are the entry criteria?
To receive Advanced Level certification in the module “Security Tester”, candidates must hold a valid Certified Tester Foundation Level certificate and have sufficient practical experience to be certified at Advanced Level, which should be not less than 3 (three) years of relevant academic, practical, or consulting experience. Refer to the relevant Exam Board to determine the specific practical experience criteria.
Contents
The following image demonstrates the contents of the Advanced Security Tester syllabus:
Business Outcomes
Advanced Level testers who have passed the “Advanced Test Automation Engineer” module exam should be able to accomplish the following Business Objectives:
- Plan, perform and evaluate security tests from a variety of perspectives.
- Evaluate an existing security test suite and identify any additional security tests needed.
- Analyze a given set of security policies and procedures, along with security test results, to determine effectiveness.
- For a given project scenario, identify security test objectives based on functionality, technology attributes and known vulnerabilities.
- Analyze a given situation and determine which security testing approaches are most likely to succeed in that situation.
- Identify areas where additional or enhanced security testing may be needed.
- Evaluate effectiveness of security mechanisms.
- Help the organization build information security awareness.
- Demonstrate the attacker mentality by discovering key information about a target, performing actions on a test application in a protected environment that a malicious person would perform, and understand how evidence of the attack could be deleted.
- Analyze a given interim security test status report to determine the level of accuracy, understandability, and stakeholder appropriateness.
- Analyze and document security test needs to be addressed by one or more tools.
Learning Objectives
Certified Advanced Security Testers should be able to demonstrate their skills in the following areas:
- Plan, perform and evaluate security tests from a variety of perspectives.
- Evaluate an existing security test suite and identify any additional security tests needed.
- Analyze a given set of security policies and procedures, along with security test results, to determine effectiveness.
- For a given project scenario, identify security test objectives based on functionality, technology attributes and known vulnerabilities.
- Analyze a given situation and determine which security testing approaches are most likely to succeed in that situation.
- Identify areas where additional or enhanced security testing may be needed.
- Evaluate effectiveness of security mechanisms.
- Help the organization build information security awareness.
- Demonstrate the attacker mentality by discovering key information about a target, performing actions on a test application in a protected environment that a malicious person would perform, and understand how evidence of the attack could be deleted.
- Analyze a given interim security test status report to determine the level of accuracy, understandability, and stakeholder appropriateness.
- Analyze and document security test needs to be addressed by one or more tools.
Syllabus
The Advanced Level Security Tester is based on the Advanced Level Security Tester ISTQB® Syllabus.
The International Software Testing Qualifications Board (ISTQB®) provides it to the national examination bodies for them to accredit the training providers and to derive examination questions in their local language.
Training providers will produce courseware and determine appropriate teaching methods for accreditation, and the syllabus will help candidates in their preparation for the examination.
The Advanced Level Security Tester Syllabus is available in Materials for download section.
Exam Structure
The Advanced Security Tester exam is comprised of 45 multiple choice questions, with a pass mark grade of 65% to be completed within 120 minutes. Participants that take the exam not in their spoken language, will receive additional 25% time, and will have 30 minutes more, or a total of 150 min.
| Module | Number of questions | Exam length (minutes) | Exam length +25% (minutes) |
|---|---|---|---|
| Advanced Level Security Tester | 45 | 120 | 150 |
Accredited training providers
Exams may be taken as part of a course delivered by an Accredited Training Provider or taken independently at an examination center or in a public exam.
The typical duration of the Advanced Security Tester Certification Training offered by an Accredited Training Provider is 3 days. Completion of an accredited training course is not a prerequisite for participating to the exam.
Please refer to the Web Sites of the ISTQB® Member Boards and ISTQB® Accredited Training Providers for exam and training availability.
Materials for Download
Syllabus Documents:
 |
Advanced Security Tester Syllabus - GA 2016 | Size 1.7 MB |
|
Exam Documents:
|
Advanced Security Sample Exam - Questions | Size 182.85 KB |
|
|
Advanced Security Sample Exam - Answers | Size 128.1 KB |
|
|
ISTQB Exam Structures and Rules |
|
|
ISTQB Exam Structure Tables |
|
General Files:
|
ISTQB CTAL-SEC- Overview - 2016 | Size 280.35 KB |
|