Course Summary

The ISTQB Security Tester (CT-SEC) certification focuses on planning, performing, and evaluating security tests from multiple perspectives including risk, requirements, vulnerability, and human factors. It also covers security testing tools and standards.

• Plan, perform and evaluate security tests from a variety of perspectives – policy-based, risk-based, standards-based, requirements-based and vulnerability-based.
• Align security test activities with project lifecycle activities.
• Analyze the effective use of risk assessment techniques in a given situation to identify current and future security threats and assess their severity levels.
• Evaluate the existing security test suite and identify any additional security tests.
• Analyze a given set of security policies and procedures, along with security test results, to determine effectiveness.
• For a given project scenario, identify security test objectives based on functionality, technology attributes and known vulnerabilities.
• Analyze a given situation and determine which security testing approaches are most likely to succeed in that situation.
• Identify areas where additional or enhanced security testing may be needed.
• Evaluate the effectiveness of security mechanisms.
• Help the organization build information security awareness.
• Demonstrate the attacker mentality by discovering key information about a target, performing actions on a test application in a protected environment that a malicious person would perform, and understanding how evidence of the attack could be deleted.
• Analyze a given interim security test status report to determine the level of accuracy, understandability, and stakeholder appropriateness.
• Analyze and document security test needs to be addressed by one or more tools.
• Analyze and select candidate security test tools for a given tool search based on specified needs.
• Understand the benefits of using security testing standards and where to find them.