ISTQB STE Logo

Certified Tester Security Test
Engineer (CT-STE)

Overview

The ISTQB® Certified Tester Security Test Engineer (CT-SEC) certification focuses on how security testing should be done, presenting security methodologies, standards, techniques, processes, and tools. As cyberattacks grow in frequency and sophistication, a robust engineering-focused approach to testing security is more critical than ever. Without security testing aligned to an IT system’s specific risk levels, vulnerabilities may be exploited—potentially during production—with devastating consequences. The CT-STE certification aims to bridge this gap, ensuring professionals can proactively create maximum transparency about effective security risk exposure to secure systems against emerging threats.

Find exam provider
Find training provider

Audience

The Certified Tester Security Test Engineer is aimed at anyone involved in testing IT-based systems for security. This includes people in roles such as testers, test analysts, test managers, and even software developers, as everyone in a team should care about security. This certification is also appropriate for anyone who wants a basic understanding of executing security testing activities, such as project managers, quality managers, software development managers, business analysts, operations team members, IT directors, and management consultants.

Content

ISTQB® Certified Tester – Security Test Engineer (CT-STE)

Security paradigm

Asset Security Levels

Security Audits

The Concept of Zero Trust

Open-Source Software (OSS)

Security Test Techniques

Applying Security Test Types According to a Test Context

Applying Security Testing

The Security Test
Process

The Security Test Process

Designing Security Tests

Standards and Best Practices

Introduction to Standards and Best Practices

Apply Important Standards and Best Practices for Security Testing

Leveraging Standards and Best Practices

Adjusting to the Organizational
Context

The Impact of Organizational Structures in the Context of Security Testing

The Impact of Regulations on Security Policies and How to Test Them

Analyzing an Attack Scenario

Adjusting to Software Development Lifecycle Models

The Effects from Different Software Development Models on Security Testing

Security Testing During Operations and Maintenance

Security Testing as Part of an Information Security Management System

Acceptance Criteria for Security Testing

Input for an Information Security Management System (ISMS)

Improving an ISMS by Adjusted Security Testing

Reporting Test Results

Security Test Reporting

Identifying and Analyzing Vulnerabilities

Close Identified Vulnerabilities

Security Test Tools

Categorization of Security Test Tools

Applying Security
Test Tools

Exam Structure

  • No. of Questions: 40
  • Passing Score: 28
  • Total Points: 43
  • Exam Length (mins): 75 (+25% Non-Native Language)

Business Outcomes

A candidate who has achieved the Certified Tester Security Test Engineer certification should be able to:

  • Understand the fundamental security paradigms, and their impact on security testing
  • Use and apply appropriate Security Test techniques and know their strengths and limitations
  • Contribute to planning, designing, and executing Security Test
  • Understand how Security Test standards and security best practices can be utilized for Security Test
  • Adjust and perform Security Test activities accordingly to specific organization context
  • Adjust and perform Security Test activities accordingly to specific development methods and software development lifecycles
  • Feed Security Test results into an information security management system (ISMS) for an active security risk management
  • Collect, evaluate, and aggregate test results, write a detailed test report with all evidence and findings
  • Based on a needed Security Test approach identify proper requirements for tooling and assist in the selection of Security Test tools

More Information

Training is available from Accredited Training Providers (classroom, virtual, and e-learning). We highly recommend attending accredited training as it ensures that an ISTQB® Member Board has assessed the materials for relevance and consistency against the syllabus.

Self-study, using the syllabus and recommended reading material, is also an option when preparing for the exam.

Holders of this certification may choose to proceed to other Core, Agile, or Specialist stream certifications.

Download Materials

Syllabus

006 pdf

ISTQB CT-STE Syllabus v1.0.1

369 Downloads

Sample Exams

006 pdf

ISTQB CT-STE Sample Exam Questions v1.0.1

141 Downloads
006 pdf

ISTQB CT-STE Sample Exam Answers v1.0.1

90 Downloads

Exam Structures and Rules

006 pdf

Exam Structures and Rules v1.1

178898 Downloads
006 pdf

ISTQB Exam Structure Tables v1.10

135802 Downloads