To achieve the professional designation of ISTQB Certified Tester Security Test Engineer from the ISTQB, candidates must clear the CT-STE Exam with the minimum cut-off score. For those who wish to pass the ISTQB Security Test Engineer certification exam with good percentage, please take a look at the following reference document detailing what should be included in ISTQB CT - Security Test Engineer Exam preparation.
The ISTQB CT-STE Exam Summary, Body of Knowledge (BOK), Sample Question Bank and Practice Exam provide the basis for the real ISTQB Certified Tester - Security Test Engineer (CT-STE) exam. We have designed these resources to help you get ready to take ISTQB Certified Tester Security Test Engineer (CT-STE) exam. If you have made the decision to become a certified professional, we suggest you take authorized training and prepare with our online premium ISTQB Security Test Engineer Practice Exam to achieve the best result.
ISTQB CT-STE Exam Summary:
| Exam Name | ISTQB Certified Tester Security Test Engineer |
| Exam Code | CT-STE |
| Exam Fee | USD $249 |
| Exam Duration | 75 Minutes |
| Number of Questions | 40 |
| Passing Score | 28/43 |
| Format | Multiple Choice Questions |
| Schedule Exam | Pearson VUE |
| Sample Questions | ISTQB CT - Security Test Engineer Exam Sample Questions and Answers |
| Practice Exam | ISTQB Certified Tester - Security Test Engineer (CT-STE) Practice Test |
ISTQB Security Test Engineer Syllabus Topics:
| Topic | Details |
|---|---|
Security Paradigms – 135 minutes (K3) |
|
| Asset Security Levels |
- Explain different security levels of assets and their corresponding protection level - Explain the relationship between information sensitivity and security testing |
| Security Audits | - Describe the role of security testing in the context of security audits |
| The Concept of Zero Trust |
- Explain the concept of zero trust - Apply the zero trust in security testing |
| Open-Source Software |
- Exemplify the concept of open-source software reuse in software development and its impact on security testing
|
Security Test Techniques - 150 minutes (K3) |
|
| Applying Security Test Types According to a Test Context |
- Give examples for security test types according to a black-box, white-box and greybox security context
- Give examples for security test types according to static security testing or dynamic security testing
|
| Applying Security Test Types According to a Project and Technical Context |
- Apply security test cases, based on a given security test approach, along with identified functional and structural security risks
- Describe how to test reconciliation and recertification for identities and permissions
- Describe how to test identity and access management control - Describe how to test data protection control - Describe how to test protective technologies |
The Security Test Process - 120 minutes (K3) |
|
| The Security Test Process |
- Explain different activities, tasks, and responsibilities within a security test process
- Understand the key elements and characteristics of an effective security test environment |
| Designing Security Tests for Test Levels |
- Give examples for security tests on the component test level based on a given code base
- Give examples for security tests on the component integration level based on a given design specification - Implement an end-to-end security test which validates one or more security requirements related to one or more business processes |
Security Testing Standards and Best Practices - 195 minutes (K3) |
|
| Introduction to Security Standards and Best Practices | - Explain different sources of standards and best practices and their applicability |
| Apply Important Standards and Best Practices for Security Testing |
- Apply the concept of the Open Web Application Security Project, Common Vulnerability Enumeration, Common Weakness Enumeration, the Common Vulnerability Scoring System and the Common Weakness Scoring System and how to leverage them for security testing
|
| Leveraging Security Testing Standards and Best Practices |
- Explain the advantages and disadvantages of test oracles used for security testing
- Understand the advantages and disadvantages of using security best standards and best practices |
Adjusting Security Testing to the Organizational Context - 195 minutes (K4) |
|
| The Impact of Organizational Structures in the Context of Security Test |
- Analyze a given organizational context and determine which specific aspects to consider for security testing
|
| The Impact of Regulations on Security Policies and How to Test Them | - Analyze the impact of regulations on security policies and how to test them |
| Analyze an Attack Scenario | - Analyze an attack scenario and identify possible sources and motivation of the attack |
Adjusting Security Testing to Software Development Lifecycle Models - 165 minutes (K4) |
|
| The Effects of Different Software Development Lifecycle Models on Security Testing |
- Summarize why security testing activities should cover the software development lifecycle
- Analyze how security testing activities are impacted by different software development lifecycle models |
| Security Testing During Maintenance |
- Define and perform security regression tests and confirmation tests based on a change to a system
- Analyze security test results to determine the nature of a vulnerability and its potential technical impact |
Security Testing as Part of an Information Security Management System - 105 minutes (K3) |
|
| Acceptance Criteria for Security Testing |
- Understand acceptance criteria of security testing and how they influence selecting security testing approaches and test techniques
|
| Input for an Information Security Management System |
- Understand the role of security testing for an effective information security management system
|
| Improving an Information Security Management System by Adjusting Security Testing |
- Evaluate information security management system maturity by bringing in different test approaches, new test objects or improved coverage
- Understand measurability within an information security management system
|
Reporting Security Test Results - 135 minutes (K3) |
|
| Security Test Reporting |
- Understand the criticality of security test results and how this affects their handling and communication
|
| Identifying and Analyzing Vulnerabilities | - Evaluate test results from a given security test to identify vulnerabilities |
| Close Vulnerabilities | - Evaluate different techniques for closing identified vulnerabilities |
Security Testing Tools - 90 minutes (K3) |
|
| Categorization of Security Testing Tools | - Analyze different use cases and apply categorizations for security testing tools |
| Selecting Security Testing Tools |
- Understand the usage and concepts of dynamic security testing tools - Understand the usage and concepts of static security testing tools |
Both ISTQB and veterans who’ve earned multiple certifications maintain that the best preparation for a ISTQB CT-STE professional certification exam is practical experience, hands-on training and practice exam. This is the most effective way to gain in-depth understanding of ISTQB CT - Security Test Engineer concepts. When you understand techniques, it helps you retain ISTQB Security Test Engineer knowledge and recall that when needed.