ISTQB Certified Tester Security Test Engineer (CT-STE)
ISTQB Certified Tester Security Test Engineer (CT-STE)
ISTQB Certified Tester Security Test Engineer (CT-STE)
The ISTQB Certified Tester Security Test Engineer (CT-STE) is a globally recognized specialist certification that equips testing professionals with the knowledge, skills, and methodologies required to plan, design, and execute security testing activities across complex IT environments. The CT-STE certification addresses the full security testing lifecycle, from understanding security paradigms and risk exposure through to vulnerability reporting and tool selection. By obtaining this certification, professionals demonstrate their ability to contribute proactively to an organization's security posture, creating maximum transparency around effective security risk exposure and enabling the defense of systems
Who should take the exam?
The CT-STE certification is designed for any professional involved in testing the security of IT-based systems. It is particularly suited to the following roles:
- Software Testers and Test Analysts seeking to specialize in security testing
- Test Managers are responsible for overseeing security test activities
- Software Developers who wish to integrate security awareness into their development practice
- Project Managers and Business Analysts requiring a foundational understanding of security testing
- Quality Managers and Software Development Managers oversee quality and security programs
- IT Directors, Operations Team Members, and Management Consultants advising on security posture
Exam Prerequisites
Candidates are required to hold the ISTQB® Certified Tester Foundation Level (CTFL) certification prior to sitting the CT-STE examination. This prerequisite ensures that candidates possess a sound foundational understanding of software testing principles before specializing in the security domain.
Holders of the CT-STE certification may choose to progress further within the ISTQB® certification framework.
Knowledge Gained
- Understanding of core security paradigms and their influence on security testing
- Asset classification, security levels, Zero Trust principles, and OSS security risks
- How to plan, design, and execute security tests aligned to risk levels
- Evaluating the effectiveness of existing security controls
- Identifying and classifying vulnerabilities and weaknesses in IT systems
- Building a comprehensive security test strategy including confirmation and regression tests
- Adapting security testing to different organizational structures and regulatory environments
- Aligning security testing with SDLC models (Agile, DevOps, Waterfall, Maintenance)
- Applying international standards and best practices — ISO/IEC 27001, OWASP, and others
- Feeding security test results into an Information Security Management System (ISMS)
- Writing detailed security test reports with findings, evidence, and vulnerability tracking
- Selecting and applying the right security test tools for a given context
Course Outline
The ISTQB Certified Tester Security Test Engineer (CT-STE) Exam covers the following topics -
- Domain 1 - Understand Security Paradigm
- Domain 2 - Understand Security Test Techniques
- Domain 3 - Understand the Security Test Process
- Domain 4 - Understand Standards and Best Practices
- Domain 5 - Understand Adjusting to the Organizational Context
- Domain 6 - Understand Adjusting to Software Development Lifecycle Models
- Domain 7 - Understand Security Testing as Part of an Information Security Management System
- Domain 8 - Understand Reporting Test Results
- Domain 9 - Understand Security Test Tools
Exam Format and Information
Exam Name A4Q Selenium Tester Foundation | Exam Online Proctored |
| Exam Duration 75 minutes | Exam Format Multiple Choice |
| Exam type Foundation | Number of Questions 40 Questions |
| Eligibility/Prerequisite NIL | Total Available Points 43 Points |
| Exam Language English | Pass Score 28 points (Minimum required to pass) |