The Specialist Level Security Tester qualification is aimed at people who have already achieved an advanced point in their careers in software testing and wish to develop further their expertise in security testing. The modules offered at the Specialist Level cover a wide range of testing topics.
What are the entry criteria?
To get the Specialist Level certification, candidates must hold the Foundation Certificate and have sufficient practical experience.
Certified Specialist Security Testers should be able to demonstrate their skills in the following areas:
Plan, perform and evaluate security tests from a variety of perspectives.
Evaluate an existing security test suite and identify any additional security tests needed.
Analyze a given set of security policies and procedures, along with security test results, to determine effectiveness.
For a given project scenario, identify security test objectives based on functionality, technology attributes and known vulnerabilities.
Analyze a given situation and determine which security testing approaches are most likely to succeed in that situation.
Identify areas where additional or enhanced security testing may be needed.
Evaluate effectiveness of security mechanisms.
Help the organization build information security awareness.
Demonstrate the attacker mentality by discovering key information about a target, performing actions on a test application in a protected environment that a malicious person would perform, and understand how evidence of the attack could be deleted.
Analyze a given interim security test status report to determine the level of accuracy, understandability, and stakeholder appropriateness.
Analyze and document security test needs to be addressed by one or more tools.
Specialist Level Security Tester Contents
Security Risks
Information Security Policies and Procedures
Security Auditing and Its Role in Security Testing
The Purpose of Security Testing
The Organizational Context
Security Testing Objectives
The Scope and Coverage of Security Testing Objectives
Security Testing Approaches
Improving the Security Testing Practices
Security Test Process Definition
Security Test Planning
Security Test Design
Security Test Execution
Security Test Evaluation
Security Test Maintenance
The Role of Security Testing in a Software Lifecycle
The Role of Security Testing in Requirements
The Role of Security Testing in Design
The Role of Security Testing in Implementation Activities
The Role of Security Testing in System and Acceptance Test Activities
The Role of Security Testing in Maintenance
System Hardening
Authentication and Authorization
Encryption
Firewalls and Network Zones
Intrusion Detection
Malware Scanning
Data Obfuscation
Training
Understanding the Attackers
Social Engineering
Security Awareness
Security Test Evaluation
Security Test Reporting
Types and Purposes of Security Testing Tools
Tool Selection
Understanding Security Testing Standards
Applying Security
Industry Trends
Specialist Level Security Tester Exam Structure
The Specialist Level Security Tester certification exam is held in a digital form, as well as remotely(online) in English. The Specialist Security Tester exam is comprised of 45 multiple choice questions, with a pass mark grade of 65% to be completed within 120 minutes. Participants that take the exam not in their spoken language, will receive additional 25% time, and will have 30 minutes more, or a total of 150 min.