The ISTQB Certified Tester Security Tester (CT-SEC) course develops the skills needed to design and evaluate effective security testing across the software development lifecycle. The course covers risk-based security testing, vulnerability identification, human factors and security testing tools. By building practical security testing capability, you will be better equipped to identify security risks and strengthen system resilience.
ISTQB Certified Tester Security Tester (CT-SEC)
Master advanced security testing techniques
Designed for experienced testers and security professionals, the course develops advanced security testing capability. You’ll explore security testing strategies, risk-based testing approaches and vulnerability analysis across the software lifecycle. These skills enable you contribute to secure software development and support the delivery of more resilient systems.
Learning objectives
- Identify human factors creating security vulnerabilities
- Recognise risks from insider and external threats
- Evaluate the effectiveness of existing security controls
- Apply a broader, risk-based security testing approach
- Reduce over-reliance on technology in testing
- Integrate security earlier in the development lifecycle
- Explain the impact of limited organisational security awareness
Key facts
Certification
ISTQB Certified Tester Security Tester (CT-SEC).
Who it’s for
This course is designed for experienced software testers, QA professionals and security specialists who want to develop deeper expertise in security testing across modern development environments.
Prerequisites
Learners require the ISTQB Certified Tester Foundation Level qualification alongside a recommended three years’ practical testing experience.
Exam information
2 hours duration, 45 multiple-choice questions, with a 60% pass mark.
Optional extras
Pass Protect.
Pre-course
No pre-course work required.
Course syllabus
- Module 1 – The basis of security testing
- Security risks
- Information security policies and procedures
- Auditing and its role in security testing
- Module 2 - Security testing purposes, goals and strategies
- Introduction
- The purpose of security testing
- The organisational context
- Security testing objectives
- The scope and coverage of security testing objectives
- Security testing approaches
- Improving the security testing practices
- Module 3 – Security testing processes
- Security test process definition
- Security test planning
- Security test design
- Security test execution
- Security test evaluation
- Security test maintenance
- Module 4 – Security testing throughout the software lifecycle
- Role of security testing in a software lifecycle
- The role of security testing in requirements
- The role of security testing in design
- The role of security testing in implementation activities
- The role of security testing in system and acceptance test activities
- The role of security testing in maintenance
- Module 5 – Testing security mechanisms
- System hardening
- Authentication and authorisation
- Encryption
- Firewalls and network zones
- Intrusion detection
- Malware scanning
- Data obfuscation
- Module 6 – Human factors in security testing
- Understanding the attackers
- Social engineering
- Security awareness
- Module 7 – Security test evaluation and reporting
- Security test evaluation
- Security test reporting
- Module 8 – Security testing tools
- Security testing tool types and purposes
- Tool selection
- Module 9 – Standards and industry trends
- Understanding security testing standards
- Applying security standards
- Industry trends
FAQs
The ISTQB Certified Tester Security Tester course helps experienced testers develop advanced knowledge of security testing principles, tools and strategies. The course examines the effectiveness of your organisations existing controls and enables you to integrate security early in development, while developing a broader, risk-based approach to security testing.
What job roles is the ISTQB Security Tester certification suitable for?
The ISTQB Certified Tester Security Tester (CT-SEC) certification is designed for professionals involved in software testing and application security. It is particularly relevant for software testers, QA engineers, security testers, test analysts and test managers who need to evaluate security risks and vulnerabilities within systems.
What are the prerequisites for this ISTQB security tester course?
To take the ISTQB Certified Tester Security Tester (CT-SEC) exam, candidates are required to hold the ISTQB Foundation Level (CTFL) qualification. The course is designed for experienced testing professionals who already understand core software testing principles. Three years’ practical software testing experience is also required, as it helps you apply the testing approaches and threat analysis covered during the course.
How do I book the ISTQB Certified Tester Security Tester exam?
The exam for this course is taken at a Pearson VUE testing centre, with locations available worldwide. You will receive an online exam voucher prior to your course start date, which enables you to book your test at a convenient time and centre. Make sure you schedule and complete the exam before the voucher expiry date and bring valid photo ID on the day of your test.
What our customers say
Great and insightful course. It was a heavy amount of content was was presented well over the 4 days. Thanks for John for being a great trainer and bringing the examples to life.
Sheena Pem
Certified Tester Security Tester (CT-SEC)
Certified Tester Security Tester (CT-SEC)
The course was in-depth introduction across all the aspects of security testing. As such it was purposeful. I would appreciate more expert-level course almost solely focusing on discussions and exercises of real-life scenarios with intent of exchanging expert-level know-how.
Tomáš Martinec
Certified Tester Security Tester (CT-SEC)
Certified Tester Security Tester (CT-SEC)
Informative, lots of information to go through though
Michelle Mabasa
Certified Tester Security Tester (CT-SEC)
Certified Tester Security Tester (CT-SEC)
good but would have preferde on site training
Eivind Berntsen
Certified Tester Security Tester (CT-SEC)
Certified Tester Security Tester (CT-SEC)
I've found this to be a very informative and eye-opening course - John was an excellent trainer and I was very fortunate to be the only participant in this course. Excellent referencing of the course materials and personal experience/references as well to put information into context.
Dave Harding
Certified Tester Security Tester (CT-SEC)
Certified Tester Security Tester (CT-SEC)
Very informative and John did a great job of breaking down the content and ensuring that the group were following, engaged and 'ok' :)
Claire Penswick
Certified Tester Security Tester (CT-SEC)
Certified Tester Security Tester (CT-SEC)
Very well put together & delivered.
Sandra Kasa
Certified Tester Security Tester (CT-SEC)
Certified Tester Security Tester (CT-SEC)
John delievered the content great. Easy to understand the course content with it being delivered in digestable chunks with context and explanations alongside real life examples instead of just from slides.
Trusted Customer
Certified Tester Security Tester (CT-SEC)
Certified Tester Security Tester (CT-SEC)
Very informative, knowledgeable
Trusted Customer
Certified Tester Security Tester (CT-SEC)
Certified Tester Security Tester (CT-SEC)
Informative with lots of useful information and examples derived from previous projects
Dukhbhanjan Jutla
Certified Tester Security Tester (CT-SEC)
Certified Tester Security Tester (CT-SEC)
Why study with TSG?
25+ years' experience
Trusted by individuals, businesses and public sector organisations for over 25 years.
20,000+ learners trained
Join a network of learners focused on developing their software testing skills
98% customer satisfaction
TSG trainers are frequently rated as ‘good’ or ‘excellent’ by our learners