The specialised ISTQB Certified Tester Security Test Engineer (CT-STE) course explores how security testing should be designed and applied across software delivery environments. You’ll build knowledge of the methods, standards, techniques and tools used to plan and carry out effective security tests. The course helps software testing professionals strengthen their ability to identify vulnerabilities and support more secure software delivery within the workplace.
ISTQB Certified Tester Security Test Engineer (CT-STE)
Advanced security testing skills
This three-day course is designed for professionals involved in testing IT-based systems for security. It focuses on the execution of security testing activities, helping you understand the appropriate tools to use and how to report findings within different development contexts. You’ll also learn how to feed results into wider risk management processes, including an information security management system. This makes it particularly relevant if you want to build capability in security test execution and contribute more effectively to secure software delivery.
Learning objectives
- Understand the principles and terminology used in ISTQB security testing
- Apply security testing techniques including penetration testing and vulnerability scanning
- Analyse security risks using threat modelling and risk-based testing approaches
- Design security test plans aligned to organisational risk and compliance requirements
- Select and use appropriate security testing tools within software delivery environments
- Interpret and communicate security test results to stakeholders
- Apply relevant security standards including OWASP and ISO 29119
- Integrate security testing practices across the software development lifecycle
- Support continuous improvement of security testing within your organisation
Key facts
Certification
ISTQB Certified Tester Security Test Engineer (CT-STE)
Who it’s for
This course is suitable for software testers, test analysts, quality professionals and technical professionals involved in security testing activities.
Prerequisites
Learners must hold ISTQB Foundation Level certification before taking this exam.
Exam information
75-minute, 40-question exam with a 65% pass mark.
Optional extras
Pass Protect.
Pre-course
There is no pre-course work for this course.
Course syllabus
The CT-STE syllabus covers the following topics, as defined by the official ISTQB curriculum.
- Security paradigms
- Asset security levels
- Security audits
- Zero trust concepts
- Open-source software
- Security test techniques
- Security test types
- Applying security testing
- Security test design
- Security test process
- Security test process activities
- Designing security tests
- Test execution considerations
- Standards and best practices
- Security testing standards
- Applying best practices
- Leveraging standards
- Organisational context
- Organisational structures
- Security policies and regulations
- Attack scenario analysis
- Software development lifecycle
- Development lifecycle models
- Security testing in operations
- Maintenance activities
- Information security management
- Information security management systems
- Acceptance criteria
- Improving security testing processes
- Reporting and vulnerabilities
- Security test reporting
- Vulnerability analysis
- Vulnerability management
- Security test tools
- Security testing tool categories
- Applying security testing tools
FAQs
This course explores practical approaches to assessing software for security risks across the development lifecycle. You will develop knowledge of security testing techniques, processes, reporting practices and standards aligned to the official ISTQB certification, helping you identify vulnerabilities and improve risk visibility.
Is this course suitable for experienced software testers?
Yes. The course is designed for professionals looking to build specialist knowledge in security testing. It is particularly relevant for experienced testers, test analysts and quality professionals working within complex or risk-heavy development environments.
How does the CT-STE course prepare me for the certification exam?
The course is aligned to the official ISTQB syllabus and explores the key concepts assessed within the certification exam. You will build the knowledge needed to prepare for the assessment while developing practical security testing capabilities that can be applied immediately in your day-to-day role.
Does the course cover web application security testing?
The course explores security testing approaches that can be applied across different software systems, including web applications. Topics include vulnerability analysis, attack scenarios, security risks and security-focused testing techniques.
Is the CT-STE certification recognised internationally?
Yes. The ISTQB Certified Tester Security Test Engineer certification is part of the internationally recognised ISTQB certification scheme. It demonstrates specialist knowledge of security testing practices used by software delivery teams.
What our customers say
"Course was well structured and had plenty of exercises (both group and individual). Although there were a few corrections that needed to be made on the materials themselves."
Dan Allen Delos Santos, Test Engineer, Everyone TV
"Great course! Bill was very approachable and informative. He made it interesting with real world examples and anecdotes. He made it clear what areas were examinable but kept a focus on the training being used for real testing, rather than just passing a test."
Chris Gibbons, Calculations Analyst, Phoenix (Standard Life)
Why study with TSG?
25+ years' experience
Trusted by individuals, businesses and public sector organisations for over 25 years.
20,000+ learners trained
Join a network of learners focused on developing their software testing skills
98% customer satisfaction
TSG trainers are frequently rated as ‘good’ or ‘excellent’ by our learners