- Professionals who want to upgrade their knowledge on Advanced Software Security Testing,
- Software Testers who want to expand their knowledge of security testing,
- Security testers who wish to obtain an advanced certification to solidify their knowledge,
- Security administrators who want to learn more about how to test the security defenses in their organization, and
- Anyone who wants to learn more about security testing at an Advanced Level.
Certification Details
Certified Advanced Software Security Tester (CASST)
Overview
The Certified Advanced Software Security Tester (CASST)™ is an elite credential designed for specialists tasked with securing highly complex software ecosystems and critical infrastructure. Moving beyond foundational concepts, this certification focuses on sophisticated testing practices and advanced threat analysis to uncover deep-seated vulnerabilities that standard testing often misses. By emphasizing the integration of security at every stage of the software development lifecycle, the CASST ensures that applications are architected, tested, and deployed with a proactive defense posture capable of withstanding the most sophisticated of modern cyber threats.
The program offers an exhaustive curriculum covering advanced techniques such as deep-dive penetration testing, threat modeling, and secure architecture assessments, with a specific focus on API and microservices security. Candidates gain specialized expertise in evaluating security within modern, high-velocity environments, including cloud-native, containerized, and DevSecOps-driven ecosystems. By bridging the gap between technical execution and organizational objectives, the certification also addresses critical compliance mandates, risk management, and incident response, empowering professionals to lead comprehensive security initiatives that align with the broader strategic goals of the enterprise.
Pre-requisites:
Before a candidate can pursue the Certified Advanced Software Security Tester (CASST), he or she must hold Certified Software Security Tester (CSST) or equivalent certification. The purpose is to make sure the candidate already have good understanding of the test process, the test design techniques and test planning.
E-Course Duration: 20 to 25 Hours
Exam Information
The exam comprises of 40 Multiple Choice Questions out of which the candidate needs to score 70% (28 out of 40 correct) to pass the exam.
The total duration of the exam is 1 hour (60 Minutes).
- The exam is conducted in AI-proctored mode and can be taken anytime, anywhere within an eight-month validity period.
- Upon purchasing the Premium Package or an Exam Voucher Code, a voucher code with two attempts will be assigned to your login profile under the "My Vouchers" tab. You can then take the exam through the "My Exam(s)" tab in your profile. To take the exam, simply apply the voucher code.
- The Exam Voucher included in the Premium Package or purchased separately is valid for two (2) attempts. If you are unable to pass the exam within these two attempts, you can purchase a new voucher code, which will grant you an additional two attempts.
- Kindly Note: The voucher will not be valid for a second attempt if you pass the exam on your first attempt.
Certified Advanced Software Security Tester (CASST)™ Certificate is valid for life.
CASST™ is a Trademark of ITQMA.
Note: The Certified Advanced Software Security Tester (CASST)™ Certification has a pre-requisite (Completion of an E-Course is mandatory from ITQMA) as maximum number of questions are drawn from the E-Course in the actual exam.
Pre-requisites: Candidate must achieve the Certified Software Security Tester (CSST) or equivalent certification.
Course Outline
Module Information - 1
- Module 1 - Improving the Security Testing Practices
- Module 2 - Security Test Process Definition
- Module 3 - Lifecycle Alignment and Security Testing Tasks
- Module 4 - Security Test Planning
- Module 5 - Security Test Design
- Module 6 - Implementing Policy-Based Security Tests
- Module 7- Security Test Execution
- Module 8 - Security Test Evaluation
- Module 9 - Security Test Maintenance
- Module 10 - Role of Security Testing in a Lifecycle
- Module 11 - The Role of Security Testing in Design
- Module 12 - The Role of Security Testing in Implementation Activities
- Module 13 - Component Test Analysis & Design
Module Information - 2
- Module 14 - Analyzing Component Test Results
- Module 15 - Component Integration Test Analysis & Design
- Module 16 - The Role of Security Testing in System and Acceptance Test Activities
- Module 17 - Definition of Security-Oriented Acceptance Criteria
- Module 18 - The Role of Security Testing in Maintenance
- Module 19 - Testing the Effectiveness of System Hardening
- Module 20 - Authentication and Authorization
- Module 21 - Firewalls and Network Zones
- Module 22 - Encryption, Intrusion Detection, Malware Scanning and Data Obfuscation
- Module 23 - Training
- Module 24 - Security Awareness
- Module 25 - Attack Motivations
- Module 26 - Social Engineering and Security Awareness
Module Information - 3
- Module 27 - Revising Security Expectations
- Module 28 - Security Test Reporting
- Module 29 - Reporting Security Test Status
- Module 30 - Reporting Security Test Results
- Module 31 - Types and Purposes of Security Test Tools
- Module 32 - Tool Selection
- Module 33 - Open Source Tools
- Module 34 - Benefits of Standards
- Module 35 - Applying Security Standards