Certification Details

Certified Software Security Tester (CSST)

Instructor
4.8 (1,247 reviews)
Course Preview
Watch Preview

Overview

The Certified Software Security Tester (CSST)™ certification is designed to validate a professional’s expertise in identifying, analyzing, and mitigating critical vulnerabilities within modern software. It focuses on the seamless integration of security into the development lifecycle, ensuring applications are resilient against common threats like injection attacks, authentication flaws, and data leakage. By providing a robust foundation in secure testing methodologies and industry-recognized standards, the CSST ensures that security is treated as a core functional requirement rather than an afterthought.

The program covers a diverse array of technical disciplines, including static and dynamic application security testing (SAST/DAST), vulnerability assessments, and comprehensive risk analysis. Candidates gain the practical skills necessary to design rigorous security test cases and collaborate effectively with development teams to remediate vulnerabilities. Beyond technical execution, the certification emphasizes the strategic importance of compliance, governance, and fostering a culture of security awareness across the entire organization to protect digital assets.

A unique aspect of this certification is its focus on developing an attacker mentality, teaching professionals how to think and act like a malicious actor within a protected environment. You will learn how to discover sensitive information about a target, execute simulated attacks on test applications, and understand the methods used to erase evidence of a breach. Mastering these adversarial techniques allows testers to anticipate threats more effectively and implement defensive measures that are grounded in real-world exploit scenarios.

E-Course Duration: 15 to 20 Hours

Exam Information

The exam comprises of 50 Multiple Choice Questions out of which the candidate needs to score 70% (35 out of 50 correct) to pass the exam.

The total duration of the exam is 1 hour (60 Minutes).

  • The exam is conducted in AI-proctored mode and can be taken anytime, anywhere within an eight-month validity period.
  • Upon purchasing the Premium Package or an Exam Voucher Code, a voucher code with two attempts will be assigned to your login profile under the "My Vouchers" tab. You can then take the exam through the "My Exam(s)" tab in your profile. To take the exam, simply apply the voucher code.

  • The Exam Voucher included in the Premium Package or purchased separately is valid for two (2) attempts. If you are unable to pass the exam within these two attempts, you can purchase a new voucher code, which will grant you an additional two attempts.
  • Kindly Note: The voucher will not be valid for a second attempt if you pass the exam on your first attempt.

Certified Software Security Tester (CSST) Certificate is valid for life.

CSST™ is a Trademark of ITQMA.

Note: The Certified Software Security Tester (CSST)™ Certification has a pre-requisite (Completion of an E-Course is mandatory from ITQMA) as maximum number of questions are drawn from the E-Course in the actual exam.

Download Sample Exam

Course Outline

Module Information - 1

  • Module 1 - Security Risks
  • Module 2 - Asset Identification
  • Module 3 - Assessing Risk Analysis Effectiveness
  • Module 4 - Information Security Policies and Procedures
  • Module 5 - Analysis of Information Security Policies and Procedures
  • Module 6 - Security Auditing and Its Role in Security Testing
  • Module 7 - Security Risk Assessment
  • Module 8 - Security Triad
  • Module 9 - Introduction to Security Testing

Module Information - 2

  • Module 10 - The Purpose of Security Testing
  • Module 11 - The Organizational Context
  • Module 12 - Security Testing Objectives
  • Module 13 - The Difference between Information Assurance and Security Testing
  • Module 14 - The Scope and Coverage of Security Testing Objectives
  • Module 15 - Analysis of Security Approaches
  • Module 16 - Analysis of Failures in Security Test Approaches
  • Module 17 - Stakeholder Identification
  • Module 18 - Improving the Security Testing Practice
Download Brochure

Target Audience

  • Software who want to expand their knowledge of security testing,
  • Security testers who wish to obtain an advanced certification to solidify their knowledge,
  • Security administrators who want to learn more about how to test the security defenses in their organization, and
  • Anyone who wants to learn more about security testing

Registration Process for E-Course or E-Book and Exam

Premium Package
(E-Course Version)
  • Self Explanatory
  • Valid for 40 days
  • This package provides a voucher code granting eligibility for two (2) exam attempts.
  • Includes E-certificate and Digital Badge if you qualify in the exam.
  • Course Duration: 40 Days
  • Price: 220 USD
Standard Package
  • Self Explanatory
  • E-Course is Valid for 20 days
  • This Package doesn't include E-Voucher for Certification Exam.
  • Candidate has to purchase the E-Voucher separately to take the Certification Exam.
  • Course Duration: 20 Days
  • Price: 85 USD
Exam Voucher
  • Validity: 240 Days
  • Price: 190 USD
  • Please Read Carefully:
    1) The Exam Voucher is valid for two (2) attempts.
    2) You will receive your voucher code within 24 business hours.
    3) Once you receive the voucher code, you can take the exam via the "My Exam(s)" tab in your login profile.