Certified Advanced Software Security Tester (CASST)

Certification Overview

Certified Advanced Software Security Tester (CASST)

Exam Code: CASST-001

Security Tester qualification is aimed at people who have already achieved an advanced point in their careers in software testing and wish to develop further their expertise in security testing. The modules offered at the Advanced Level cover a wide range of testing topics. 

Application security testing is an approach to validate security requirements and uncover vulnerabilities in an application (web / mobile / thick client / web services) and its associated components, by performing static and dynamic security testing. Security testing is becoming a crucial validation activity. It cuts across the lines of business (LOB), enterprise testing, and shared services. Thus, chief information security officers (CISOs) and several information security groups are looking to add security testing as a new service line.

The Certification is helpful in demonstrating the attacker mentality by discovering key information about a target, performing actions on a test application in a protected environment that a malicious person would perform, and understand how evidence of the attack could be deleted.


Before a candidate can pursue the Certified Advanced Software Security Tester (CASST), he or she must hold Certified Software Security Tester (CSST) or equivalent certification. The purpose is to make sure the candidate already have good understanding of the test process, the test design techniques and test planning.

E-Course Duration: 20 to 25 Hours

Exam Information

The exam comprises of 40 Multiple Choice Questions out of which the candidate needs to score 70% (28 out of 40 correct) to pass the exam.

Exams are online and proctored based, using a webcam and a reliable internet connection exams can be taken anywhere and anytime.

The total duration of the exam is 1 hour (60 Minutes).

No external sources of information may be accessed during the exam via ProctorU. Further details of the materials permitted are provided:

  • Identification Proof
  • If a Candidate does not pass the exam in the second (2nd) attempt, the candidate must wait for a period of at least fourteen (14) calendar days from the date of their attempt to retake the exam for third (3rd) time or any subsequent time.
  • The exam can be taken any number of times

Certified Advanced Software Security Tester (CASST)™ Certificate is valid for life.

CASST™ is a Trademark of GAQM.


Note: The Certified Advanced Software Security Tester (CASST)™ Certification has a pre-requisite (Completion of an E-Course is mandatory from GAQMBok portal) as maximum number of questions are drawn from the E-Course in the actual exam.

Course Outline

Module Information - 1

  • Module 1 - Improving the Security Testing Practices
  • Module 2 - Security Test Process Definition
  • Module 3 - Lifecycle Alignment and Security Testing Tasks
  • Module 4 - Security Test Planning
  • Module 5 - Security Test Design
  • Module 6 - Implementing Policy-Based Security Tests
  • Module 7- Security Test Execution
  • Module 8 - Security Test Evaluation
  • Module 9 - Security Test Maintenance
  • Module 10 - Role of Security Testing in a Lifecycle
  • Module 11 - The Role of Security Testing in Design
  • Module 12 - The Role of Security Testing in Implementation Activities
  • Module 13 - Component Test Analysis & Design

Module Information - 2

  • Module 14 - Analyzing Component Test Results
  • Module 15 - Component Integration Test Analysis & Design
  • Module 16 - The Role of Security Testing in System and Acceptance Test Activities
  • Module 17 - Definition of Security-Oriented Acceptance Criteria
  • Module 18 - The Role of Security Testing in Maintenance
  • Module 19 - Testing the Effectiveness of System Hardening
  • Module 20 - Authentication and Authorization
  • Module 21 - Firewalls and Network Zones
  • Module 22 - Encryption, Intrusion Detection, Malware Scanning and Data Obfuscation
  • Module 23 - Training
  • Module 24 - Security Awareness
  • Module 25 - Attack Motivations
  • Module 26 - Social Engineering and Security Awareness

Module Information - 3

  • Module 27 - Revising Security Expectations
  • Module 28 - Security Test Reporting
  • Module 29 - Reporting Security Test Status
  • Module 30 - Reporting Security Test Results
  • Module 31 - Types and Purposes of Security Test Tools
  • Module 32 - Tool Selection
  • Module 33 - Open Source Tools
  • Module 34 - Benefits of Standards
  • Module 35 - Applying Security Standards

Target Audience

  • Professionals who want to upgrade their knowledge on Advanced Software Security Testing,
  • Software Testers who want to expand their knowledge of security testing,
  • Security testers who wish to obtain an advanced certification to solidify their knowledge,
  • Security administrators who want to learn more about how to test the security defenses in their organization, and
  • Anyone who wants to learn more about security testing at an Advanced Level.

Registration Process for E-Course and Exam

Premium Package
(E-Course Version)

  • Self Explanatory
  • Valid for 40 days
  • The Package also includes E-Voucher/Access Key for Certification Exam
  • The E-Voucher/Access Key can be used via ProctorU Globally.
  • Includes E-certificate and Digital Badge if you qualify in the exam.
  • Course Duration: 40 Days
  • Price: 270 USD


  • Validity: 240 Days
  • Price: 210 USD
  • Please Read Carefully:

    1) Please Purchase the First Voucher from our E-Voucher Store to Schedule the exam via ProctorU.

    2) One Voucher can be used by one person, one time, for one exam discount/fee only.

Visit E-Voucher Store

Exam Registration

  • To Register for an Exam
Click Here