Certified Advanced Software Security Tester (CASST)

Certification Overview

Certified Advanced Software Security Tester (CASST)

Exam Code: CASST-001

Security Tester qualification is aimed at people who have already achieved an advanced point in their careers in software testing and wish to develop further their expertise in security testing. The modules offered at the Advanced Level cover a wide range of testing topics. 

Application security testing is an approach to validate security requirements and uncover vulnerabilities in an application (web / mobile / thick client / web services) and its associated components, by performing static and dynamic security testing. Security testing is becoming a crucial validation activity. It cuts across the lines of business (LOB), enterprise testing, and shared services. Thus, chief information security officers (CISOs) and several information security groups are looking to add security testing as a new service line.

The Certification is helpful in demonstrating the attacker mentality by discovering key information about a target, performing actions on a test application in a protected environment that a malicious person would perform, and understand how evidence of the attack could be deleted.

Pre-requisites:

Before a candidate can pursue the Certified Advanced Software Security Tester (CASST), he or she must hold Certified Software Security Tester (CSST) or equivalent certification. The purpose is to make sure the candidate already have good understanding of the test process, the test design techniques and test planning.

E-Course Duration: 20 to 25 Hours

Exam Information

The exam comprises of 40 Multiple Choice Questions out of which the candidate needs to score 80% (32 out of 40 correct) to pass the exam.

The total duration of the exam is 1 hour (60 Minutes).

  • The exam is conducted in a non-proctored mode and can be taken anytime and anywhere within an eight-month validity period.
  • Upon purchasing the Premium Package or an Exam Voucher Code, a voucher code with two attempts will be assigned to your login profile under the "My Vouchers" tab. You can then take the exam through the "My Exam(s)" tab in your profile. To take the exam, simply apply the voucher code.

  • The Exam Voucher included in the Premium Package or purchased separately is valid for two (2) attempts. If you are unable to pass the exam within these two attempts, you can purchase a new voucher code, which will grant you an additional two attempts.
  • Kindly Note: The voucher will not be valid for a second attempt if you pass the exam on your first attempt.

Certified Advanced Software Security Tester (CASST)™ Certificate is valid for life.

CASST™ is a Trademark of GAQM.

Note: The Certified Advanced Software Security Tester (CASST)™ Certification has a pre-requisite (Completion of an E-Course is mandatory from GAQMBok portal) as maximum number of questions are drawn from the E-Course in the actual exam.

Course Outline

Module Information - 1

  • Module 1 - Improving the Security Testing Practices
  • Module 2 - Security Test Process Definition
  • Module 3 - Lifecycle Alignment and Security Testing Tasks
  • Module 4 - Security Test Planning
  • Module 5 - Security Test Design
  • Module 6 - Implementing Policy-Based Security Tests
  • Module 7- Security Test Execution
  • Module 8 - Security Test Evaluation
  • Module 9 - Security Test Maintenance
  • Module 10 - Role of Security Testing in a Lifecycle
  • Module 11 - The Role of Security Testing in Design
  • Module 12 - The Role of Security Testing in Implementation Activities
  • Module 13 - Component Test Analysis & Design

Module Information - 2

  • Module 14 - Analyzing Component Test Results
  • Module 15 - Component Integration Test Analysis & Design
  • Module 16 - The Role of Security Testing in System and Acceptance Test Activities
  • Module 17 - Definition of Security-Oriented Acceptance Criteria
  • Module 18 - The Role of Security Testing in Maintenance
  • Module 19 - Testing the Effectiveness of System Hardening
  • Module 20 - Authentication and Authorization
  • Module 21 - Firewalls and Network Zones
  • Module 22 - Encryption, Intrusion Detection, Malware Scanning and Data Obfuscation
  • Module 23 - Training
  • Module 24 - Security Awareness
  • Module 25 - Attack Motivations
  • Module 26 - Social Engineering and Security Awareness


Module Information - 3

  • Module 27 - Revising Security Expectations
  • Module 28 - Security Test Reporting
  • Module 29 - Reporting Security Test Status
  • Module 30 - Reporting Security Test Results
  • Module 31 - Types and Purposes of Security Test Tools
  • Module 32 - Tool Selection
  • Module 33 - Open Source Tools
  • Module 34 - Benefits of Standards
  • Module 35 - Applying Security Standards


Target Audience

  • Professionals who want to upgrade their knowledge on Advanced Software Security Testing,
  • Software Testers who want to expand their knowledge of security testing,
  • Security testers who wish to obtain an advanced certification to solidify their knowledge,
  • Security administrators who want to learn more about how to test the security defenses in their organization, and
  • Anyone who wants to learn more about security testing at an Advanced Level.

Registration Process for E-Course or E-Book and Exam

Premium Package
(E-Course Version)

  • Self Explanatory
  • Valid for 40 days
  • This package provides a voucher code granting eligibility for two (2) exam attempts.
  • Includes E-certificate and Digital Badge if you qualify in the exam.
  • Course Duration: 40 Days
  • Price: 270 USD

Exam
Voucher

  • Validity: 240 Days
  • Price: 220 USD
  • Please Read Carefully:

    1) The Exam Voucher is valid for two (2) attempts.

    2) You will receive your voucher code within 24 business hours.

    3) Once you receive the voucher code, you can take the exam via the "My Exam(s)" tab in your login profile.