Certified Software Security Tester (CSST)

Certification Overview

Certified Software Security Tester (CSST)

Exam Code: CSST-001


CSST covers a wide range of security testing techniques, including static and dynamic application security testing, vulnerability assessment, penetration testing concepts, and risk analysis. Candidates learn how to design and execute security test cases, interpret security test results, and collaborate with development teams to remediate vulnerabilities effectively. The certification also emphasizes compliance, governance, and the importance of building security awareness across development and testing teams.

The Certified Software Security Tester (CSST) certification is designed to validate a professional’s knowledge and skills in identifying, analyzing, and mitigating security vulnerabilities within software applications. It focuses on integrating security testing into the software development lifecycle, ensuring that applications are resilient against threats such as injection attacks, authentication flaws, data leakage, and insecure configurations. The certification provides a strong foundation in application security principles, secure testing methodologies, and industry-recognized security standards.


The Certification is helpful in demonstrating the attacker mentality by discovering key information about a target, performing actions on a test application in a protected environment that a malicious person would perform, and understand how evidence of the attack could be deleted.

E-Course Duration: 15 to 20 Hours


Exam Information

The exam comprises of 50 Multiple Choice Questions out of which the candidate needs to score 70% (35 out of 50 correct) to pass the exam.

The total duration of the exam is 1 hour (60 Minutes).

  • The exam is conducted in AI-proctored mode and can be taken anytime, anywhere within an eight-month validity period.
  • Upon purchasing the Premium Package or an Exam Voucher Code, a voucher code with two attempts will be assigned to your login profile under the "My Vouchers" tab. You can then take the exam through the "My Exam(s)" tab in your profile. To take the exam, simply apply the voucher code.

  • The Exam Voucher included in the Premium Package or purchased separately is valid for two (2) attempts. If you are unable to pass the exam within these two attempts, you can purchase a new voucher code, which will grant you an additional two attempts.
  • Kindly Note: The voucher will not be valid for a second attempt if you pass the exam on your first attempt.

Certified Software Security Tester (CSST) Certificate is valid for life.

CSST™ is a Trademark of GAQM.

Note: The Certified Software Security Tester (CSST)™ Certification has a pre-requisite (Completion of an E-Course is mandatory from GAQMBok portal) as maximum number of questions are drawn from the E-Course in the actual exam.

Download Sample Exam

Course Outline

Module Information - 1

  • Module 1 - Security Risks
  • Module 2 - Asset Identification
  • Module 3 - Assessing Risk Analysis Effectiveness
  • Module 4 - Information Security Policies and Procedures
  • Module 5 - Analysis of Information Security Policies and Procedures
  • Module 6 - Security Auditing and Its Role in Security Testing
  • Module 7 - Security Risk Assessment
  • Module 8 - Security Triad
  • Module 9 - Introduction to Security Testing

Module Information - 2

  • Module 10 - The Purpose of Security Testing
  • Module 11 - The Organizational Context
  • Module 12 - Security Testing Objectives
  • Module 13 - The Difference between Information Assurance and Security Testing
  • Module 14 - The Scope and Coverage of Security Testing Objectives
  • Module 15 - Analysis of Security Approaches
  • Module 16 - Analysis of Failures in Security Test Approaches
  • Module 17 - Stakeholder Identification
  • Module 18 - Improving the Security Testing Practice
Download Brochure

Target Audience

  • Software who want to expand their knowledge of security testing,
  • Security testers who wish to obtain an advanced certification to solidify their knowledge,
  • Security administrators who want to learn more about how to test the security defenses in their organization, and
  • Anyone who wants to learn more about security testing

Registration Process for E-Course or E-Book and Exam

Premium Package
(E-Course Version)

  • Self Explanatory
  • Valid for 40 days
  • This package provides a voucher code granting eligibility for two (2) exam attempts.
  • Includes E-certificate and Digital Badge if you qualify in the exam.
  • Course Duration: 40 Days
  • Price: 220 USD

Exam
Voucher

  • Validity: 240 Days
  • Price: 190 USD
  • Please Read Carefully:

    1) The Exam Voucher is valid for two (2) attempts.

    2) You will receive your voucher code within 24 business hours.

    3) Once you receive the voucher code, you can take the exam via the "My Exam(s)" tab in your login profile.

GAQM

Test-Takers

Policies & Disclosures

Follow Us

GAQM, All rights Reserved.
Copyright © 2026