Advanced Security Tester Business Outcomes
Advanced Level testers who have passed the “Advanced Security Tester” module exam should be able to accomplish the following Business Objectives:
- Plan, perform and evaluate security tests from a variety of perspectives – policy-based, risk-based, standards-based, requirements-based and vulnerability-based.
- Align security test activities with project lifecycle activities.
- Analyze the effective use of risk assessment techniques in a given situation to identify current and future security threats and assess their severity levels.
- Evaluate the existing security test suite and identify any additional security tests.
- Analyze a given set of security policies and procedures, along with security test results, to determine effectiveness.
- For a given project scenario, identify security test objectives based on functionality, technology attributes and known vulnerabilities.
- Analyze a given situation and determine which security testing approaches are most likely to succeed in that situation.
- Identify areas where additional or enhanced security testing may be needed.
- Evaluate effectiveness of security mechanisms.
- Help the organization build information security awareness.
- Demonstrate the attacker mentality by discovering key information about a target, performing actions on a test application in a protected environment that a malicious person would perform, and understand how evidence of the attack could be deleted.
- Analyze a given interim security test status report to determine the level of accuracy, understandability, and stakeholder appropriateness.
- Analyze and document security test needs to be addressed by one or more tools.
- Analyze and select candidate security test tools for a given tool search based on specified needs.
- Understand the benefits of using security testing standards and where to find them.