Certified Tester International

Expert Level Modules Overview Software Testing

Qualifications Board

Certified Tester

Expert Level

Modules Overview

Version 1.1, 12th April 2013

International Software Testing Qualifications Board

Copyright Notice
This document may be copied in its entirety, or extracts made, if the source is acknowledged.

Version 1.1 Page 1 of 23 April 12th 2013

© International Software Testing Qualifications Board
Certified Tester International
Expert Level Modules Overview Software Testing
Qualifications Board

Copyright © International Software Testing Qualifications Board (hereinafter called ISTQB®).

Expert Level Working Group: Graham Bath, Rex Black, Marcel Kwakernaak, Judy McKay, Andrew
Pollner, Randall Rice, Erik van Veenendaal, 2010

Version 1.1 Page 2 of 23 April 12th 2013

© International Software Testing Qualifications Board
Certified Tester International
Expert Level Modules Overview Software Testing
Qualifications Board

Revision History
Version Date Remarks
th
0.1 November 16 2010 Initial version for review
st
0.2 January 1 2011 Review comments incorporated
th
1.0 March 11 2011 Released at Prague GA
th
1.1 April 12 2013 Released at Toronto GA
• Updates resulting from decision to divide ITP and TM
syllabi into parts
• Additional text for BO TM3 to improve mapping to LOs
• Revised BOs for Test Automation
• Additional section for security testing

Version 1.1 Page 3 of 23 April 12th 2013

© International Software Testing Qualifications Board
 Certified Tester International
Expert Level Modules Overview Software Testing
Qualifications Board

Revision History....................................................................................................................................... 3
Acknowledgements ................................................................................................................................. 5
1. Introduction ..................................................................................................................................... 6
1.1 Intended audience ...................................................................................................................... 6
1.2 The Testing Expert ..................................................................................................................... 6
1.3 Modular structure of the Expert Level ........................................................................................ 6
1.4 Other relevant documents .......................................................................................................... 7
1.5 Expert Level syllabi and their parts ............................................................................................ 7
2. Overview of Expert Level Modules ................................................................................................. 9
2.1 Module: Improving the Test Process.......................................................................................... 9
2.1.1 Content .................................................................................................................................. 9
2.1.2 Parts....................................................................................................................................... 9
2.1.3 Business Outcomes............................................................................................................. 10
2.1.4 Syllabus coverage of parts .................................................................................................. 11
2.2 Module: Test Management....................................................................................................... 12
2.2.1 Content ................................................................................................................................ 12
2.2.2 Parts..................................................................................................................................... 12
2.2.3 Business Outcomes............................................................................................................. 13
2.2.4 Syllabus coverage of parts .................................................................................................. 14
2.3 Module: Test Automation.......................................................................................................... 16
2.3.1 Content ................................................................................................................................ 16
2.3.2 Parts..................................................................................................................................... 16
2.3.3 Business Outcomes............................................................................................................. 17
2.3.4 Syllabus coverage of parts .................................................................................................. 18
2.4 Module: Security Testing .......................................................................................................... 19
2.4.1 Content ................................................................................................................................ 19
2.4.2 Business Outcomes............................................................................................................. 21
3. Abbreviations ................................................................................................................................ 22
4. References.................................................................................................................................... 23
4.1 Trademarks .............................................................................................................................. 23
4.2 Documents and Web-Sites....................................................................................................... 23

Version 1.1 Page 4 of 23 April 12th 2013

© International Software Testing Qualifications Board
Certified Tester International
Expert Level Modules Overview Software Testing
Qualifications Board

Acknowledgements

This document was produced by the International Software Testing Qualifications Board Expert Level
Working Group:
Graham Bath (chair)
Rex Black
Marcel Kwakernaak
Judy McKay (vice chair)
Andrew Pollner
Randall Rice
Erik van Veenendaal

The authors thank the review team and all National Boards for their suggestions and input.

The following persons participated in the reviewing, commenting and balloting of this document
(alphabetical order):
Graham Bath
Johannes Bergmann
Rex Black
Kari Kakkonen
Beata Karpinska
Marcel Kwakernaak
Judy McKay
Thomas Müller
Ingvar Nordström
Joanna Nowakowska
Andrew Pollner
Andrea Rott
Hans Schaefer
Mike Smith
Erik van Veenendaal
Xiong Xiaohong

th
This document was formally released by the General Assembly of ISTQB® on 12 April 2013.

Version 1.1 Page 5 of 23 April 12th 2013

© International Software Testing Qualifications Board
Certified Tester International
Expert Level Modules Overview Software Testing
Qualifications Board

1. Introduction

1.1 Intended audience

This overview document is intended for anyone with an interest in the ISTQB Expert Level who wants
a high-level introduction to its leading principles and an overview of the individual Expert Level
modules.
Business owners and managers in human resources departments will particularly benefit from the
description of business outcomes for the subjects covered at Expert Level.

1.2 The Testing Expert

Before going into the ISTQB Expert Level, we should define what it means to be a testing expert.
The testing expert:
An expert is a person with the special skills and knowledge representing mastery of a particular testing
subject. Being an expert means possessing and displaying special skills and knowledge derived from
training and experience.
A testing expert is one that has a broad understanding of testing in general, and an in depth
understanding in a specific test area. An in depth understanding means sufficient knowledge of testing
theory and practice to be able to influence the direction that an organization and/or project takes when
creating, implementing and executing testing activities related to the specific area.
It is important to emphasize that an expert must embody both knowledge and the necessary skills to
apply that knowledge in real-life situations.
It is expected that in the future possessing an ISTQB Expert Level certificate will also allow those
experts to use the Certified Tester Expert Level (CTEL) acronym.

1.3 Modular structure of the Expert Level

There is a common understanding that an expert is often an expert in only a certain area of testing.
This requires an ISTQB multi-module Expert Level.
The Expert Level follows a testing-based structure for the modules, e.g. test management, test
automation, test process improvement.
As with the Advanced Level, the Expert Level defines separate syllabi for each module. Each syllabus
is supported by clear business outcomes and learning objectives.
In this document each Expert Level module is described with the following information:
Module content:
The syllabus content for each module (and its constituent parts) is described in summary form. The
individual learning objectives and their allocation to a particular syllabus part is described.
Business outcomes:
These provide an overview and statement of what can be expected from an expert in the particular
subject area, (e.g. an expert test manager), and will particularly benefit businesses who are
considering the development of specific Expert Level skills.

Version 1.1 Page 6 of 23 April 12th 2013

© International Software Testing Qualifications Board
Certified Tester International
Expert Level Modules Overview Software Testing
Qualifications Board

1.4 Other relevant documents

Please note that the Rules and Recommendations relating to the Expert Level are described in a
separate document [ISTQB-EL-Rules-and-Recs].
Section 4.2 lists the documents referred to in this overview.

1.5 Expert Level syllabi and their parts

The following Expert Level modules are either released or being developed:
• Improving the testing process
• Test management
• Test automation
• Security testing

The following subjects are currently considered as potential candidates for future development (in
alphabetic order):
• Performance testing
• Static testing
• System integration
• Test design techniques
• Usability testing

Other subjects may be developed as the need arises. Additional sections will be added to this
overview document as further modules become defined.
Each Expert Level syllabus is divided into parts, with each part being examined separately. Training
courses may cover an entire syllabus or an individual part.
The syllabi and parts are defined in the following table:

Module/Syllabus Part Required Advanced Level Course

Certificate duration
(days)
Improving the 1. Assessing test processes Test Manager 5
testing process
2. Implementing test process Test Manager 4
improvement
Test management 1. Strategic Test Management Test Manager 3
2. Operational Test Management Test Manager 4
3. Managing the Test Team Test Manager 4
Test automation 1. Test automation management Test Manager 3
2. Test automation engineering Technical Test Analyst 4
Security testing (not divided into parts) Technical Test Analyst 5

Version 1.1 Page 7 of 23 April 12th 2013

© International Software Testing Qualifications Board
Certified Tester International
Expert Level Modules Overview Software Testing
Qualifications Board

The following diagram shows the overall Certified Tester syllabus structure with the Expert Level
modules and their individual parts (abbreviated names are used).

The diagram shows required certifications and the career paths currently available. These will be
developed as more Expert Level modules are added.

Version 1.1 Page 8 of 23 April 12th 2013

© International Software Testing Qualifications Board
Certified Tester International
Expert Level Modules Overview Software Testing
Qualifications Board

2. Overview of Expert Level Modules

2.1 Module: Improving the Test Process

2.1.1 Content
The syllabus [ISTQB-ITP-Syllabus] starts with an introduction to the fundamental issues concerning
improvement to the test process. Basic questions like “why improve testing?” and “what can be
improved?” are considered and the different ways that stakeholder can view quality are described.
There are a number of different approaches which can be applied to improving the test process;
overviews of these approaches are provided.
Model-based improvement is considered in depth by first examining fundamental aspects of using
models and then describing and comparing a number of well known test improvement models.
Analytical approaches to improving the test process, such as causal analysis, are covered in as much
detail as the model-based approaches. Metrics play a significant role in analytical approaches so a
number of these are covered, together with an approach to using metrics effectively e.g., the GQM-
approach.
An expert in this field will be expected to select the right approach for a given situation. The factors to
consider are covered and the relative benefits of each approach are compared.
The task of improving test processes is itself a process which can be described in several steps,
including the setting of scope and objectives for improvement, assessing the current situation,
analyzing results, performing solution analysis, suggesting improvements and priorities, creating an
improvement plan, implementing the plan and gaining knowledge from each improvement cycle. The
syllabus details each of these steps according to a standard process definition.
Different organization forms for implementing improvements to the test process are covered, including
the impact of offshoring on those organizations. The typical roles to be found in these organizations
are described and the wide range of different skills required for effectively performing those roles are
detailed.
Management of change is essential in rolling out improvements to the test process into projects and
organizations. In particular, the human factors in the change management process are covered in the
syllabus. A wide range of different skills is covered including those needed for effective interviewing
and for performing analysis.
The syllabus concludes with a detailed consideration of critical success factors.

2.1.2 Parts
The Expert Level Improving the Test Process syllabus consists of the following parts:

Part Name Principal focus

1 Assessing the test • Different approaches to test process improvement
process • Assessing test processes using models
• Analytical approaches to test process assessment
• Creating improvement recommendations
2 Implementing test • Creating and implementing a test improvement plan
process improvement • Organizing the test process improvement effort (roles,
organizational forms)
• Required skills
• Managing change

Version 1.1 Page 9 of 23 April 12th 2013

© International Software Testing Qualifications Board
Certified Tester International
Expert Level Modules Overview Software Testing
Qualifications Board

2.1.3 Business Outcomes

The expert test process improver is able to perform each of the following tasks:

Part 1: Assessing test processes

TP1.1 Lead programs for improving the test process within an organization or project and can identify
and manage critical success factors
TP2 Take appropriate business-driven decisions on how to approach improvement to the test
process
TP3 Assess the current status of a test process, propose step-wise improvements and show how
these are linked to achieving business goals
TP5 Analyze specific problems with the test process and propose effective solutions

Part 2: Implementing test process improvement

TP1.2 Lead programs for implementing test process improvements within an organization or project
and can identify and manage critical success factors
TP4 Set up a strategic policy for improving the test process and implement that policy
TP6 Create a test improvement plan which meets business objectives
TP7 Develop organizational concepts for improvement of the test process which include required
roles, skills and organizational structure
TP8 Establish a standard process for implementing improvement to the test process within an
organization
TP9 Manage the introduction of changes to the test process, including co-operation with the
sponsors of improvements
TP10 Understand and effectively manage the human issues associated with assessing the test
process and implementing necessary changes

Version 1.1 Page 10 of 23 April 12th 2013

© International Software Testing Qualifications Board
Certified Tester International
Expert Level Modules Overview Software Testing
Qualifications Board

2.1.4 Syllabus coverage of parts

The following tables show the chapters and sections of the Improving the Test Process syllabus which
relate to the two parts.

Part 1: Assessing test processes

Chapter/Section Title
2 The context of improvement
3 Model-based improvement
4 Analytical-based improvement
5 Selecting test process improvement approaches
6.2 Initiating the improvement process
6.3 Diagnosing the current situation

Part 2: Implementing test process improvement

Chapter/Section Title
6.1 Process for improvement: Introduction
6.4 Establishing a test improvement plan
6.5 Acting to implement improvement
6.6 Learning from the improvement program
7 Organization, Roles and Skills
8 Managing change
9 Critical Success Factors
10 Adapting to different Life-Cycle models

Version 1.1 Page 11 of 23 April 12th 2013

© International Software Testing Qualifications Board
Certified Tester International
Expert Level Modules Overview Software Testing
Qualifications Board

2.2 Module: Test Management

2.2.1 Content

The syllabus [ISTQB-TM-Syllabus] starts by considering the purpose of testing or the test mission, and
the relation between the test policy, the test strategy and the test objectives. The expert test manager
is considered to be able to utilize and adapt all available methods to define and meet testing
objectives. Furthermore, an expert test manager is expected to be able to design a specific method or
approach to meet those objectives and to gain and maintain early management commitment.

Managing the test team and managing testing throughout the organization are addressed extensively
and special attention is given to the various project management tasks that would apply at the expert
test management level. The test managers’ role in performing risk management (risk assessment
workshops and risk mitigation management), reviews, assessments, quality gate evaluation, quality
assurance and audits are covered in detail. How to report test results and how to interpret results by
evaluation of exit criteria is elaborated upon. The metrics are described which are presented in an Key
Performance Indicator (KPI) dashboard and play a crucial role in the management of the test process.

The expert test manager is expected to select or create, evaluate and improve the most appropriate
approach for a given situation, which implies that several right approaches can occur simultaneously,
of which no individual approach stands out significantly. It is up the expert test manager to find a
suitable approach or combination of approaches which fit the organization in order to meet or exceed
the given objectives.

Different ways to organize testing as well as different types of projects for test management, including
vendor management, are covered. Typical test management topics such as incident management,
test project evaluation and tools for reporting and test management are addressed in depth.

The syllabus concludes with an overview of special test management considerations for different
domains and project factors.

2.2.2 Parts
The Expert Level Test Management syllabus consists of the following parts:

Part Name Principal focus

1 Strategic Test Management
2 Operational Test Management
3 Managing the Test Team
• Establishing test management within the organization.
• Test mission, test policy, test strategy, test objectives
• Optimal implementation of test management principles in
an organization
• Building and managing the most appropriate team of
testing staff for an organization.
• Locating, screening, hiring, developing skills

Version 1.1 Page 12 of 23 April 12th 2013

© International Software Testing Qualifications Board
Certified Tester International
Expert Level Modules Overview Software Testing
Qualifications Board

2.2.3 Business Outcomes

The expert test manager is able to perform each of the following tasks:

Part 1: Strategic Test Management

TM2 Define organizational test policy, select and implement appropriate test strategies to meet
business objectives and quality goals.
TM3 Unify and merge disparate test approaches and test management, and define and implement
efficient and effective organization-wide strategies which consider different lifecycle models
and project types.
TM6 Define a tool strategy for the testing organization, including migration, conversion, integration,
training, efficiency and process modification.

Part 2: Operational Test Management

TM1 Position, represent and promote the testing organization and its role in the production of
quality software.
TM4 Integrate information from multiple sources to determine realistic estimating and scheduling
options to achieve a product with a given quality level.
TM5 Communicate effectively at any level in the organization regarding all aspects of software
testing.
TM7 Determine the most effective testing process considering product, lifecycle, regulatory
requirements, standards, organizational factors, schedules and budgets
TM10 Derive a metrics tracking and reporting scheme that will address the information needs of
internal and external stakeholders.

Part 3: Managing the Test Team

TM1 Position, represent and promote the testing organization and its role in the production of
quality software.
TM5 Communicate effectively at any level in the organization regarding all aspects of software
testing.
TM8 Maximize efficiency by selecting the appropriate mix of personnel considering skill levels,
staffing options, location of resources and management structure
TM9 Screen, hire, develop and manage a test team for maximum efficiency.

Note that different aspects of business outcomes TM1 and TM5 are addressed in part 2 and part 3.

Version 1.1 Page 13 of 23 April 12th 2013

© International Software Testing Qualifications Board
Certified Tester International
Expert Level Modules Overview Software Testing
Qualifications Board

2.2.4 Syllabus coverage of parts

The following tables show the chapters and sections of the Test Management syllabus parts.

Part 1: Strategic Test Management

Chapter/Section Title
2.2 Mission, Policy, and Metrics of Success
2.3 Test Strategies
2.4 Alignment of Test Policy and Test Strategy with the Organization
4.6 Merging Test Strategies
5.7 Integrating Tools Across the Organization
6.4 Quality Management
8.1 Test Management Considerations for Lifecycle Models
8.2 Managing Partial Lifecycle Projects
9.3 Effectiveness, Efficiency and Satisfaction Metrics for the Test Policy
Objectives

Part 1: Operational Test Management

Chapter/Section Title
4.2 Types of External Relationships
4.3 Contractual Issues
4.4 Communication Strategies
4.5 Integrating from External Sources
4.7 Verifying Quality
5.5 Creating and Building Relationships
6.2 Project Management Tasks
6.3 Project Risk Management
7.2 Tracking Information
7.3 Evaluating and Using Information - Internal Reporting
7.4 Sharing Information - External Reporting
7.5 Test Results Reporting and Interpretation
7.6 Statistical Quality Control Techniques
8.3 Release Considerations
9.2 Effectiveness, Efficiency and Satisfaction Metrics for the Test Process
9.4 Project Retrospectives

Version 1.1 Page 14 of 23 April 12th 2013

© International Software Testing Qualifications Board
Certified Tester International
Expert Level Modules Overview Software Testing
Qualifications Board

Part 3: Managing the Test Team

Chapter/Section Title
3.2 Building the Test Team
3.3 Developing the Test Team
3.4 Leading the Test Team
5.2 Advocating the Test Team
5.3 Placement of the Test Team
5.4 Stakeholder Communication
5.6 Advocating Quality Activities Across the Organization
5.8 Handling Ethical Issues

Version 1.1 Page 15 of 23 April 12th 2013

© International Software Testing Qualifications Board
Certified Tester International
Expert Level Modules Overview Software Testing
Qualifications Board

2.3 Module: Test Automation

2.3.1 Content
The syllabus [ISTQB-TA-Syllabus] defines test automation, the scope covered, and objectives. There
are a number of different tools and technologies available to assist test projects in managing,
executing, and reporting testing. Basic questions like “why would you use automation?”, “how would
you use automation?”, and “when would you use automation?” are addressed.
Strategies for successful implementation of automated testing tools are covered extensively beginning
with an assessment and evaluation of economic benefit. Discussion of generic automated testing
architectures and how they can aid in the development, deployment, and maintainability of automated
scripts is covered along with specific planning activities surrounding implementation which affect
staffing, tools, and schedule.
An expert in the field of test automation will have the understanding to know what tools should be
applied during what phase of the testing lifecycle and which approach should be used to ensure a
successful implementation for any given situation.
Tools covered in the Test Automation Module include, but are not limited to those used for functional
testing, regression testing, and test management. Performance testing is covered briefly, as a future
Expert Level Syllabus may be dedicated to Performance Testing exclusively. The analysis and
recommendations are tool agnostic, as tools from different vendors have similar capability and
complementary features.
Techniques, based on best practices including automation frameworks, are described to ensure the
successful and efficient implementation of testing tools and the skills necessary to develop and
maintain an automated test environment.
Secondary uses of test automation are also discussed. These include, but are not limited to:
automated configuration management of test artifacts, automatic metrics gathering and test reporting,
automated creation and management of test data sets, and automatic defect reporting.
The process of automating test scripts in order to create a sustainable regression test suite can be
described in several steps. There are specific roles and responsibilities for test teams wishing to
incorporate automation into the overall testing process including the detailed consideration of critical
success factors.

2.3.2 Parts
The Expert Level Test Automation syllabus consists of the following parts:

Part Name Principal focus

1 Test Automation Management
2 Test Automation Engineering
• Establishing an automation strategy
• Identifying risks and benefits
• Evaluating goals and objectives
• Creating an implementation plan
• Planning for automation
• Understanding a generic automated test architecture
• Creating a purpose-built architecture
• Strategies for implementation
• Automated reporting and metrics collection

Version 1.1 Page 16 of 23 April 12th 2013

© International Software Testing Qualifications Board
Certified Tester International
Expert Level Modules Overview Software Testing
Qualifications Board

2.3.3 Business Outcomes

The test automation expert is able to perform each of the following tasks, as outlined across the
Management and Engineering syllabi:

Syllabus I: Test Automation - Management

TA-M1 Develop a test automation policy and strategy appropriate for the organization
TA-M2 Create a business case which outlines the costs and benefits to be expected from introducing
and sustaining test automation.
TA-M3 Develop a plan to integrate automated testing within the testing process
TA-M4 Oversee the evaluation of tools and technology for automation best fit to each project and
organization
TA-M5 Manage the test automation resources to implement and sustain an effective test automation
program
TA-M6 Define and gather metrics to effectively report progress of the test automation program
TA-M7 Apply findings to improve the test automation process

Syllabus II: Test Automation - Engineering

TA-E1 Contribute to the development of a plan to integrate automated testing within the testing
process
TA-E2 Evaluate tools and technology for automation best fit to each project and organization
TA-E3 Create an approach and methodology for building a test automation architecture (TAA)
TA-E4 Design and develop (new or modified) test automation solutions that meet the business needs
TA-E5 Create automated test reporting and metrics collection
TA-E6 Manage and optimize testing assets to facilitate maintainability and address evolving (test)
systems

Version 1.1 Page 17 of 23 April 12th 2013

© International Software Testing Qualifications Board
Certified Tester International
Expert Level Modules Overview Software Testing
Qualifications Board

2.3.4 Syllabus coverage of parts

The following tables show the chapters and sections of the Test Automation syllabus which relate to
the two parts.

Part 1: Test Automation Management

Chapter/Section Title
2.2 Identifying Risks and Benefits of Test Automation
2.3 Strategic Considerations
2.4 Focusing the Automation Effort
3.2 Objectives and Goals
3.3 Planning the Effort
4.2 Succeeding at the Project Level
4.3 Controlling the Test Automation
4.4 Improving the Test Automation Process
5.0 Managing the Test Automation Team
5.2 Roles and Staffing
5.3 Training

Part 2: Test Automation Engineering

Chapter/Section Title
1. Introduction and Objectives for Test Automation
2. Planning for Automation
3. Generic Test Architecture
4. Implementation Strategies
5. Test automation reporting and metrics
6. Transitioning manual testing to an automated environment
7. Verifying the Test Automation Solution
8. Continuous Improvement

Version 1.1 Page 18 of 23 April 12th 2013

© International Software Testing Qualifications Board
Certified Tester International
Expert Level Modules Overview Software Testing
Qualifications Board

2.4 Module: Security Testing

2.4.1 Content
The syllabus [ISTQB-ST-Syllabus] is designed to prepare people to effectively design and perform
security tests that mitigate security risks for specific system and organization needs. A lifecycle
approach to security testing is reinforced by describing security test activities at each stage of a
project.
The broad objective of security testing is to test and evaluate the effectiveness of security protocols in
preventing security attacks. For example, the presence and strength of encryption is within the scope
of this syllabus, but the testing of the encryption algorithm is beyond the scope of the syllabus.
This syllabus addresses the available types of security test tools and how to understand the tool
needs for an organization so that an informed evaluation can be performed.
Human factors are a major element of security risks and testing, so specific treatment of these factors
is also covered in the syllabus.
Finally, security standards are examined since they form an important basis of security risk mitigation
and security testing.
th
The current syllabus outline (9 February 2013) is shown in the table below.

Chapter Section
Security Test Purposes, Goals and Strategies The Purpose of Security Testing
The Organizational Context
Security Testing Objectives
The Impact of Security Testing
Security Testing Strategies
Improvement of Security Testing Practices
Alignment of Security Testing
Advocating Security Testing
The Scope of Security Testing Security Risks
Understanding Stakeholder Needs In The Security
Testing Processes
Security Testing Processes Security Test Process Definition
Security Test Planning
Security Test Design
Security Test Execution

(Continued on next page)

Version 1.1 Page 19 of 23 April 12th 2013

© International Software Testing Qualifications Board
Certified Tester International
Expert Level Modules Overview Software Testing
Qualifications Board

The current security testing syllabus outline (9th February 2013), continued:

Chapter Section
Testing Security Protocols Authentication
Encryption
Firewalls
Intrusion Detection
Virus Scanning
Data Obfuscation
Information Security Policies and Procedures
Security Life Cycle Phases Understanding the Security Development Lifecycle
The Role of Security Testing in Early Development
Activities
The Role of Security Testing in Implementation
Activities
The Role of Security Testing in Verification
Activities
Human Factors in Security Testing Understanding the Attackers
Social Engineering
Ethical Hacking
Security Test Evaluation and Reporting Security Test Evaluation
Security Test Reporting
Designing a Security Test Dashboard
Security Test Analysis and Reporting
Security Testing Tools Types and Purposes of Security Testing Tools
Tool Selection
Tool Implementation
Tool Maintenance and Support
Standards and Industry Trends Security Standards
Security Testing Standards
Industry Trends

Version 1.1 Page 20 of 23 April 12th 2013

© International Software Testing Qualifications Board
Certified Tester International
Expert Level Modules Overview Software Testing
Qualifications Board

2.4.2 Business Outcomes

The expert security tester is able to perform each of the following tasks:
ST1 Lead the security test planning and security test design within an organization, project or
program to identify and manage security risks and to comply with organizational security
policies
ST2 Assess the current status of security risks and design security tests and preventative steps to
mitigate identified security risks throughout the project lifecycle
ST3 Evaluate the effectiveness of existing internal controls, security protocols and security tests
ST4 Align project and organizational security tests with the appropriate security policies and
security risks
ST5 Integrate security test activities to support the information assurance processes in an
organization
ST6 Design and perform security tests for a particular technology and system context, such as
mobile computing, safety critical systems and financial systems
ST7 Define requirements and evaluation criteria for appropriate security test tools in a given project
and organizational context
ST8 Set up a strategic policy for security testing, and implement that policy in an organization
ST9 Create a security test plan that integrates with a master test plan
ST10 Develop innovative concepts for security testing that include required roles, skills,
methodologies and tools.
ST10 Establish appropriate procedural controls to mitigate system security risks at the business
process level
ST10 Understand and apply relevant security standards to the security testing processes in an
organization
ST10 Understand and effectively manage the human issues associated with security testing

Version 1.1 Page 21 of 23 April 12th 2013

© International Software Testing Qualifications Board
Certified Tester International
Expert Level Modules Overview Software Testing
Qualifications Board

3. Abbreviations

Abbreviation Meaning
GQM Goal-Question-Metric
ISTQB International Software Testing Qualifications Board
LO Learning Objective

Version 1.1 Page 22 of 23 April 12th 2013

© International Software Testing Qualifications Board
Certified Tester International
Expert Level Modules Overview Software Testing
Qualifications Board

4. References

4.1 Trademarks
The following registered trademarks and service marks are used in this document:

®
ISTQB is a registered trademark of the International Software Testing Qualifications Board

4.2 Documents and Web-Sites

Identifier Reference
th
[ISTQB-EL-Rules-and- ISTQB Expert Level Rules and Recommendations, Version 1.0,11 March
Recs] 2011
[ISTQB-ITP-Syllabus] ISTQB Expert Level Syllabus: Improving the Test Process, Version 1.0.2,
th
16 April 2010. Available from [ISTQB-Web]
[ISTQB-ST-Syllabus] ISTQB Expert Level Syllabus: Security Testing. Currently under
development.
st
[ISTQB-TM-Syllabus] ISTQB Expert Level Syllabus: Test Management, Version 1.0., 1
November 2011. Available from [ISTQB-Web]
[ISTQB-TA-Syllabus] ISTQB Expert Level Syllabus: Test Automation. Currently under
development.
[ISTQB-Web] Web site of the International Software Testing Qualifications Board. Refer
to this website for the latest ISTQB Glossary and syllabi. (www.istqb.org)

Version 1.1 Page 23 of 23 April 12th 2013

© International Software Testing Qualifications Board