- Plan, perform, and evaluate security tests from a variety of perspectives
- Evaluate an existing security test suite and identify any additional security tests needed.
- Analyze a given set of security policies and procedures, along with security test results, to determine effectiveness.
- For a given project scenario, identify security test objectives based on functionality, technology attributes and known vulnerabilities.
- Analyze a given situation and determine which security testing approaches are most likely to succeed in that situation.
- Identify areas where additional or enhanced security testing may be needed.
- Evaluate effectiveness of security mechanisms.
- Help the organization build information security awareness.
- Demonstrate the attacker mentality by discovering key information about a target, performing actions on a test application in a protected environment that a malicious person would perform, and understand how evidence of the attack could be deleted.
- Analyze a given interim security test status report to determine the level of accuracy, understandability, and stakeholder appropriateness.
- Analyze and document security test needs to be addressed by one or more tools.
- Understand the role of security standards (including security test standards), where to find them, and how to stay current with security developments worldwide.
- Security testers
- Software testers who wish to develop a specialty in security testing
- Security administrators who wish to learn how to test new and existing defenses
- Developers who want to learn secure coding techniques
- Project managers who want to learn how security testing fits in the project lifecycle