Chapter 6 – Test Tools
Security Testing Tool – ISTQB Definition
Last Updated: July 12, 2026 · SoftwareTestPilot QA Team
Official ISTQB Definition
A tool that supports operational security by scanning for vulnerabilities, misconfigurations, or attack surfaces.
In simple words
Burp Suite, OWASP ZAP, Nessus — scan for vulnerabilities and simulate attacks.
Exam tip
Security tools split into SAST (static), DAST (dynamic), IAST and RASP.
Related terms
- Security TestingTrying to break in, leak data, or escalate privileges — before an attacker does.
- Attack TestingDeliberately attack the system the way a real attacker would — SQL injection, XSS, buffer overflows.
- Static Analysis ToolSonarQube, ESLint, SpotBugs — analyzes code without running it and flags problems.
Practice this term in the ISTQB Mock Test
40 CTFL v4.0 questions, 60-minute timer, instant scoring and chapter-wise breakdown.
Practice in Mock Test