
CSTL Web Technologies
Please click on the following tabs to reveal the knowledge depth required for a successful pass of the CSTL exam.
You will be given a random selection of questions. Please note exam content is subject to change due to circumstances beyond our control – use this as a guide and email us if you have any queries.
- Can identify web servers on a target network and can remotely determine their type and version.
- Has knowledge of vulnerabilities in the following common application frameworks, servers and technologies:
• .NET • J2EE • Coldfusion • Ruby on Rails • NodeJS
- Understands the purpose, operation, limitation and security attributes of web proxy servers.
- Understands and can demonstrate the remote exploitation of web servers.
- Understands the concepts of virtual hosting and web proxies.
- Can use spidering tools and understands their relevance in a web application test for discovering linked content.
- Understands and can demonstrate forced browsing techniques to discover default or unlinked content.
- Can identify functionality within client-side code.
- Understands all HTTP methods and response codes.
- Understands HTTP Header fields relating to security features.
- Understands and can demonstrate the use of web protocols, including:
• HTTP • HTTPS • Web Sockets.
- Understands and can demonstrate HTTP Request Smuggling.
- Understands common web mark-up and programming languages, including:
• .NET • ASP Classic • Perl • PHP • JSP • Python • JavaScript
- Understands and can demonstrate how the insecure implementationof software developed using these languages can be exploited(candidate may select two languages).
- Understands and can demonstrate the use of web-based APIs to remotely access remote services.
- Understands the use of tools and techniques to identify new OS and software vulnerabilities.
- Understands common authentication techniques used in web APIs, e.g. API keys.
- Can demonstrate the use of relevant tools to test APIs, e.g. SoapUI and Postman.
- Understands and can demonstrate how the insecure implementationof web-based APIs can be exploited.
- Understands different common payload formats such as XML and JSON.
- Understands how to interpret definition files, e.g. WSDL and Swagger.
- Can gather information from a web site and application mark-up or programming language, including:
• hidden form fields • database connection strings • user account credentials • developer comments
• external and/or authenticated-only URLs.
- Can gather information about a web site and application from the error messages it generates.
- Understands common authentication vulnerabilities, including:
• Transport of credentials over an unencrypted channel
• Testing for username enumeration • Brute-force testing • Authentication bypass
• Session hijacking • Insecure password reset features • Insufficient logout timeout/functionality
• Vulnerable CAPTCHA controls • Race Conditions • Lack of MFA
- Understands common pitfalls associated with the design and implementation of application authorisation mechanisms.
- Understands the importance of input validation and how itcan be implemented, e.g. allow-lists, deny-lists and regular expressions.
- Understands the need for server-side validation and the flawsassociated with client-side validation.
- Understands fuzzing and its use in web application testing.
- Understands the generation of fuzzing strings and their potential effects, including the dangers they may introduce.
- Understands cross-site-scripting (XSS) and can demonstratethe launching of a successful XSS attack.
- Understands the difference between persistent (stored) and reflected XSS.
- Can demonstrate the ability to identify, explain and prove the existence of the following types of network infrastructure vulnerabilities and exposures:• XXE • XML Injection • LDAP Injection
• ORM injection • SSI injection
• XPath injection • IMAP/SMTP injection
• Code injection • OS Commanding
- Identifying SQL injection.
- Exploiting UNION based injection.
- Exploiting auth bypass (' or 'a'='a).
- Exploiting SQL injection to execute operating system commands or read files.
- Can determine the existence of a blind SQL injectioncondition in a web application.
- Can exploit a blind SQL injection vulnerability.
- Identifying JWTs.
- Exploiting "none" signature or lack of signature checking in JWTs.
- Understanding the difference between HMAC and public key JWTs.
- Can identify the session control mechanism used within a web application.
- Understands and can exploit session fixation vulnerabilities.
- Understands the security implications of session IDs exposed in URLs.
- Understands the role of sessions in CSRF attacks.
- Identifying low entropy in sessions.
- Brute-forcing weak HMAC keys in JWTs.
- Understands how cryptography can be used to protect data in transit and data at rest, both on the server and client side.
- Understands the concepts of TLS and can determine whether a TLS-enabled web server has been configured in compliance with best practice (i.e. it supports recommended ciphers and key lengths).
- Identification and exploitation of encoded values (e.g. Base64).
- Identification and exploitation of cryptographic values (e.g. MD5 hashes).
- Understands parameter manipulation techniques, particularly the use of client-side proxies.
- Understands and can identify directory traversal vulnerabilities within applications.
- Understands and can identify common vulnerabilities with file upload capabilities within applications.
- Understands the role of MIME types in relation to file upload features.
- Can generate malicious payloads in a variety of common file formats.
- Can generate malicious payloads in a variety of common file formats.
- Can assess and exploit vulnerabilities within the functional logic, function access control and business logic of an application.