CSTM Web Technologies

Please click on the following tabs to reveal the knowledge depth required for a successful pass of the CSTM exam.

You will be given a random selection of questions. Please note exam content is subject to change due to circumstances beyond our control – use this as a guide and email us if you have any queries.

  • Can identify web servers on a target network and can remotely determine their type and version.
  • Has knowledge of vulnerabilities in the following common application frameworks, servers and technologies:

    • .NET • J2EE • Coldfusion • Ruby on Rails • NodeJS

  • Understands the purpose, operation, limitation and security attributes of web proxy servers.
  • Understands and can demonstrate the remote exploitation of web servers.
  • Understands the concepts of virtual hosting and web proxies.

  • Can use spidering tools and understands their relevance in a web application test for discovering linked content.
  • Understands and can demonstrate forced browsing techniques to discover default or unlinked content.
  • Can identify functionality within client-side code.

 

  • Understands all HTTP methods and response codes.
  • Understands HTTP Header fields relating to security features.
  • Understands and can demonstrate the use of web protocols, including:

• HTTP • HTTPS • Web Sockets.

  • Understands common web mark-up and programming languages, including:

    • .NET • ASP Classic • Perl • PHP • JSP • Python • JavaScript

  • Understands and can demonstrate how the insecure implementationof software developed using these languages can be exploited(candidate may select two languages).

  • Understands and can demonstrate the use of web-based APIs to remotely access remote services.
  • Understands the use of tools and techniques to identify new OS and software vulnerabilities.
  • Understands common authentication techniques used in web APIs, e.g. API keys.
  • Can demonstrate the use of relevant tools to test APIs, e.g. SoapUI and Postman.
  • Understands and can demonstrate how the insecure implementationof web-based APIs can be exploited.
  • Understands different common payload formats such as XML and JSON.
  • Understands how to interpret definition files, e.g. WSDL and Swagger.
  • Can gather information from a web site and application mark-up or programming language, including:

    • hidden form fields • database connection strings • user account credentials • developer comments

    • external and/or authenticated-only URLs.

  • Can gather information about a web site and application from the error messages it generates.
  • Understands common authentication vulnerabilities, including:

    • Transport of credentials over an unencrypted channel

    • Testing for username enumeration • Brute-force testing • Authentication bypass

    • Session hijacking • Insecure password reset features • Insufficient logout timeout/functionality

    • Vulnerable CAPTCHA controls • Race Conditions • Lack of MFA

  • Understands common pitfalls associated with the design and implementation of application authorisation mechanisms.

  • Understands the importance of input validation and how it can be implemented, e.g. allow-lists, deny-lists and regular expressions.
  • Understands the need for server-side validation and the flaws associated with client-side validation.

 

  • Understands fuzzing and its use in web application testing.
  • Understands cross-site-scripting (XSS) and can demonstratethe launching of a successful XSS attack.
  • Understands the difference between persistent (stored) and reflected XSS.
  • Identifying SQL injection.
  • Exploiting UNION based injection.
  • Exploiting auth bypass (' or 'a'='a).
  • Exploiting SQL injection to execute operating system commands or read files.

  • Can determine the existence of a blind SQL injection condition in a web application.
  • Can exploit a blind SQL injection vulnerability.

  • Identifying JWTs.
  • Exploiting "none" signature or lack of signature checking in JWTs.
  • Understanding the difference between HMAC and public key JWTs.
  • Can identify the session control mechanism used within a web application.
  • Understands and can exploit session fixation vulnerabilities.
  • Understands the security implications of session IDs exposed in URLs.
  • Understands the role of sessions in CSRF attacks.
  • Understands how cryptography can be used to protect data in transit and data at rest, both on the server and client side.
  • Understands the concepts of TLS and can determine whether a TLS-enabled web server has been configured in compliance with best practice (i.e. it supports recommended ciphers and key lengths).
  • Identification and exploitation of encoded values (e.g. Base64).
  • Identification and exploitation of cryptographic values (e.g. MD5 hashes).

  • Understands and can identify directory traversalvulnerabilities within applications.

  • Understands and can identify common vulnerabilities with file upload capabilities within applications.
  • Understands the role of MIME types in relation to file upload features.
  • Can generate malicious payloads in a variety of common file formats.
  • Can generate malicious payloads in a variety of common file formats.
  • Can assess and exploit vulnerabilities within the functional logic, function access control and business logic of an application.