Exam Syllabus: CSTM

Understands backported patches, and the effect they have on scanning tools

Can obtain operating system patch levels on UNIX-like and Windows operating systems.

Keep accurate records of changes made to the systems during an assessment

Understanding of the different types of testing (blackbox, whitebox, etc) and their relative advantages and disadvantages

Understands the security implications of session IDs exposed in URLs

Understands the need for server-side validation and the flaws associated with client-side validation

Can demonstrate the mapping of a network using a range of tools, such as traceroute, traceroute and ping, and by querying active searches, such as DNS and SNMP servers

Understands the security implications of shared media and can exploit its vulnerabilities during a penetration test

Can assess and exploit vulnerabilities within the functional logic, function access control and business logic of an application

Can generate malicious payloads in a variety of common file formats