EC-Council CEH

CEH v4 Domain #5: Web Application Hacking

Greg Belding
November 29, 2021 by
Greg Belding

Organizations that want to maximize the chances of not being another statistic of malicious hacking can hire a certified ethical hacker. These “white hat” hackers test an organization's systems, networks, and overall information security. The Certified Ethical Hacker, or CEH, certification is a well-renowned cert that verifies the knowledge and skills of these “white hat” heroes.

The CEH certification is currently on Exam Blueprint v4.0, which has changed how the domains of knowledge are presented. This article will detail domain #5 of CEH Exam Blueprint v4.0, Web Application Hacking. It will explore what the CEH certification is, changes since the last exam version, who the target audience is, and the content that Domain #5 of the CEH exam certification will cover.

Earn your CEH, guaranteed!

Earn your CEH, guaranteed!

Get hands-on hacking experience and live expert, instruction. Enroll now to claim your Exam Pass Guarantee!

What is the CEH certification?

The CEH certification verifies that the holder has a practical understanding of the phases of ethical hacking, the various attack vectors, and the preventative countermeasures used by ethical hackers. It certifies that the holder knows how to think and act like a malicious hacker to better position your organization’s information security measures and better defend against real-world attacks. It is premised on the idea that if you understand vulnerabilities and system weaknesses your organization faces, you can better strengthen system security controls in the face of malicious activity and attacks.

Who is the target audience for CEH?

From a high-level view, any information security professional wants their organization to be better positioned in the face of attacks and malicious activity. Below is a list of roles that typically earn this certification:

  • Information Security Analyst
  • Information Assurance Security Officer
  • Information Security Manager/Specialist
  • Information Systems Security Engineer/Manager
  • Information Security Professionals/Officers
  • Risk/Threat/Vulnerability Analyst
  • Information Security/IT Auditors

What has changed since CEH Exam Blueprint v3?

They say that the only thing constant in life is change, which applies to the new CEH Exam Blueprint. Normally, I offer a side-by-side comparison of the old and new exam versions, but in the case of CEH, so much has changed we will keep it brief. Domain #5 of CEH Exam Blueprint v3.0 was entitled “Procedures/Methodology.” It consisted of two subdomains, making up 8.77% of CEH exam content and accounting for 11 exam questions.

In CEH Exam Blueprint v4.0, domain #5 is titled “Web Application Hacking,” which covers 16% of CEH exam content and represents 20 CEH certification exam questions. The three subdomains of Domain #5 are as follows:

  • Hacking Web Servers
  • Hacking Web Applications
  • SQL Injection

Let’s explore this content below.

Hacking web servers

  • Web Server Concepts
    • Web Server Security Issues
    • Open Source Web Server Architecture
    • IIS Web Server Architecture

  • Web Server Attacks
    • Attack Types
      • DoS/DDoS Attacks
      • DNS Server Hijacking
      • DNS Amplification Attack
      • Directory Traversal Attacks
      • Man-in-the-Middle/Sniffing Attack
      • Phishing Attacks
      • Website Defacement
      • Web Server Misconfiguration
      • HTTP Response Splitting Attack
      • Web Cache Poisoning Attack
      • SSH Brute-Fore Attack

    • Other Attack Types
      • Cookie Tampering
      • DoS Attack
      • SQL Injection
      • Session Hijacking
      • Cross-site Request Forgery (CRSF) Attack
      • Cross-Site Scripting (XSS) Attack
      • Buffer overflow

  • Web Server Attack Methodology
    • Information Gathering
    • Web Server Footprinting
    • Vulnerability Scanning
    • Session Hijacking
    • Hacking Web Passwords
  • Web Server Attack Tools
  • Web Server Countermeasures
  • Patch Management
  • Web Server Security Tools

Hacking web applications

  • Web App Concepts
    • Server Administrator
    • Application Administrator
    • Client
    • Web 2.0

  • Web App Threats
    • Cookie Poisoning
    • Insecure Storage
    • Information Leakage
    • Directory Traversal
    • Parameter/Form Tampering
    • DOS Attack
    • Buffer Overflow
    • Log Tampering
    • SQL Injection
    • Cross-Site (XSS)
    • Cross-Site Request Forgery
    • Security Misconfiguration
    • Broken Session Management
    • DMZ Attacks
    • Session Hijacking
    • Network Access Attacks

  • Web App Hacking Methodology
    • Footprint Web Infrastructure
    • Analyze Web Applications
    • By-pass Client-side Control
    • Attack Authentication Mechanism
    • Authorization Attack Schemes
    • Attack Access Control
    • Session Management AttackPerform Injection Attacks
    • Attack Database Connectivity
    • Attack Web Client
    • Attack Web Services
    • Web APIs, WebHooks, & Web Shell
  • Footprint Web Infrastructure
  • Analyze web Applications
  • Bypass Client-Side Controls
  • Attack Authentication Mechanism
  • Attack Authorization Schemes
  • Attack Access Controls
  • Attack Session Management Mechanism
  • Preform Injection Attacks
  • Attack Application Logic Flaws
  • Attack Shared Environments
  • Attack Database Connectivity
  • Attack Web App Client
  • Attack Web Services
  • Web API, Webhooks and Web Shell
  • Web App Security

SQL injection

  • SQL Injection Concepts
    • The Scope of SQL Injection
      • Measuring SQL Impact by observing the following parameters:
        • Bypassing Authentication
        • Revealing Sensitive Information
        • Compromising Data Integrity
        • Erasing the Database
        • Remote Code Execution

  • Types of SQL Injection
    • In-band SQLi
    • Inferential SQLi
    • Out-of-band SQLi

  • SQL Injection Methodology
    • Information Gathering and SQL Injection Vulnerability Detection
    • Advanced SQL Injection
  • SQL Injection Tools
  • Evasion Techniques
  • SQL Injection Countermeasures

Earn your CEH, guaranteed!

Earn your CEH, guaranteed!

Get hands-on hacking experience and live expert, instruction. Enroll now to claim your Exam Pass Guarantee!

Learning about domain 5 of CEH

Certified Ethical Hacker, or CEH, is a certification intended for information security professionals who want to bring ethical hacking benefits to their organization. You have to pass the CEH certification exam to earn this certification, which is now operating under the v4.0 Exam Blueprint and has significantly changed the material covered in CEH domain #5, Web Application Hacking Hacking. Use this article as your roadmap to this domain of the CEH exam that you will have to master to earn this ethical hacking certification. 



Greg Belding
Greg Belding

Greg is a Veteran IT Professional working in the Healthcare field. He enjoys Information Security, creating Information Defensive Strategy, and writing – both as a Cybersecurity Blogger as well as for fun.