Skip to main content
back to List back
on this page

OSWA OffSec Web Assessor - Foundational Web Application Assessments with Kali Linux (WEB-200)

post-event
price $8,500
Offensive security
Jon Michael Mancao
Advanced
5 Days
Penetration Testing
Sat 18 Nov - Wed 22 Nov
price $8,500

Summary

Learn the foundations of web application assessments with Foundational Web Application Assessments with Kali Linux (WEB-200). Learners who complete the course and pass the exam will earn the OffSec Web Assessor (OSWA) certification and will demonstrate their ability to leverage web exploitation techniques on modern applications.

This course teaches learners how to discover and exploit common web vulnerabilities and how to exfiltrate sensitive data from target web applications. Learners that complete the course will obtain a wide variety of skill sets and competencies for web app assessments.

Detailed Description

Learn the foundations of web application assessments with Offensive Security’s new course, Web Attacks with Kali Linux (WEB-200).
WEB-200 teaches students how to discover and exploit common web vulnerabilities, and how to exfiltrate sensitive data from target web applications. Students will obtain a wide variety of skill sets and competencies for web app 
assessments. 

Students who complete the course and pass the associated exam earn the Offensive Security Web Assessor (OSWA) certification, demonstrating their ability to leverage modern web exploitation techniques on modern applications. A certified 
OSWA candidate is prepared to take on the Advanced Web Attacks and Exploitation (WEB-300) course.

Benefits

  • Perform stored and reflected XSS 
  • Attack four common database management systems with SQLi 
  • Exploit six different templating engines often leading to RCE with SSTI

Agenda / Topics to be Covered

This course covers the following topics, View the full syllabus: https://www.offsec.com/documentation/WEB-200-Syllabus.pdf

  • Tools for the Web Assessor
  • Cross-Site Scripting (XSS) Introduction, Discovery, Exploitation and Case Study
  • Cross-Site Request Forgery (CSRF)
  • Exploiting CORS Misconfigurations
  • Database Enumeration 
  • SQL Injection (SQLi)
  • Directory Traversal
  • XML External Entity (XXE) Processing
  • Server-Side Template Injection (SSTI)
  • Server-Side Request Forgery (SSRF)
  • Command Injection
  • Insecure Direct Object Referencing
  • Assembling the Pieces: Web Application Assessment Breakdown

Target audience / Who should take this course

  • Job roles like: Web Penetration Testers, Pentesters, Web Application Developers, Application Security Analysts, Application Security Architects, SOC Analysts, and other blue team members
  • Anyone interested in expanding their understanding of Web Application Attacks, and/or Infra Pentesters looking to broaden their skill sets and Web App expertise

Student requirements [knowledge pre-requisites]:

  • All prerequisites for WEB-200 can be found within the Offsec Fundamentals Program, included with a Learn subscription
  • Prerequisite Topics include:
  • WEB-100: Web Application Basics
  • WEB-100: Linux Basics 1 & 2
  • WEB-100: Networking Basics

What students should bring with them to the class: 

  •  Laptop

What students will be provided with onsite:  

  • Wi-Fi Internet

About the Exam 

  • The OSWA exam is a proctored exam
  • The WEB-200 course and online lab prepares you for the OSWA certification