Offensive Security OSWA (WEB-200)
WEB-200 teaches students how to discover and exploit common web vulnerabilities, and how to exfiltrate sensitive data from target web applications. Students will obtain a wide variety of skill sets and competencies for web app assessments. Students who complete the course and pass the associated exam earn the Offensive Security Web Assessor (OSWA) certification, demonstrating their ability to leverage modern web exploitation techniques on modern applications. A certified OSWA candidate is prepared to take on the Advanced Web Attacks and Exploitation (WEB-300) course.
Training at a glance
Level
Intermediate
Duration
5 Days
Experience
4 years: Kali Linux
Average Salary
$153,000
Labs
Yes
Level
Intermediate
Duration
5 Days
Experience
4 years: Kali Linux
Average Salary
$153,000
Labs
Yes
Training Details
- Tools for the Web Assessor
- Cross Site Scripting (XSS) Introduction and Discovery
- Cross Site Scripting (XSS) Exploitation and Case Study
- Cross Origin Attacks
- Introduction to SQL
- SQL Injection (SQLi) and Case Study
- Directory Traversal
- XML External Entity (XXE) Processing
- Server Side Template Injection (SSTI)
- More Topics added monthly*
*The OffSec Training Library will be updated continuously with new Topics on an approximately monthly cadence. Not every course or content area will receive an update every month, but some course or content area will receive an update approximately monthly.
- Module 1: Secrets of Success with WEB200
- Module 2: Tools
- Module 3: Cross-Site Scripting Introduction and Discovery
- Module 4: Cross-Site Scripting Exploitation and Case Study
- Module 5: Cross-Origin Attacks Same-
Origin Policy - Module 6: SQL Injection
- Module 7: Directory Traversal Attacks
- Module 8: XML External Entities
- Module 9: Server-side Template Injection - Discovery and Exploitation
- Module 10: Command Injection
- Module 11: Server-side Request Forgery
- Module 12: Insecure Direct Object Referencing
- Module 13: Assembling the Pieces: Web Application Assessment Breakdown
- Students will obtain a wide variety of skill sets and competencies for Web App Assessments
- Students will learn foundational Black Box enumeration and exploitation techniques
- Students will leverage modern web exploitation techniques on modern applications
- Job roles like: Web Penetration Testers, Pentesters, Web Application Developers, Application Security Analysts, Application Security Architects, and SOC Analysts and other blue team members
- Anyone interested in expanding their understanding of Web Application Attacks, and/or Infra Pentesters looking to broaden their skill sets and Web App expertise
- All prerequisites for WEB-200 can be found within the Offsec
- Fundamentals Program, included with a Learn One or
- Learn Unlimited subscription
- Prerequisite Topics include:
- PEN-100: Web Application Basics
- PEN-100: Linux 1 & 2
- PEN-100: Networking Basics
- Course Materials
- Active Student Forums
- Access to Home Lab Setup
Also available in On-Demand formats below:
Learn Fundamentals Package – $799
- 1 year unlimited access to all fundamental content and OffSec curated Learning Paths
- 365 days of lab access
- PEN-103 + 1 KLCP exam attempt
- PEN-210 + 1 OSWP exam attempt
- Easily upgrade at any time to a Learn One subscription.
- Learn More
OR
Learn One Package – $2,599
- 1 year of access to the course of your choice
- 2 exam attempts during your subscription
- 365 days of lab access
- Access to all 100-level content for 1 year
- 1 year of unlimited access to all fundamental content and OffSec curated Learning Paths
- PEN-103 + 1 KLCP exam attempt
- PEN-210 + 1 OSWP exam attempt
- Proving Grounds Practice labs
- Learn More
OR
Learn Unlimited Package – $5,799
- 1 year of access to unlimited course & content
- Unlimited exam attempts during your subscription
- 365 days of lab access
- 1 year of unlimited access to all fundamental content and OffSec curated Learning Paths
- Access to all 100-level content for 1 year
- PEN-103 + unlimited KLCP exam attempts
- PEN-210 + unlimited OSWP exam attempts
- Proving Grounds Practice labs
- 3 downloads of course material
- Learn More
Upcoming Classes
PROUD OFFSEC PARTNERSHIP
We Offer More Than Just OffSec Training
That’s because we provide everything you need to succeed. This is true for all of our courses.
Strategic Planning & Project Management
From Lean Six Sigma to Project Management Institute Project Management Professional, Agile and SCRUM, we offer the best-in-class strategic planning and project management training available. Work closely with our seasoned multi-decade project managers.
IT & Cybersecurity
ATA is the leading OffSec and Hack the Box US training provider, and a CompTIA and EC-Council award-winning training partner. We offer the best offensive and defensive cyber training to keep your team ahead of the technology skills curve.
Leadership & Management
Let us teach your team the high-level traits and micro-level tools & strategies of effective 21st-century leadership. Empower your team to play to each others’ strengths, inspire others and build a culture that values communication, authenticity, and community.
