OffSec

Advanced Web Attacks and Exploitation Training

WEB-300

Advanced Web Attacks and Exploitation (WEB-300)

We are a Premier Provider of WEB-300 OffSec OSWE Training. In Advanced Web Attacks and Exploitation, you will learn white box web app pentesting methods. The bulk of your time will be spent analyzing source code, decompiling Java, debugging DLLs, manipulating requests and more, using tools like Burp Suite, dnSpy, JD-GUI, Visual Studio, and the trusty text editor.

Training at a glance

Level

Intermediate

Duration

5 Days

Experience

2 years: Programming & Security

Average Salary

$112,301

Labs

Yes

Level

Intermediate

Duration

5 Days

Experience

2 years: Programming & Security

Average Salary

$112,301

Labs

Yes

Training Details

Course Overview

Advanced Web Attacks and Exploitation (WEB-300) is an advanced web application security review course. We teach the skills needed to conduct white box web app penetration tests.

With the 2021 update, WEB-300 now features three new modules, updated existing content, new machines, plus refreshed videos.

Students who complete the course and pass the exam earn the OffSec Web Expert (OSWE) certification, demonstrating mastery in exploiting front-facing web apps. The OSWE is one of three certifications making up the new OSCE3 certification, along with the OSEP for advanced pentesting and the OSED for exploit development.

Course Outline

The course covers the following topics.

Cross-Origin Resource Sharing (CORS) with CSRF and RCE
JavaScript Prototype Pollution
Advanced Server-Side Request Forgery (SSRF)
Web security tools and methodologies
Source code analysis
Persistent cross-site scripting
Session hijacking
.NET deserialization
Remote code execution
Blind SQL injection
Data exfiltration
Bypassing file upload restrictions and file extension filters
PHP type juggling with loose comparisons
PostgreSQL Extension and User Defined Functions
Bypassing REGEX restrictions
Magic hashes
Bypassing character restrictions
UDF reverse shells
PostgreSQL large objects
DOM-based cross site scripting (black box)
Server-side template injection
Weak random token generation
XML external entity injection
RCE via database functions
OS command injection via WebSockets (black box)

Intended Audience

All students are required to have:

Comfort reading and writing at least one coding language (Java, .NET, JavaScript, Python, etc)
Familiarity with Linux: file permissions, navigation, and editing and running scripts
Ability to write simple Python / Perl / PHP / Bash scripts
Experience with web proxies such as Burp Suite and similar tools
General understanding of web app attack vectors, theory, and practice
Experienced penetration testers who want to better understand white box web app pentesting
Web application security specialists
Web professionals working with the codebase and security infrastructure of a web application

Prerequisites

Comfort reading and writing at least one coding language
Familiarity with Linux
Ability to write simple Python / Perl / PHP / Bash scripts
Experience with web proxies
General understanding of web app attack vectors, theory, and practice

Features

Course Materials
Active Student Forums
Access to Home Lab Setup
Instructors with decades of cumulative real world experience</>

Learn One Package – $2,499

One course
365 days of lab access
Two exam attempts
Plus exclusive content

Learn Unlimited Package – $5,499

All courses
365 days of lab access
Unlimited exam attempts
Plus exclusive content

Follow-On Courses

PEN-300: Advanced Evasion Techniques and Breaching Defenses

SOC-200: Foundational Security Operations and Defensive Analysis

EXP-301: Windows User Mode Exploit Development

EXP-312: Advanced macOS Control Bypasses

EXP-401: Advanced Windows Exploitation

Upcoming Classes

PROUD OFFSEC PARTNERSHIP

We are proud to be an OffSec Learning, Government, and Channel Partner. We pride

ourselves on providing award winning boot camps and direct mentoring in our classrooms,

Online Live or at your location. The only immersive Authorized Instructor-Led OffSec

training available – join us today.

Black Hat USA Delivery Partner

Learn more about our Authorized OffSec training courses at
BLACK HAT USA 2024!

We Offer More Than Just OffSec Training

Our successful training results keep our corporate and military clients returning.
That’s because we provide everything you need to succeed. This is true for all of our courses.

Strategic Planning & Project Management

From Lean Six Sigma to Project Management Institute Project Management Professional, Agile and SCRUM, we offer the best-in-class strategic planning and project management training available. Work closely with our seasoned multi-decade project managers.

IT & Cybersecurity

ATA is the leading OffSec and Hack the Box US training provider, and a CompTIA and EC-Council award-winning training partner. We offer the best offensive and defensive cyber training to keep your team ahead of the technology skills curve.

Leadership & Management

Let us teach your team the high-level traits and micro-level tools & strategies of effective 21st-century leadership. Empower your team to play to each others’ strengths, inspire others and build a culture that values communication, authenticity, and community.

Strategic Planning & Project Management

IT & Cybersecurity

Leadership & Management

Jessica B

2024-05-13

Excellent professional team and the class was great. The instructor, J Chaney, really did a great job explaining the concepts and keeping the class engaging. I credit ATA with helping me pass the exam on the first try.

MDP

2024-05-10

Great classes for IT advancement with outstanding instructors. The staff are also awesome with aiding in enrollment and solving any issues.

Tony L

2024-04-22

ATA is a good way to take an IT course as the instructors are very knowledgeable and present topics in a way that is easy to understand. The staff is also great. In my experience they have responded and resolved any questions or issues I had in a timely manner. I would recommend ATA to anyone that is looking to get IT certifications as I have used them for CompTIA Net+ and Sec +.

AlAmin Smith (Swizzkillz)

2024-04-09

I've taken so many boot camps through them. They always deliver with the content and customer service. If I have questions, I get answers. If there is a class I have an interest in, they look into getting it added. I just completed another course and it well as usual. ATA is one of the best resources I have available to me to complete my goals in the cyber field.

chriscaliforniaa

2024-04-09

Big Thanks to Applied Technology Academy! Last year, I made a big decision to make a career change! Before, I didn’t have a roadmap. I did my research and found ATA. Since I want to pursue in Cybersecurity, I went to their Sec+ bootcamp last year to learn so much material and I would say that they’re the best! Great staff and military friendly! Thank you guys so much and shout out to Mr. J. Chaney! Definitely the best to ever do it! Great instructor! Now i am Sec+ certified!

Stephon Shaffer

2024-02-29

I've been working with ATA for awhile since I began going down the path of IT. I was able to attain Security+, Certified Ethical Hacker, and the CCNA cert through them. I want to give big shout out to Laura Campbell!! She has been amazing as far as making sure documentation is prepared, sending out upcoming classes way in advance, and executing things quick. She provides valuable resource and goes out of her way to get things done. I was going for the Fortinet NSE 4 cert, which is not a common curriculum provide on the itinerary, but she went and made it happen and ensured that it would be covered. I couldn't take the course due to other reasons, but the fact that she was able to make it happen truly solidified my heart with ATA. Thank you Laura and thank you ATA!! I look forward to enrolling into the CCNP course with you all very soon.

Nicole Watson

2023-05-17

This school is hands down the BEST IT school I have attended for SEC+. I have attended SEC+ twice at Fort Gordon and the information that is taught there was so outdated. I appreciate Applied Technology Academy so much! I actually enjoyed the instruction, it was not hard to follow, and the instructor, Mr. Chaney, was extremely knowledgeable. He was able to communicate to the lowest level from Beginner to advanced. Our class had 100% pass rate of who took the exam after the course was over. After the exam I was able to contact the instructor and Ms. Liz Pernaselci for more information. I was provided with the audio from the course to go over in the event I needed to brush up. We are also allowed to log in to any SEC+ Course afterwards without paying an additional fee. I really appreciate this school and will be attending more courses in the future!

Hey there Dontworryboutit

2023-01-13

I had 0 computer knowledge or background going into the Security + class. J made it understandable and easily digestible. The classes were thorough and the study material was exactly what was needed to help prepare for the test. Cannot recommend this enough for people trying to get into the security field.

Henoc Placide

2022-10-17

Security + course was very well taught and easily digested. Course material provided definitely prepared for course exam.

Training Categories

Training Сourses

1. Talk To An Expert

2. Select Your Date

3. Elevate Your Career

Recent Stories

Cloud Computing

Data Analyst

Data Scientist

Defensive Security

Machine Learning Engineer

Offensive Security

Network Admin

Florida Individual Training

Florida Team Training

Recent Stories

Popular Certification Training

Training Сourses

IT Certification Training

SoftSkills Training

Six Sigma

Project Management Training

Custom Solutions

Recent Stories

Strategic Planning and Project Management

IT and Cybersecurity

Sales and Operations

Recent Stories

IT Certification Training

SoftSkills Training

Six Sigma

Project Management Training

Featured Courses

Recent Stories

Become An Instructor

Look Inside ATA Mindset and Mission

Featured Courses

Recent Stories

Advanced Web Attacks and Exploitation Training

Advanced Web Attacks and Exploitation (WEB-300)

Training at a glance

Level

Duration

Experience

Average Salary

Labs

Level

Duration

Experience

Average Salary

Labs

Training Details

Upcoming Classes

PROUD OFFSEC PARTNERSHIP

Black Hat USA Delivery Partner

We Offer More Than Just OffSec Training

Strategic Planning & Project Management

IT & Cybersecurity

Leadership & Management

this can be your story too

Check out our Course Catalog

Engage in our world class learning experience.

Drop us your information and we will get back to you.

What we offer

Locations

Check out our
Course Catalog