The Offensive Security Web Expert (OSWE) is an entirely hands-on web application penetration testing security certification. The OSWE challenges the students to prove they have a clear and practical understanding of the web application assessment and hacking process through a challenging twenty four (24) hour certification exam.
The OSWE exam consists of a dedicated vulnerable network, which is designed to be compromised within a 24-hour time period. The exam is entirely hands-on and is completed with the candidate submitting an in-depth penetration test report of the OSWE network consisting of the steps required to exploit each application. The coveted OSWE certification is awarded to students who successfully gain administrative access to systems on the vulnerable network.
Real World Exams
The OSWE examination is comprised of a virtual network consisting of various web applications and operating systems. The successful examinee will demonstrate their ability to fingerprint the web applications, identify any vulnerabilities found, and successfully exploit them. The candidate is required to submit a comprehensive penetration test report, containing in-depth notes and screen shots detailing their findings. Points are awarded for each compromised host, based on their difficulty and level of access obtained.
Real World Benefits
An OSWE, by definition, is able to identify existing vulnerabilities in web applications using various technologies and execute organized attacks in a controlled and focused manner. An OSWE is able to do more than launch pre-written exploits but is also able to audit code successfully. The twenty-four hour examination also demonstrates that OSWE’s have a certain degree of persistence and determination. Perhaps more importantly, an OSWE has demonstrated their ability to think “outside the box” and “laterally.”
OSWE Holders Can
- Audit web application code to find vulnerabilities.
- Develop exploits for vulnerable web applications.
- Analyze, correct, modify and port exploit code.
- Implement various techniques to bypass sanitization filters.
- Demonstrate creative problem solving and lateral thinking.
In order to enroll for the OSWE certification exam, you must first complete the Advanced Web Attacks and Exploitation course.