Web App Fundamentals

Understanding the Fundamentals of Web Application Security

Offensive Security

Web application security can be a rewarding career path. However, the web application security space, and cybersecurity industry as a whole, lives in a constant state of change. An unrelenting curiosity and passion for lifelong learning is mandatory for anyone seeking to specialize in this niche. Here are some fundamentals to help you pursue these skills.

Read More
Cybersecurity Awareness Month 2019

Cybersecurity Awareness Month 2019

Offensive Security

October is National Cybersecurity Awareness Month. It’s an effort to raise awareness about cybersecurity among those who aren’t typically aware or concerned. For those of us in the infosec industry, it’s a good reminder that we’re in a position to mentor those around us in having safer online lives.

In support of Cybersecurity Awareness Month 2019, we’ve gathered some basic resources you can share with friends and family outside infosec.

Read More

Meet Csaba Fitzl, Student Graduate of Every Offensive Security Course

Offensive Security

Only a handful of students in Offensive Security history have ever completed all of our available courses. Considering the wide range of module topics and the high difficulty level that comes with each course, it’s a monumental accomplishment.

Meet Csaba Fitzl, a seasoned penetration tester and graduate of all five Offensive Security courses.

Meet Csaba Fitzl, a seasoned penetration tester and graduate of all five Offensive Security courses.

Read More
analyzing-a-creative-attack-chain

Analyzing a Creative Attack Chain Used to Compromise a Web Application

Offensive Security

What if someone was able to access and steal your company’s intellectual property or customer data? These are the types of concerns Chief Information Security Officers lose sleep over. Despite conducting frequent and independent security audits, even the most security focused organizations can remain susceptible to the latest vulnerabilities and attacks.

Today, most organizations handle sensitive personal and business data in web based applications, and as a result, allocating resources towards vulnerability mitigation isn’t a choice anymore, it’s a must.

In this piece, we’ll analyze a creative scenario where a malicious actor can use an attack chain to exploit a web application via Simple Network Management Protocol (SNMP) > Cross-site scripting (XSS) > Remote Code Execution (RCE).

Read More
5-best-practices-web-app-security

5 Best Practices for Web Application Security

Offensive Security

When it comes to web application security, there are many measures you can implement to reduce the chances of an intruder stealing sensitive data, injecting malware into a webpage, or public defacement. As more and more organizations transition their business operations to web applications, security in the development process can no longer be an afterthought. Whether it’s a code injection, privilege escalation, DDoS attack, or a vulnerable element, bad actors are constantly looking for creative ways to manipulate exploits for personal gain.

We’ve rounded up our top five (5) best practices to help you fortify your application security.

Read More
Black Hat USA 2019 Recap

BlackHat 2019 Recap

Offensive Security

BlackHat has always been one of our favorite industry conferences. Although OffSec has been providing educational workshops for years at BlackHat, this was our first year holding an official booth. The booth was a major hit, as we had the opportunity to chat with long-time Offensive Security alumni and also meet some new faces…

Did you attend one our BlackHat workshops or stop by the OffSec booth? If so, we’d love to hear about your experience and any feedback you might have — tag us on Twitter @OffSecTraining!

Read More
Tony Punturiero, aka tjnull

Sitting down with OffSec’s new community manager, Tony Punturiero

Offensive Security

Our team is super excited to welcome Tony Punturiero, founding member and moderator of NetSecFocus, as Offensive Security’s new community manager. Some of you may know Tony already, as he’s been a knowledgeable InfoSec community member long before he officially joined us.

As community manager, Tony will ensure that OffSec does an even better job of communicating with our customers, listening to feedback, and advocating internally as the voice of our customers.

Read More
oscp-oswp-osce-review

OSCP/OSCE/OSWP Review

Offensive Security

It’s no secret that Offensive Security offers some of the best technical training in the information security field. Their brand has become synonymous with penetration testing in the eyes of most tech recruiters on LinkedIn.

Some of the most common questions I get on LinkedIn are related to the OSCP/OSCE/OSWP certifications. Some people even go as far as asking for solutions to their exam machines. Sorry, you won’t be finding anything like that here (TRY HARDER). I will however offer an honest review and offer some tips to help you decide if you are ready to take the plunge into any of these 3 awesome courses!

This article originally appeared on Jul 20, 2019, posted by Joey Lane and has been republished unedited and in its entirety with permission from the author. Original post: https://blog.own.sh/oscp-osce-oswp-review/

Read More
Kali netHunter Android App Store

Kali NetHunter App Store – Public Beta

Kali NetHunter

Kali NetHunter has been undergoing a ton of changes as of late. Now supporting over 50 devices and running on Android devices from KitKat (v4.4) to Pie (v9.0), its amazing the extra capabilities that have been introduced.

But, we don’t want to stop there. After a ton of work, we are really excited to introduce the Kali NetHunter App Store!

Read More
Visit offsec at BlackHat 2019

Come see OffSec at BlackHat in Vegas

Offensive Security

For those planning on attending Black Hat in Las Vegas on August 3-8, come stop by our booth (#2604) in the Business Hall — which will be available August 7-8. Members from many different teams of OffSec will be there and would love to meet you! Rumors are swirling that we’ll also be handing out special Challenge Coins to visitors that Try Harder… so make sure to stop by.

Read More

AWAE Now Available Anywhere, Anytime

Offensive Security

Our Advanced Web Attacks and Exploitation (AWAE) live training course has been one of the fastest-selling classes at various industry events for years. The Black Hat classes perennially sell out in a matter of minutes, and every year we’re snowed under by demand from security professionals wondering when we’ll offer it online. For this reason, today we’re excited to announce AWAE is now available online…

Read More
OSCP Cheating

Cheating Attempts and the OSCP

Offensive Security

Last week, an individual started to release solutions to certain challenges in the OSCP certification exam. This led to some discussion on Twitter and made it clear to us that there is a fair amount of misunderstanding about what’s on the exam, how we catch cheaters, how many people attempt to cheat, and what happens when they are discovered. In this post, we would like to shine some light on our certification process.

Read More
Ning Wang

Offensive Security Appoints Ning Wang as CEO to Lead Organization’s Next Stage of Growth

Offensive Security

Today we all constantly read about data breaches that could have been prevented if the impacted organization had just done what they were supposed to do. The unfortunate reality is that cyberattacks are now a matter of ‘when’ and not ‘if’ for the average enterprise. Yet the landscape is changing and protecting your environment is actually getting more challenging not less.

Cyber adversaries are more organized and talented than ever, so an effective cyber defense now requires more than just following the right processes. Today’s enterprises need defenders who perform their jobs with an adversarial mindset. While this need is becoming more acute every day, we are also presently in the midst of an enormous cybersecurity skills shortage. These two forces are diametrically opposed and there is only one way toward resolution – practical security training.

This being the case, I couldn’t be happier to join Offensive Security as the company’s next CEO.

Read More
AWAE now Online!

NOW AVAILABLE ONLINEAdvanced Web Attacks and Exploitation (AWAE)

You can now take OffSec's most popular in-person training as an online course.

Learn More
LinkedIn
Vimeo
GitHub
RSS

Follow us on Twitter

Follow Offensive Security Follow Kali Linux Follow Exploit Database

Jump Start your InfoSec Career Today!

PWK For those who need to acquaint themselves with the world of offensive information security.
CTP In-depth examination of the vectors used by today’s attackers to breach infrastructure security.
AWE Offensive Security’s most demanding and challenging Windows exploitation course.
AWAE Take a deep dive deep into the realm of advanced web application penetration testing.
Wi-Fu Learn to conduct effective attacks against wireless networks of varying configurations.
Certified Pen Tester

Archives



Menu
X Close

 

Certified Pentesting
Professional

OSCP
course starting at
$800 USD

Take Penetration Testing with Kali Linux to gain invaluable penetration testing skills and earn your OSCP.

View Course
  • Self-paced, online course
  • Includes certification exam fee
  • Access innovative virtual labs
  • Hands-on experience
  • Become an OSCP

Certified Pentesting
Expert

OSCE
course starting at
$1200 USD

Take Cracking the Perimeter to take your penetration testing skills to expert levels and earn your OSCE.

View Course
  • Self-paced, online course
  • Includes certification exam fee
  • Access innovative virtual labs
  • Hands-on experience
  • Become an OSCE

 

Certified Pentesting
Web Expert

OSWE
course starting at
$1400 USD

Take Advanced Web Attacks and Exploitation, to deep dive into web apps to earn your OSWE.

View Course
  • Self-paced, online course
  • Includes certification exam fee
  • Access innovative virtual labs
  • Hands-on experience
  • Become an OSWE

Certified Pentesting
Wireless Professional

OSWP
course starting at
$450 USD

Take Offensive Security Wireless Attacks to acquire knowledge about Wi-Fi attacks and earn your OSWP.

View Course
  • Self-paced, online course
  • Includes certification exam fee
  • Access innovative virtual labs
  • Hands-on experience
  • Become an OSWP

Certified Exploitation
Expert

OSEE
course starting at
See
Live Schedule

Take Advanced Windows Exploitation to develop exploits for Windows systems and earn your OSEE.

View Course
  • Live training course
  • Includes certification exam fee
  • Maximum instructor interaction
  • Highly challenging
  • Become an OSEE