The Offensive Security Web Expert (OSWE) is an entirely hands-on web application penetration testing security certification. The OSWE challenges the students to prove they have a clear and practical understanding of the web application assessment and hacking process through a challenging twenty four (24) hour certification exam.
The OSWE exam consists of a remotely-hosted dedicated vulnerable network, which is designed to be compromised within a 24-hour time period. The exam is entirely hands-on and is completed with the candidate submitting an in-depth penetration test report of the OSWE network consisting of the steps required to exploit each application. The coveted OSWE certification is awarded to students who successfully gain administrative access to systems on the vulnerable network.
The OSWE examination is comprised of a virtual network consisting of various web applications and operating systems. The successful examinee will demonstrate their ability to fingerprint the web applications, identify any vulnerabilities found, and successfully exploit them. The candidate is required to submit a comprehensive penetration test report, containing in-depth notes and screen shots detailing their findings. Points are awarded for each compromised host, based on their difficulty and level of access obtained.
An OSWE, by definition, is able to identify existing vulnerabilities in web applications using various technologies and execute organized attacks in a controlled and focused manner. An OSWE is able to do more than launch pre-written exploits but is also able to audit code successfully. The twenty-four hour examination also demonstrates that OSWE’s have a certain degree of persistence and determination. Perhaps more importantly, an OSWE has demonstrated their ability to think “outside the box” and “laterally.”