Offensive Security Web Expert

Home Information Security Certifications Offensive Security Web Expert

What is an OSWE?

The Offensive Security Web Expert (OSWE) is an entirely hands-on web application penetration testing security certification. The OSWE challenges the students to prove they have a clear and practical understanding of the web application assessment and hacking process through a challenging twenty four (24) hour certification exam.

The OSWE exam consists of a remotely-hosted dedicated vulnerable network, which is designed to be compromised within a 24-hour time period. The exam is entirely hands-on and is completed with the candidate submitting an in-depth penetration test report of the OSWE network consisting of the steps required to exploit each application. The coveted OSWE certification is awarded to students who successfully gain administrative access to systems on the vulnerable network.

Offensive Security Web Expert (OSWE)

Real World Exams

The OSWE examination is comprised of a virtual network consisting of various web applications and operating systems. The successful examinee will demonstrate their ability to fingerprint the web applications, identify any vulnerabilities found, and successfully exploit them. The candidate is required to submit a comprehensive penetration test report, containing in-depth notes and screen shots detailing their findings. Points are awarded for each compromised host, based on their difficulty and level of access obtained.

Real World Benefits

An OSWE, by definition, is able to identify existing vulnerabilities in web applications using various technologies and execute organized attacks in a controlled and focused manner. An OSWE is able to do more than launch pre-written exploits but is also able to audit code successfully. The twenty-four hour examination also demonstrates that OSWE’s have a certain degree of persistence and determination. Perhaps more importantly, an OSWE has demonstrated their ability to think “outside the box” and “laterally.”

Are You Ready for the Challenge?

The only way to take the OSWE certification exam is to first complete the Advanced Web Attacks and Exploitation course.