Hands-on Web Security CourseOfficial OSWE Certification Course
Advanced Web Attacks and Exploitation
Advanced Web Attacks and Exploitation (AWAE) is an especially demanding course, requiring a great deal of time and attention from the student.
For this reason, we recommend a clear schedule to focus on the material to get the most from the course-ware.
At this time, AWAE is only offered as a live course. We publish the available classes on this site as well as our twitter feed, so be sure to keep your eyes open. When booking a class, be sure to keep your evenings free. You will want to spend that time working case studies and reviewing the provided reading material as this is one of the more intense and challenging courses that Offensive Security Offers.
Can’t make it to a scheduled training or need to have a large group trained from your organization? Offensive Security In-House Training can bring our Advanced Web Attacks and Exploitation course to you.
Computer Lab Requirements
You want to bring a serious laptop along – one able to run 3 VMs with ease. Please do not bring netbooks or other low screen resolution systems.
- 64bit Host operating system
- A minimum 8 GB RAM installed
- VMware Workstation / Fusion installed
- At least 60 GB HD free
- Wired Network Support
- USB 2.0 support or better
The Offensive Security Web Expert (OSWE) is an entirely hands-on web application penetration testing certification. The OSWE challenges the students to prove they have a clear and practical understanding of the web application assessment and hacking process through a challenging twenty-four-hour certification exam.
The OSWE exam consists of a remotely-hosted dedicated vulnerable network, which is designed to be compromised within a 24-hour time period. The exam is entirely hands-on and is completed with the candidate submitting an in-depth penetration test report of the OSWE network consisting of the steps required to exploit each application. The coveted OSWE certification is awarded to students who successfully gain administrative access to systems on the vulnerable network.
Web services depend on the experts who help keep them running. You could become one of them.
As an AWAE Certified Professional, you will harness the Information Security Skills needed to successfully penetrate web services, web applications and the security of the web.
Real-World Web Applications
All of the case studies in Advanced Web Attacks and Exploitation are large web applications that are widely deployed in enterprise networks.
The systems studied include internet security gateways, web-mail applications, system management software, and more.
Almost ALL websites have serious security vulnerabilities, study shows – information-age.com
Topics covered in Advanced Web Attacks and Exploitation
- Advanced XSS attacks and exotic payloads
- Leveraging CSRF attacks to achieve remote code execution
- Advanced SQL injection attacks
- Compound attacks making use of multiple vulnerabilities
- Bypassing character restrictions in payloads
- Remote command execution attacks
- Advanced file inclusion attacks
- Real world attacks on widely deployed network infrastructure applications
40 (ISC)² CPE Credits
This course may qualify you for 40 (ISC)² CPE Credits after you submit your documentation at the end of the course or pass the certification challenge.
Each module is supported by a real-world lab simulation that provides students with hands on exercises – allowing students to gain actual experience in encountering and overcoming the difficulties that surface in real-life penetration tests. Far from canned examples, students are placed in situations in which they have to solve real problems.
Scheduled AWAE Courses
|Item||Price in USD|
|Black Hat USA 2018 – Las Vegas, NV – Aug 4-9||SOLD OUT|
Due to a fully booked schedule, Offensive Security is not booking new public or private AWAE courses at this time.
The Only Performance Based Penetration Testing Training in the Industry
Don’t settle for less. Join the leading penetration testing course and boost your infosec career with real Penetration Testing skills.