New! Advanced Web Attacks and Exploitation (AWAE)

Official OSWE Certification Course

  • NEW! online version of the industry-leading course that sells out within minutes at BlackHat every year
  • Premier, hands-on training for web application security & pentesting
  • Designed for all info security professionals and web application software developers
  • Highly recommended as a mandatory foundational course by leading cybersecurity
  • Official training course to earn the Offensive Security Web Expert (OSWE) certification

Offensive Security
Web Expert (OSWE)

Course Delivery


Accepted Payment Types
Visa, MasterCard, American
Express, PayPal

Course Overview

Advanced Web Attacks and Exploitation (AWAE) is the premier web application security and pentesting training. Through a unique combination of hands-on and classroom-based learning, AWAE condenses the time it takes for students to successfully learn about the complex tools, techniques, and approach that sophisticated cybercriminals use to create advanced exploits.

To take training outside of the classroom, each student receives access to a virtual penetration testing lab where techniques learned within the course can be practiced in a safe and legal environment. Upon successful completion of the course and certification exam, you will officially become an Offensive Security Web Expert (OSWE), which demonstrates you have mastered the art of exploiting front-facing web applications.

Who is this course for?

Advanced Web Attacks and Exploitation is not an entry-level course. It has been designed for:

  • Experienced penetration testers looking to take their web application testing skills to the next level
  • Web application developers who need to understand how their code is attacked

Course Prerequisites

Advanced Web Attacks and Exploitation has the following prerequisites:

  • Previous familiarity with web application attack vectors, theory, and practice
  • Familiarity with Linux in general, file permissions, navigation, editing, and running scripts
  • Ability to write simple Python / Perl / PHP / Bash scripts
  • Previous familiarity with web proxies, such as Burp Suite and similar tools

Only a few days into @offsectraining new #AWAE online course and already learned a TON! If your interested in learning complex web attack-chaining and advanced web app pentesting, this course is for you.

Course Overview & Syllabus

AWAE is not a fuzzing course and as such, the bulk of your time will be spent analyzing source code, decompiling Java, debugging DLLs, manipulating requests, and more, using tools like Burp Suite, dnSpy, JD-GUI, Visual Studio, and the trusty text editor. The course covers the following topics in detail; for a more complete breakdown of the course topics, please refer to the AWAE Syllabus.

  • Persistent Cross-Site Scripting
  • Session Hijacking
  • .NET Deserialization
  • Data Exfiltration
  • Bypassing File Extension Filters
  • Magic Hashes
  • PostgreSQL Extension and User Defined Functions
  • Bypassing REGEX restrictions
  • Cross-Site Request Forgery
  • Type Juggling
  • Blind SQL Injection
  • Bypassing File Upload Restrictions
  • Loose Comparisons
  • Bypassing Character Restrictions
  • PostgreSQL Large Objects
  • Debugging .NET Assemblies

What competencies will you gain?

  • Greater confidence in performing advanced web application source code auditing
  • Improved ability to analyze code, write scripts, and exploit web vulnerabilities
  • Ability to implement multi-step, chained attacks making use of multiple vulnerabilities
  • Increased comfort using creative and lateral thinking to achieve expanded view of standard vectors
  • Ability to think outside of the box in order to determine innovative ways of exploiting web vulnerabilities

Supporting Your Online Journey

6 Hours of Video Series

270+ Page Course Guide

Active Student Forums

Access to Virtual Lab Environment

Certification Process

Once you have completed the course and practiced your skills in our labs, you’re ready to take on the arduous certification exam – a real-world, hands-on penetration test that takes place in our isolated VPN exam network – and become an official Offensive Security Web Expert (OSWE).

Register for AWAE Course at least 10 days before you want to start

Step 1

Establish Connection to Virtual Lab

Progress through course materials. Practice in labs.

Schedule certification exam within 90 days of completing course

Successfully complete the 48-hour exam and earn your certification

Pricing and Payment

Course Packages Pricing (USD)
Advanced Web Attacks and Exploitation + 30 days Lab access + OSWE Exam Certification Fee USD 1400.00
Advanced Web Attacks and Exploitation + 60 days Lab access + OSWE Exam Certification Fee USD 1600.00
Advanced Web Attacks and Exploitation + 90 days Lab access + OSWE Exam Certification Fee USD 1800.00
OSWE Certification Exam Retake Fee USD 200.00

Accepted forms of payment (More options available during checkout)


You can also purchase additional lab access at anytime during your course.

Lab Extension (# of Days) Cost (USD)
AWAE Lab access – extension of 90 days USD 900.00
AWAE Lab access – extension of 60 days USD 700.00
AWAE Lab access – extension of 30 days USD 500.00
AWAE Lab access – extension of 15 days USD 300.00

AWAE and OSWE Most Frequently Asked Questions

What are the prerequisites for Advanced Web Attacks and Exploitation?

AWAE students should already have a moderate understanding of the underlying protocols and technologies involved in testing web applications such as the HTTP protocol, SSL communications, and the usage of various browser plugins and proxies. A basic familiarity with web based scripting languages such as PHP, Ruby, Java, JavaScript, .NET. C# is strongly recommended. Familiarity with Python would be considered a plus, as would basic Bash and Powershell scripting.

How can I purchase a lab extension?

You can purchase a lab extension using your personal purchase link whenever you wish. You will be able to schedule your challenge within 90 days from your lab extension ending date. Please use your unique purchase link in order to make your desired purchase. You will receive your lab account details within a few hours after your payment has been submitted.

Can I receive my course materials early?

It is not possible to receive the course materials prior to your course start date as our courses have been designed to be worked through in the labs as you progress through the materials.

How can I contact you for live technical support during the course?

You can find help and information about our courses, as well as contact our admins through live chat, on our support website available at:

How long is the OSWE exam?

You will have exactly 47 hours and 45 minutes to compromise several vulnerable targets during the exam.

Please see our full Offensive Security FAQ’s page, for more details.

Live AWAE Courses

Advanced Web Attacks and Exploitation Location Enroll Now
Black Hat USA – Aug 3-8 2019 Las Vegas Live Classes: SOLD OUT

The Only Performance-Based Penetration Testing Training in the Industry

Why settle for less? Join this information security training course and boost your career with real web application penetration testing skills.

Advanced Web Attacks and Exploitation Syllabus

To get a more in-depth indication of the course content and objectives of this Advanced Penetration Testing Training, please review the Course Syllabus.

40 (ISC)² CPE Credits

This course may qualify you for 40 (ISC)² CPE Credits after you submit your documentation at the end of the course or pass the certification challenge.

Advanced Web Attacks and Exploitation Training, From the Creators of Kali Linux!

The OSWE – A Real World Penetration Testing Certification

Learn how to discover and exploit web application vulnerabilities with Advanced Web Attacks and Exploitation. This pentest training course will teach you advanced attack vectors and lead toward marking you as an Offensive Security Web Expert (OSWE), with proven hands-on experience in the field.

X Close


Certified Pentesting

course starting at
$800 USD

Take Penetration Testing with Kali Linux to gain invaluable penetration testing skills and earn your OSCP.

  • Self-paced, online course
  • Includes certification exam fee
  • Access innovative virtual labs
  • Hands-on experience
  • Become an OSCP

Certified Pentesting

course starting at
$1200 USD

Take Cracking the Perimeter to take your penetration testing skills to expert levels and earn your OSCE.

  • Self-paced, online course
  • Includes certification exam fee
  • Access innovative virtual labs
  • Hands-on experience
  • Become an OSCE


Certified Pentesting
Web Expert

course starting at
$1400 USD

Take Advanced Web Attacks and Exploitation, to deep dive into web apps to earn your OSWE.

  • Self-paced, online course
  • Includes certification exam fee
  • Access innovative virtual labs
  • Hands-on experience
  • Become an OSWE

Certified Pentesting
Wireless Professional

course starting at
$450 USD

Take Offensive Security Wireless Attacks to acquire knowledge about Wi-Fi attacks and earn your OSWP.

  • Self-paced, online course
  • Includes certification exam fee
  • Access innovative virtual labs
  • Hands-on experience
  • Become an OSWP

Certified Exploitation

course starting at
Live Schedule

Take Advanced Windows Exploitation to develop exploits for Windows systems and earn your OSEE.

  • Live training course
  • Includes certification exam fee
  • Maximum instructor interaction
  • Highly challenging
  • Become an OSEE