By Jim O’Gorman
Our Advanced Web Attacks and Exploitation (AWAE) live training course has been one of the fastest-selling classes at various industry events for years. The Black Hat classes perennially sell out in a matter of minutes, and every year we’re snowed under by demand from security professionals wondering when we’ll offer it online. For this reason, today we’re excited to announce AWAE is now available online.
Penetration testing today is changing. Attackers today are creative and often use seemingly minor vulnerabilities in tandem with one another to devastating effect. To protect their organizations from such techniques, pentesters need to have an adversarial mindset and go beyond just identifying the obvious flaws.
We believe AWAE fills a major gap in the penetration testing training market. Like all Offensive Security courses, it is hands-on and practical, and thus significantly accelerates its students’ understanding of web attacks and exploitations. AWAE graduates leave the course with an improved ability to think like an attacker and map out exactly how an adversary could exploit a flaw.
One graduate of the AWAE live course, Jared McLaren of Secureworks’ adversarial security testing organization, sums up the value very well:
“The AWAE training provides valuable hands-on techniques that will sharpen the skills of both those aspiring to discover their first zero day and seasoned veterans looking to add new tricks to their arsenal,”
said Jared McLaren, Technical Lead, Application Security Testing, Secureworks Adversarial Security Testing.
“The training takes a deep technical dive on a number of vulnerabilities discovered in the wild based on common web languages and debugging the supporting application stacks. Whether it’s reviewing source code for implementation flaws, developing new attack tools by hand, or chaining a set of vulnerabilities to achieve remote code execution, the AWAE lays the blueprint on how web testers truly try harder.”
The course is intense – six hours of video, over 200 pages of material, and a dedicated virtual lab that helps students prepare for the arduous certification exam. However, those who eventually pass get the much sought-after OSWE certification, and are better equipped to pro-actively reduce organizations’ threat surfaces than ever before.
We’ve made a number of announcements in the past few months since we first secured our growth investment from Spectrum Equity. We did a complete re-design of Exploit Database late last year, then appointed a new CEO in January. Stay tuned to this space for further updates as we plan to make more resources and training options available for aspiring pentesters in the coming months.