Learn the foundations of web application assessments with Offensive Security’s new course, Web Attacks with Kali Linux (WEB-200), designed for job roles such Web Application Penetration Testers, Pentesters, and Web Application Developers.
WEB-200 teaches students how to discover and exploit common web vulnerabilities, and how to exfiltrate sensitive data from target web applications. Students will obtain a wide variety of skill sets and competencies for web app assessments.
Students who complete the course and pass the associated exam earn the Offensive Security Web Assessor (OSWA) certification, demonstrating their ability to leverage modern web exploitation techniques on modern applications. A certified OSWA candidate is prepared to take on the Advanced Web Attacks and Exploitation (WEB-300) course.
Topics on Server Side Request Forgery (SSRF) and Command Injection coming soon to WEB-200!
New Training Subscriptions
LEARN ONE and LEARN UNLIMITED
Enjoy flexible learning options with the new Offensive Security Training Library subscriptions – Learn One and Learn Unlimited
This course covers the following Topics. View the WEB-200 syllabus.
- Tools for the Web Assessor
- Cross Site Scripting (XSS) Introduction and Discovery
- Cross Site Scripting (XSS) Exploitation and Case Study
- Cross Origin Attacks
- Introduction to SQL
- SQL Injection (SQLi) and Case Study
- Directory Traversal
- XML External Entity (XXE) Processing
- Server Side Template Injection (SSTI)
- Server Side Request Forgery (SSRF)
- Command Injection – targeting Q1 2022
- Insecure Direct Object Referencing – targeting Q1 2022
- Putting it all together – targeting Q1 2022
- Challenge Labs release 1 – targeting Q1 2022
- Challenge Labs release 2 – targeting Q2 2022
- Challenge Labs release 3 – targeting Q2 2022
- Exam – targeting end of Q2 2022
EXPLANATION OF TERMS
Topics: All WEB-200 Topics contain text, videos, and exercises in the Offsec Training Library. Note that videos may or may not be released at the same time as the text is.
Topic Lab Machines: Lab machines that are included with each Topic relate to that Topic’s hands-on exercises and help students apply the skills they’ve learned to a specific subject matter. The scope of a Topic machine is simply that machine’s Topic. Topic Lab Machines are released together with the topic text.
Exercises: Topics include both question-and-answer type exercises, as well as hands-on exercises with Lab machines.
Challenge Labs: Challenge Labs are additional sets of machines that allow students to apply the techniques and skills they have learned in the whole course to novel scenarios. They are meant to consolidate the knowledge contained in the course material and Topic Labs. The scope of Challenge Lab is the full course content.
WHAT COMPETENCIES WILL YOU GAIN?
- Students will obtain a wide variety of skill sets and competencies for Web App Assessments
- Students will learn foundational Black Box enumeration and exploitation techniques
- Students will leverage modern web exploitation techniques on modern applications
The new Fundamental content covered in WEB-100, included with a Learn subscription, prepares you to take WEB-200. Topics include:
- Introduction to Web Secure Coding
- Web Attacker Methodology
With more Topics added frequently!
WEB-200 ( 2 exam attempts) + PEN-210 (and 1 exam attempt) + 365 days lab access + WEB-100 + KLCP (and 1 exam attempt) + PG Practice
All courses + 365 days lab access + WEB-100 + KLCP + unlimited exam attempts + PG Practice
|Note: One subscription is needed per student. Sharing a subscription with more than one student is a violation of OffSec's academic policy and can lead to being banned.|