Become a Partner
Add OffSec to your list of training providers
Partner with usBlog
Mar 12, 2020
Find out where to start with OffSec’s information security training courses. We outline our learning paths to certification and career development.
7 min read
[vc_row][vc_column][vc_column_text]
Offensive Security offers information security courses to develop our students along three paths: penetration testing, web application security, and wireless security.
While our courses are best-known among established or aspiring penetration testers, those in IT careers can also benefit from information security training. System, network, and database administrators, IT analysts, web app developers, and others in IT and web development should also consider how they can secure their systems, networks, and apps.
Which training path should you consider at OffSec?
Learn more about starting each path in the following sections.
Jump to section: Penetration Testing | Web Application Security | Wireless Security
Understanding how systems and networks can be attacked – and how an attacker thinks – gives you the edge in better security. If you learn how to attack a system, you can spot new ways to defend it – which is why OffSec believes that a solid understanding of offensive techniques improves your ability to counter them defensively.
A penetration tester focuses on identifying vulnerabilities within a system, network, or application. They conduct assessments to identify issues or weaknesses in a client’s environment that an attacker may abuse.
The foundational knowledge required to become a pentester is often developed in software development, network and system administration, and other IT roles.
A solid understanding of Linux and Windows operating systems forms the basis of a penetration tester’s skill set. Knowledge of scripting languages such as Python, Ruby, and Bash also helps.
Finally, good communication skills are critical. Being able to draft findings into a report and to help other areas of the business understand the impact beyond the IT department is key.
Penetration Testing with Kali Linux (PWK) is the foundational penetration testing course at Offensive Security. It introduces tools and techniques while instilling the Try Harder mindset.
In PWK, some of the things you’ll learn include:
This course was massively overhauled for 2020; we more than doubled the course materials, refreshed the existing lab machines, and added 33% more new machines. You can review the full course syllabus here.
Completing the course and passing the exam confers the Offensive Security Certified Professional (OSCP) certification, which will be especially valuable if you seek to transition from IT to a more security-focused role.
Web app security training at OffSec focuses on taking a deep dive into source code review. While still focusing on penetration testing, a web app security specialist offers greater value if they can read, understand, and exploit code, not just scan it.
Web application security assessments are most effective when you have access to the source code – the white box approach. Reviewing code for logical vulnerabilities can reveal a function that can be exploited externally or on the backend, one that may not have been uncovered in a simple scan.
The strongest web application security specialists will have a deep understanding of the entire software development lifecycle from both a front-end and a back-end perspective. A solid understanding of HTML, JavaScript, Java, Python, and .NET is the foundation of this path.
To grow your skill set, get familiar with Linux and Windows operating systems, including file permissions, navigation, editing, and running scripts. Next, become familiar with standard attack vectors, theory, and practice. Finally, you’ll want to get some experience with web proxies like Burp Suite. A course like PWK can help with this.
We teach white box web app pentesting in Advanced Web Attacks and Exploitation. In AWAE, you’ll learn how to:
Students following this learning path can take an exam to earn their Offensive Security Web Expert (OSWE) certification. Earning your OSWE will demonstrate to employers that not only are you a capable penetration tester, but also that you possess specialized knowledge of web application security.
For web developers – particularly those building apps for sensitive industries like healthcare, finance, and government – it signals your dedication to security by design, not just privacy by design.
Wireless networks and devices represent additional security challenges. Insufficiently secured wireless networks can represent opportunities for attackers to access confidential information, deliver malware, execute man-in-the-middle attacks, and more. Learning how these and other vulnerabilities can be exploited enables you to better defend against them.
To progress on the wireless security path, you’ll need familiarity with Linux and a solid understanding of TCP/IP and the OSI model. Previous experience in network administration will provide a firm starting point to transition to wireless security.
Our Wireless Attacks (WiFu) course offers greater insight into wireless security and increases our students’ awareness of the need for real-world security solutions. In WiFu, you’ll learn how to audit, compromise, and secure wireless devices and networks.
Competencies gained include:
To take the course, the student will need their own wireless card and access point. Hardware recommendations can be found under the course description. Students will practice concepts learned in the course in a home lab.
For those students seeking to prove their wireless security skills, OffSec also offers the Offensive Security Wireless Professional (OSWP) certification.
Before engaging in any information security training or penetration testing course, step back and consider your learning goals.
At OffSec, we stress the importance of learning, rather than simply gathering certifications. While a certification serves as formalized proof of your skills and can open doors, what’s more important is that you’ve understood and can use the course content.
We recommend starting your learning journey with OffSec by taking PWK, regardless of which path you choose. As the foundational penetration testing course, PWK teaches the tools, techniques, and mindset necessary to succeed as a top information security professional.
While AWAE is an advanced course, penetration testers and web developers with extensive experience may be able to start here. You should be solid in all of the areas listed under the “Required Skills” in the Web Application Security Training section before starting AWAE.
Likewise, you may be able to attempt WiFu without taking PWK if you have solid experience with networking and wireless devices.
If you’re trying to decide how to select information security training for your business or organization, download our free guide as a starting point. We also have a dedicated team of experts available to answer questions.[/vc_column_text][/vc_column][/vc_row][vc_row][vc_column][vc_raw_html]JTNDJTIxLS1IdWJTcG90JTIwQ2FsbC10by1BY3Rpb24lMjBDb2RlJTIwLS0lM0UlM0NzcGFuJTIwY2xhc3MlM0QlMjJocy1jdGEtd3JhcHBlciUyMiUyMGlkJTNEJTIyaHMtY3RhLXdyYXBwZXItZTE4NTkyZjctMGQ0Ni00ZTlmLTlkNTAtZGU1NTYwNWRlYzNjJTIyJTNFJTNDc3BhbiUyMGNsYXNzJTNEJTIyaHMtY3RhLW5vZGUlMjBocy1jdGEtZTE4NTkyZjctMGQ0Ni00ZTlmLTlkNTAtZGU1NTYwNWRlYzNjJTIyJTIwaWQlM0QlMjJocy1jdGEtZTE4NTkyZjctMGQ0Ni00ZTlmLTlkNTAtZGU1NTYwNWRlYzNjJTIyJTNFJTNDJTIxLS0lNUJpZiUyMGx0ZSUyMElFJTIwOCU1RCUzRSUzQ2RpdiUyMGlkJTNEJTIyaHMtY3RhLWllLWVsZW1lbnQlMjIlM0UlM0MlMkZkaXYlM0UlM0MlMjElNUJlbmRpZiU1RC0tJTNFJTNDYSUyMGhyZWYlM0QlMjJodHRwcyUzQSUyRiUyRmN0YS1yZWRpcmVjdC5odWJzcG90LmNvbSUyRmN0YSUyRnJlZGlyZWN0JTJGNTg1MjQ1MyUyRmUxODU5MmY3LTBkNDYtNGU5Zi05ZDUwLWRlNTU2MDVkZWMzYyUyMiUyMCUyMHRhcmdldCUzRCUyMl9ibGFuayUyMiUyMCUzRSUzQ2ltZyUyMGNsYXNzJTNEJTIyaHMtY3RhLWltZyUyMiUyMGlkJTNEJTIyaHMtY3RhLWltZy1lMTg1OTJmNy0wZDQ2LTRlOWYtOWQ1MC1kZTU1NjA1ZGVjM2MlMjIlMjBzdHlsZSUzRCUyMmJvcmRlci13aWR0aCUzQTBweCUzQiUyMiUyMGhlaWdodCUzRCUyMjYyOCUyMiUyMHdpZHRoJTNEJTIyMTI4MCUyMiUyMHNyYyUzRCUyMmh0dHBzJTNBJTJGJTJGbm8tY2FjaGUuaHVic3BvdC5jb20lMkZjdGElMkZkZWZhdWx0JTJGNTg1MjQ1MyUyRmUxODU5MmY3LTBkNDYtNGU5Zi05ZDUwLWRlNTU2MDVkZWMzYy5wbmclMjIlMjAlMjBhbHQlM0QlMjJEb3dubG9hZCUyME5vdyUzQSUyMFNlbGVjdGluZyUyMHRoZSUyMEJlc3QlMjBJbmZvcm1hdGlvbiUyMFNlY3VyaXR5JTIwVHJhaW5pbmclMjBmb3IlMjBZb3VyJTIwT3JnYW5pemF0aW9uJTIyJTJGJTNFJTNDJTJGYSUzRSUzQyUyRnNwYW4lM0UlM0NzY3JpcHQlMjBjaGFyc2V0JTNEJTIydXRmLTglMjIlMjBzcmMlM0QlMjJodHRwcyUzQSUyRiUyRmpzLmhzY3RhLm5ldCUyRmN0YSUyRmN1cnJlbnQuanMlMjIlM0UlM0MlMkZzY3JpcHQlM0UlM0NzY3JpcHQlMjB0eXBlJTNEJTIydGV4dCUyRmphdmFzY3JpcHQlMjIlM0UlMjBoYnNwdC5jdGEubG9hZCUyODU4NTI0NTMlMkMlMjAlMjdlMTg1OTJmNy0wZDQ2LTRlOWYtOWQ1MC1kZTU1NjA1ZGVjM2MlMjclMkMlMjAlN0IlN0QlMjklM0IlMjAlM0MlMkZzY3JpcHQlM0UlM0MlMkZzcGFuJTNFJTNDJTIxLS0lMjBlbmQlMjBIdWJTcG90JTIwQ2FsbC10by1BY3Rpb24lMjBDb2RlJTIwLS0lM0UlMEElM0NiciUyMCUyRiUzRSUwQUZyZWUlMjBkb3dubG9hZCUzQSUyMCUzQ2ElMjBocmVmJTNEJTIyaHR0cHMlM0ElMkYlMkZjdGEtcmVkaXJlY3QuaHVic3BvdC5jb20lMkZjdGElMkZyZWRpcmVjdCUyRjU4NTI0NTMlMkZlMTg1OTJmNy0wZDQ2LTRlOWYtOWQ1MC1kZTU1NjA1ZGVjM2MlMjIlMjAlMjB0YXJnZXQlM0QlMjJfYmxhbmslMjIlMjAlM0VTZWxlY3RpbmclMjB0aGUlMjBCZXN0JTIwSW5mb3JtYXRpb24lMjBTZWN1cml0eSUyMFRyYWluaW5nJTIwZm9yJTIwWW91ciUyME9yZ2FuaXphdGlvbiUzQyUyRmElM0U=[/vc_raw_html][/vc_column][/vc_row]
Enterprise Security
The Fortinet 2024 Skills Gap report shines a light on critical issues that plague the cybersecurity industry. Here are our main takeaways.
Sep 6, 2024
6 min read
Insights
The OffSec team was at the Black Hat USA 2024 conference and we are excited to share our top 5 favorite talks.
Sep 6, 2024
5 min read
We’re sharing all of the important information related to the OSCP+ so you can know what this means for past, current and future learners.
Sep 4, 2024
2 min read