Train to become OSWA certified
WEB-200: Web Attacks with Kali Linux
Starting at $1,749
Level
200231h of content
- Learn web application security fundamentals using Kali Linux to find and exploit XSS, CSFR, SQLi, SSRF, XXE, CORS, SSTI, and more
- Earn the OffSec Web Assessor (OSWA) certification upon passing the exam
Becoming OSWA certified
-
24-hour proctored
All exams are proctored by an OffSec employee in a private VPN
-
Hands-on labs
Identify, exploit, and report real-world vulnerabilities in live lab systems
-
5 independent targets
Each target contains local.txt and proof.txt files
-
Exploit the web application
Gain access to an authenticated administrator session and the proof.txt file form the server
OSWA certification
About the OSWA exam
The OffSec Web Assessor certification demonstrates your ability to identify and exploit vulnerabilities in web applications and stand out in the web security field
Start learning with OffSec
$2,749/year*
Best value
Learn One
Includes one year of access to one 200 or 300-level course, the associated labs, and two exam attempts
$1,749/once
Most popular
Course + Cert Bundle
Includes 90 days of access to one 200 or 300-level course, the associated labs, and a single exam attempt
Train your team with OffSec
$6,099/year*
All access
Learn Unlimited
Unlimited OffSec Learning Library access plus unlimited exam attempts for one year
Get a quote
Large teams
Learn Enterprise
Unlimited OffSec Learning Library access with flexible terms and volume discounts available
Validate your expertise.
Amplify your impact.
-
Mindset & work ethic
Instill a relentless problem-solving mindset that employers value highly in security professionals
-
Globally recognized certification
OffSec certs build elite, hands-on skills trusted by the world's top companies
-
Organization value & trust
Trusted to train skilled, consistent, and reliable security teams
-
Certified candidates win
91% of respondents prefer to hire candidates with certifications (Fortinet, 2024 Cybersecurity Skills Gap Report)
Realistic lab environments
Built to sharpen skills through practical, immersive learning
Request a free trial -
On-demand lab access
Train anytime in up-to-date, practical, cutting-edge labs
-
Structured learning modules
Progress through clear, goal-driven topics
-
Challenge-based learning
Build skills through real-world, hands-on challenges
-
AI-powered learning assisstant
Get instant, guided help with complex topics
Success stories from the field
The challenges were far from easy, and it was evident that their intention was to evaluate not only technical skills but also the ability to think outside the box. Also, awesome experience, lots of fun!
The way it's all presented, and the fact that there are VMs you can start that let us break the problem into smaller problems... makes for a very pleasant learning experience.
Thank you OffSec for the thrilling challenges. Some of these machines really made me question my sanity. This 24-hour exam proved that web hacking can really be tricky and difficult.
NightHorn
The most perceptive can slip through any defense, unnoticed and untouchable.
Level
OSWA Certification
WEB-200
Origin
Born from the silence of the night, Vex soars through the web with keen precision. Vex’s eyes pierce through layers of code and hidden vulnerabilities, silently watching, analyzing, and striking when least expected. With the wisdom of ages, Vex uncovers the secrets others fail to see, every move calculated, leaving no trace but the success of the mission.
Strengths
Guru in web exploitation; uncovers hidden vulnerabilities and weak points that evade detection.
Traits
Tactics of choice
Silent exploitation with surgical precision, bypassing defenses without a whisper of detection.
Flexible pricing for teams of any size
Scalable options to fit your team's training needs
