Get your OSWA Certification with WEB-200 | OffSec

Train to become OSWA certified

WEB-200: Web Attacks with Kali Linux

Starting at $1,749

Level

200
|

224h of content

  • Learn web application security fundamentals using Kali Linux to find and exploit XSS, CSFR, SQLi, SSRF, XXE, CORS, SSTI, and more
  • Earn the OffSec Web Assessor (OSWA) certification upon passing the exam

Becoming OSWA certified

  • 24-hour proctored

    All exams are proctored by an OffSec employee in a private VPN

  • Hands-on labs

    Identify, exploit, and report real-world vulnerabilities in live lab systems

  • 5 independent targets

    Each target contains local.txt and proof.txt files

  • Exploit the web application

    Gain access to an authenticated administrator session and the proof.txt file form the server

OSWA certification

About the OSWA exam

The OffSec Web Assessor certification demonstrates your ability to identify and exploit vulnerabilities in web applications and stand out in the web security field

Start learning with OffSec

$2,749/year*

Best value

Learn One

Includes one year of access to one 200 or 300-level course, the associated labs, and two exam attempts

$1,749/once

Most popular

Course + Cert Bundle

Includes 90 days of access to one 200 or 300-level course, the associated labs, and a single exam attempt

Train your team with OffSec

$6,099/year*

All access

Learn Unlimited

Unlimited OffSec Learning Library access plus unlimited exam attempts for one year

Get a quote

Large teams

Learn Enterprise

Unlimited OffSec Learning Library access with flexible terms and volume discounts available

Validate your expertise.
Amplify your impact.

  • Mindset & work ethic

    Instill a relentless problem-solving mindset that employers value highly in security professionals

  • Globally recognized certification

    OffSec certs build elite, hands-on skills trusted by the world's top companies

  • Organization value & trust

    Trusted to train skilled, consistent, and reliable security teams

  • Certified candidates win

    91% of respondents prefer to hire candidates with certifications (Fortinet, 2024 Cybersecurity Skills Gap Report)

View of the PEN-200 syllabus in the OffSec portal

Realistic lab environments

Built to sharpen skills through practical, immersive learning

Request a free trial
View of the PEN-200 syllabus in the OffSec portal
  • On-demand lab access

    Train anytime in up-to-date, practical, cutting-edge labs

  • Structured learning modules

    Progress through clear, goal-driven topics

  • Challenge-based learning

    Build skills through real-world, hands-on challenges

  • AI-powered learning assisstant

    Get instant, guided help with complex topics

Success stories from the field

The challenges were far from easy, and it was evident that their intention was to evaluate not only technical skills but also the ability to think outside the box. Also, awesome experience, lots of fun!
AO
Andy Olchawa Offensive Security Professional
The way it's all presented, and the fact that there are VMs you can start that let us break the problem into smaller problems... makes for a very pleasant learning experience.
DM
Discord Community Member
Thank you OffSec for the thrilling challenges. Some of these machines really made me question my sanity. This 24-hour exam proved that web hacking can really be tricky and difficult.
Anaïs Dehandschutter Penetration Tester