WEB-200: Foundational Web Application Assessments with Kali Linux
Learn the foundations of web application assessments with Foundational Web Application Assessments with Kali Linux (WEB-200). Learners who complete the course and pass the exam will earn the OffSec Web Assessor (OSWA) certification and will demonstrate their ability to leverage web exploitation techniques on modern applications. This course teaches learners how to discover and exploit common web vulnerabilities and how to exfiltrate sensitive data from target web applications. Learners that complete the course will obtain a wide variety of skill sets and competencies for web app assessments.
Learners will learn how to:
- Enumerate web applications and four common database management systems
- Manually discover and exploit common web application vulnerabilities
- Go beyond alert() and actually exploit other users with cross-site scripting
- Exploit six different templating engines, often leading to RCE
- The OSWA exam is a proctored exam
- The WEB-200 course and online lab prepares you for the OSWA certification
- Learn more about the exam
- Job roles like: Web Penetration Testers, Pentesters, Web Application Developers, Application Security Analysts, Application Security Architects, and SOC Analysts and other blue team members
- Anyone interested in expanding their understanding of Web Application Attacks, and/or Infra Pentesters looking to broaden their skill sets and Web App expertise
- All prerequisites for WEB-200 can be found within the Offsec Fundamentals Program, included with a Learn subscription
- Prerequisite Topics include:
- WEB-100: Web Application Basics
- WEB-100: Linux Basics 1 & 2
- WEB-100: Networking Basics
How to Enroll
Course & Cert
Fast-track your learning journey and earn a certificate in just 90 days. Includes one exam attempt.
One year of lab access to one OffSec course plus two exam attempts.
Unlimited OffSec Learning Library access plus unlimited exam attempts for one year.
Financing is now available through Climb Credit with as little as 0% APR and up to 36 monthly payments, excluding Learn Unlimited. Only available in the US, except IL. Learn more.
Once started, 90 day lab access cannot be paused
This course covers the following topics, View the full syllabus.
- Tools for the Web Assessor
- Cross-Site Scripting (XSS) Introduction, Discovery, Exploitation and Case Study
- Cross-Site Request Forgery (CSRF)
- Exploiting CORS Misconfigurations
- Database Enumeration
- SQL Injection (SQLi)
- Directory Traversal
- XML External Entity (XXE) Processing
- Server-Side Template Injection (SSTI)
- Server-Side Request Forgery (SSRF)
- Command Injection
- Insecure Direct Object Referencing
- Assembling the Pieces: Web Application Assessment Breakdown
- Learners will obtain a wide variety of skill sets and competencies for Web App Assessments
- Learners will learn foundational Black Box enumeration and exploitation techniques
- Learners will leverage modern web exploitation techniques on modern applications
- Over 7 hours of video
- 492-page PDF course guide
- Active learner forums
- Private lab environment
- Closed Captioning is available for this course
If a learner needs more lab access time or needs to retake an exam, Exam Retakes & Lab Extensions can be purchased additionally through the OffSec Training Library.
- OSWA Certification Exam Retake Fee: $249
- WEB-200 lab access extension of 30 days: $359