Advanced Web Attacks and Exploitation Updated!

AWAE: Updated with More Content for 2020


Offensive Security is giving you more, MUCH more, for the same price with the Advanced Web Attacks and Exploitation (AWAE) 2020 course update. We’ve added 50% more content with new modules, custom private machines, and practice labs to give you an even deeper understanding of web application security practices. Who doesn’t love getting more for the same price?

More details of what’s included in the update can be found below.


We wanted to give those who haven’t taken the Offensive Security Web Expert (OSWE) certification exam even more ways to practice and sharpen their skills. For alumni who already hold an OSWE certification, this is a great opportunity to refresh your knowledge, learn some new topics, and continue your education and professional development.


AWAE is great for experienced network penetration testers and web application developers who are ready to move up to the next level.

We recommend that AWAE students come to the course with a moderate understanding of the underlying protocols and technologies involved in testing web applications. It’s also helpful to have some familiarity with languages like PHP, JavaScript, and C#.

So what exactly did we add? Read on to find out


  • Modules: We’ve added 3 new modules with over 150 pages of new content, covering vulnerabilities like:
    • XML external entity injection
    • Weak random token generation
    • DOM XSS
    • Server side template injection
    • Command injection via websockets
  • Private lab machines: There are three new private lab machines with custom web applications to help you prepare.
    • Each machine is custom built and contains multiple vulnerabilities
  • Upgraded User Experience:
    • New Kali debugger VM
    • Updated student control panel UI


At this time, the OSWE exam, proctoring, and certification procedures will remain the same. The AWAE update provides more material and machines for preparation. Both versions of the AWAE course prepare you for the exam.


For $99 USD, alumni can access the new materials and new machines, with 30 days of lab time. There is no requirement from OffSec to update your certification – once an OSWE, always an OSWE.

However, we encourage OSWE alumni to upgrade to the new version if they would like to refresh their knowledge of the new content and practice opportunities.

Rather than starting a new registration, please remember to use the purchase link you received via email after your last OffSec purchase. If you were certified in a different course more than three years ago, please contact us to update your information and receive a new purchase link. If you were registered in a different course, be sure to always include your OSID when contacting OffSec.



Active students will receive the new course material for free. They’ll also receive 30 days of bonus lab time and access to the new machines. Both versions of the AWAE course prepare you for the exam. The change in course material will not make the exam any harder, so you will have just as much of a chance to pass as you did before the update.

Please visit our FAQ page for more details.

Vouchers: Students who redeem a voucher after the update is live will receive access to the updated AWAE course material and the new lab environment.



If you have questions about information security training for your team or organization, the OffSec Flex program offers additional benefits, including bonus Flex Funds (so your budget goes further!) as well as training on your own schedule.

Download the Web Application Security Guide!

Free Download: Web Application Security guide