WEB-200 - Foundational Web Application Assessments with Kali Linux (OSWA) - Self-paced

Length 90 days access
Price NZD 2730 exc GST
Inclusions OSWA exam

Course overview

Book now

Why study this course

Learn the foundations of web application assessments with Foundational Web Application Assessments with Kali Linux (WEB-200).

This course teaches learners how to discover and exploit common web vulnerabilities and how to exfiltrate sensitive data from target web applications. Learners will obtain a wide variety of skill sets and competencies for web app assessments.

Learners who complete the course and pass the exam will earn the OffSec Web Assessor (OSWA) certification, demonstrating their ability to leverage web exploitation techniques on modern applications.

This self-paced course includes:

Over 7 hours of video
492-page PDF course guide
Active learner forums
Private lab environment
OSWA exam voucher
Closed Captioning is available for this course

About the OSWA exam:

The WEB-200 course and online lab prepares you for the OSWA certification
Proctored exam

Learn more about the exam.

Following this course, the recommended next course is WEB-300 Advanced Web Attacks and Exploitation (OSWE).

Request Course Information

What you’ll learn

A wide variety of skill sets and competencies for Web App Assessments
Foundational Black Box enumeration and exploitation techniques
Leverage modern web exploitation techniques on modern applications
Enumerate web applications and four common database management systems
Manually discover and exploit common web application vulnerabilities
Go beyond alert() and actually exploit other users with cross-site scripting
Exploit six different templating engines, often leading to RCE

OffSec at Lumify Work

Security professionals from top organisations rely on OffSec to train and certify their personnel. Lumify Work is an Official Training Partner for OffSec.

View all OffSec courses

Who is the course for?

Job roles such as:

Web Penetration Testers
Pentesters
Web Application Developers
Application Security Analysts
Application Security Architects
SOC Analysts
and other blue team members

Anyone interested in expanding their understanding of Web Application Attacks, and/or Infra Pentesters looking to broaden their skill sets and Web App expertise.

Course subjects

The course covers the following topics:

Tools for the Web Assessor
Cross-Site Scripting (XSS) Introduction, Discovery, Exploitation and Case Study
Cross-Site Request Forgery (CSRF)
Exploiting CORS Misconfigurations
Database Enumeration
SQL Injection (SQLi)
Directory Traversal
XML External Entity (XXE) Processing
Server-Side Template Injection (SSTI)
Server-Side Request Forgery (SSRF)
Command Injection
Insecure Direct Object Referencing
Assembling the Pieces: Web Application Assessment Breakdown

View the full syllabus here.

Prerequisites

All prerequisites for WEB-200 can be found within the OffSec Fundamentals Program, included with a Learn Fundamentals subscription.

Prerequisite topics include:

WEB-100: Web Application Basics
WEB-100: Linux Basics 1 and 2
WEB-100: Networking Basics

THIRD PARTY REGISTRATION

Lumify Work offers certification and training through our partnership with OffSec. This arrangement requires Lumify Work to provide your details to OffSec for course and/or exam registration purposes.

Downloads

Terms & Conditions

The supply of this course by Lumify Work is governed by the booking terms and conditions. Please read the terms and conditions carefully before enrolling in this course, as enrolment in the course is conditional on acceptance of these terms and conditions.