Cyber Security Category Banner Image

OffSec WEB-200 - Foundational Web Application Assessments with Kali Linux (OSWA) - Self-paced

  • Length 90 days access
  • Inclusions OSWA exam
Course overview
Book now

Why study this course

Learn the foundations of web application assessments with Foundational Web Application Assessments with Kali Linux (WEB-200).

This course teaches learners how to discover and exploit common web vulnerabilities and how to exfiltrate sensitive data from target web applications. Learners will obtain a wide variety of skill sets and competencies for web app assessments.

Learners who complete the course and pass the exam will earn the OffSec Web Assessor (OSWA) certification, demonstrating their ability to leverage web exploitation techniques on modern applications.

This self-paced course includes:

  • Over 7 hours of video

  • 492-page PDF course guide

  • Active learner forums

  • Private lab environment

  • OSWA exam voucher

  • Closed Captioning is available for this course

About the OSWA exam:

  • The WEB-200 course and online lab prepares you for the OSWA certification

  • Proctored exam

Learn more about the exam.

Following this course, the recommended next course is WEB-300 Advanced Web Attacks and Exploitation (OSWE).

Request Course Information

What you’ll learn

  • A wide variety of skill sets and competencies for Web App Assessments

  • Foundational Black Box enumeration and exploitation techniques

  • Leverage modern web exploitation techniques on modern applications

  • Enumerate web applications and four common database management systems

  • Manually discover and exploit common web application vulnerabilities

  • Go beyond alert() and actually exploit other users with cross-site scripting

  • Exploit six different templating engines, often leading to RCE

OffSec Partner Logo - Gold Channel

OffSec at Lumify Work

Security professionals from top organisations rely on OffSec to train and certify their personnel. Lumify Work is an Official Training Partner for OffSec.

Who is the course for?

Job roles such as:

  • Web Penetration Testers

  • Pentesters

  • Web Application Developers

  • Application Security Analysts

  • Application Security Architects

  • SOC Analysts

  • and other blue team members

Anyone interested in expanding their understanding of Web Application Attacks, and/or Infra Pentesters looking to broaden their skill sets and Web App expertise.

Course subjects

The course covers the following topics:

  • Tools for the Web Assessor

  • Cross-Site Scripting (XSS) Introduction, Discovery, Exploitation and Case Study

  • Cross-Site Request Forgery (CSRF)

  • Exploiting CORS Misconfigurations

  • Database Enumeration

  • SQL Injection (SQLi)

  • Directory Traversal

  • XML External Entity (XXE) Processing

  • Server-Side Template Injection (SSTI)

  • Server-Side Request Forgery (SSRF)

  • Command Injection

  • Insecure Direct Object Referencing

  • Assembling the Pieces: Web Application Assessment Breakdown

View the full syllabus here.


All prerequisites for WEB-200 can be found within the OffSec Fundamentals Program, included with a Learn Fundamentals subscription.

Prerequisite topics include:

  • WEB-100: Web Application Basics

  • WEB-100: Linux Basics 1 and 2

  • WEB-100: Networking Basics


Lumify Work offers certification and training through our partnership with OffSec. This arrangement requires Lumify Work to provide your details to OffSec for course and/or exam registration purposes.

Terms & Conditions

The supply of this course by Lumify Work is governed by the booking terms and conditions. Please read the terms and conditions carefully before enrolling in this course, as enrolment in the course is conditional on acceptance of these terms and conditions.

Request Course Information

Select and book a course

Can't find a date you like?

Contact sales