About Offensive Security Web Expert – OSWE

Offensive Security Web Expert (OSWE) have a clear and practical understanding of white box web application assessment and security. They’ve proven their ability to review advanced source code in web apps, identify vulnerabilities, and exploit them. They use creative and lateral thinking to determine innovative ways of exploiting web vulnerabilities OSWEs are able to assist web development teams in creating and maintaining web apps that are secure by design.

The Offensive Security Web Expert (OSWE) is an entirely hands-on web application penetration testing security certification. The OSWE challenges the students to prove they have a clear and practical understanding of the web application assessment and hacking process through a challenging twenty four (24) hour certification exam.The OSWE exam consists of a remotely-hosted dedicated vulnerable network, which is designed to be compromised within a 24-hour time period. The exam is entirely hands-on and is completed with the candidate submitting an in-depth penetration test report of the OSWE network consisting of the steps required to exploit each application. The coveted OSWE certification is awarded to students who successfully gain administrative access to systems on the vulnerable network.

Students will learn how to:

  • Perform a deep analysis on decompiled web app source code.
  • Identify logical vulnerabilities that many enterprise scanners are unable to detect.
  • Combine logical vulnerabilities to create a proof of concept on a web app.
  • Exploit vulnerabilities by chaining them into complex attacks.

  • Experienced penetration testers who want to better understand white box web app pentesting

  • Web application security specialists
  • Web professionals working with the codebase and security infrastructure of a web application

OSWE Exam:

  • Test Duration: 48 Hours
  • Test Format: Practical Challenges
  • Test Format: Proctored
  • Passing score: 85%
  • Open Book: Just Like In The Real World!
  • Web Security Officers
  • Web Security Manager
  • Cyber Security officers
  • Security Analyst III
  • Cyber Security Analyst, Senior
  • Cyber Security Analyst, Principal
  • Vulnerability Analyst, Principal
  • Security Analyst II
  • Security Analyst I
  • Network Administrator
  • Staff Network Engineer
  • Information Systems Security Manager
  • Mid Level Penetration Tester
  • Staff Network Engineer
  • Sr. Digital Forensics Analyst
  • Penetration Tester
  • Linux System Administrator
  • Cybersecurity Engineer II Red Team

Training Duration

Total Class – 20 (4 hours in a Week)

Total-Duration: 80-Hours (20 Weeks)

  1. Cross-Origin Resource Sharing (CORS) with CSRF and RCE
  2. JavaScript Prototype Pollution
  3. Advanced Server Side Request Forgery
  4. Web security tools and methodologies
  5. Source code analysis
  6. Persistent cross-site scripting
  7. Session hijacking
  8. .NET deserialization
  9. Remote code execution
  10. Blind SQL injections
  11. Data exfiltration
  12. Bypassing file upload restrictions and file extension filters
  13. PHP type juggling with loose comparisons
  14. PostgreSQL Extension and User Defined Functions
  15. Bypassing REGEX restrictions
  16. Magic hashes
  17. Bypassing character restrictions
  18. UDF reverse shells
  19. PostgreSQL large objects
  20. DOM-based cross site scripting (black box)
  21. Server side template injection
  22. Weak random token generation
  23. XML external entity injection
  24. RCE via database functions
  25. OS command injection via WebSockets (black box)
  • OSWE – Exam Preparation
  • Introduction of CTF and Bug Bounty
  • TryHackme – CTF
  • Hackthebox – CTF
  • HackerOne – Bug Bounty Event
  • Live CTF Challenge Solve
    • Online Marketplace Overview
    • Offline Marketplace Overview
    • Remote Job Overview
    • About Upwork
    • About Fiverr
    • About PeoplePerHour
    • About Linkedin Job
    • Fiverr Profile Setup + Skill Selection + Title + Overview + Own Video
    • Fiverr – Gig Creation Tricks
    • Buyer Request Sending (Bidding Process)
    • Order Delivery Process & Revision Process
    • Fiverr Levels Benefits & Eligibility
    • Payment Method Adding
    • Upwork Profile Setup + Skill Selection + Title + Overview + Own Video
    • Upwork Test Attending Tricks
    • Top-Rated & Rising Talent Eligibility and Benefits
    • Time Tracking For Hourly job
    • Milestone Process For Fixed Job
    • Bidding(Submit Proposal) + Award-Winning Cover Letter Tricks
    • Payment Process + Get Paid + Withdraw Money
    • How to Find Remote Job
    • Remote Job Communication System
    • Remote Job Contract System
    • Remote Job Payment Method
    • Full Overview
    • The student must be 18 years of age.
    • Basic Knowledge on Network Infrastructure.
    • *Student must attend an exam for proving their basic skill*
    • Basic Knowledge on Using Computer.