Compendium Centrum Edukacyjne

The WEB-200 course provides a comprehensive overview of web application vulnerabilities and their exploitation using tools available in Kali Linux. The purpose of this course is to explore the fundamental concepts needed to begin a much longer journey within Information Security, Penetration Testing, or Application Security. Web applications often represent the largest attack surface for an organization - anyone with a browser and internet access can discover and interact with a public-facing web application. By mastering the skills and techniques within this course, you will be prepared to identify and exploit vulnerabilities in web applications.

WEB-200 has topics and examples covering a large number of web application skills, including:

• Leveraging various types of Cross-Site Scripting (XSS) vulnerabilities using our Kali Linux environment
• Performing web application reconnaissance, enumerating web applications, and sourcing or generating wordlists
• Using fuzzing tools for SQL Injection vulnerabilities and sqlmap for automated site crawls, but also when a manual approach is preferred
• Mastering Burp Suite tools: Repeater, Comparer, Intruder, and Decoder, to be effective web assessors
• Understanding the impact of Server-side Request Forgery (SSRF) including how the vulnerability occurs, and how it interacts with the vulnerable server through a case study with two SSRF vulnerabilities found in a real-world application.

WEB-200 is organized into 16 modules, each with detailed explanations, specific case studies, and hands-on activities to emphasize the discovery, testing, and exploitation of these vulnerabilities to enhance offensive security skills. After the completion of the modules, learners will be able to test their knowledge on any one of 9 Challenge labs. Once prepared, the learner can sit for the OffSec Web Assessor (OSWA) certification, earning the right to share this accomplishment with employers.

Each participant in an authorized OffSec WEB-200 training held at Compendium CE receives a Learn One” license, which includes, among other benefits, a free OSWA exam voucher.

WEB-200 is designed for learners who want to build foundational skills in professional web application assessments. The course material will help clarify the attacks and techniques used by malicious actors against web applications. Note that basic Linux, networking, and scripting skills will help significantly with this course.

Objectives

After completing this course, learners will be able to:

• Understand and discover various types of Cross-Site Scripting (XSS) vulnerabilities
• Exploit XSS vulnerabilities by injecting and executing malicious scripts
• Comprehend and identify SQL Injection points and exploit them to manipulate database queries
• Utilize fuzzing tools to discover SQL Injection vulnerabilities
• Learn the Same-Origin Policy and how it interacts with cross-origin requests
• Test and exploit Cross-Origin Resource Sharing (CORS) vulnerabilities
• Identify and exploit Cross-Site Request Forgery (CSRF) vulnerabilities
• Use tools like Burp Suite, Nmap, and Gobuster for web application testing
• Perform file, directory, and parameter discovery using tools like Wfuzz and Hakrawler
• Apply offensive JavaScript techniques for web application exploitation

Who is this course for?

• Job roles like: Web Penetration Testers, Pentesters, Web Application Developers, Application Security Analysts, Application Security Architects, and SOC Analysts and other blue team members
• Anyone interested in expanding their understanding of Web Application Attacks, and/or Infra Pentesters looking to broaden their skill sets and Web App expertise