Training OffSec

Training goals

code: OFFSEC-WEB-300 | version: WEB-300

OffSec WEB-300 Advanced Web Attacks and Exploitation

Advanced Web Attacks and exploitation (WEB-300) is an advanced web application security course that teaches the skills needed to conduct white box web app penetration tests. Learners who complete the course and pass the exam earn the OffSec Web Expert (OSWE) certification and will demonstrate mastery in exploiting front-facing web apps. The OSWE is one of three certifications making up the OSCE³ certification along with the OSEP for advanced pentesting and OSED for exploit development.

 

Benefits

Learners will learn how to:

  • Perform a deep analysis on decompiled web app source code
  • Identify logical vulnerabilities that many enterprise scanners are unable to detect
  • Combine logical vulnerabilities to create a proof of concept on a web app
  • Exploit vulnerabilities by chaining them into complex attacks

 

Who is this course for?

  • Experienced penetration testers who want to better understand white box web app pentesting
  • Web application security specialists
  • Web professionals working with the codebase and security infrastructure of a web application

 

Exam

 

What competencies will you gain?

  • Performing advanced web app source code auditing
  • Analyzing code, writing scripts, and exploiting web vulnerabilities
  • Implementing multi-step, chained attacks using multiple vulnerabilities
  • Using creative and lateral thinking to determine innovative ways of exploiting web vulnerabilities

Conspect Show list

  • Introduction
    • About the AWAE Course
    • Our Approach
    • Obtaining Support
    • Offensive Security AWAE Labs
    • Reporting
    • Backups
    • About the OSWE Exam
    • Wrapping Up
  • Tools & Methodologies
    • Web Traffic Inspection
    • Interacting with Web Listeners using Python
    • Source Code Recovery
    • Source Code Analysis Methodology
    • Debugging
    • Wrapping Up
  • ATutor Authentication Bypass and RCE
    • Getting Started
    • Initial Vulnerability Discovery
    • A Brief Review of Blind SQL Injections
    • Digging Deeper
    • Data Exfiltration
    • Subverting the ATutor Authentication
    • Authentication Gone Bad
    • Bypassing File Upload Restrictions
    • Gaining Remote Code Execution
    • Wrapping Up
  • ATutor LMS Type Juggling Vulnerability
    • Getting Started
    • PHP Loose and Strict Comparisons
    • PHP String Conversion to Numbers
    • Vulnerability Discovery
    • Attacking the Loose Comparison
    • Wrapping Up
  • ManageEngine Applications Manager AMUserResourcesSyn cServlet SQL Injection RCE
    • Getting Started
    • Vulnerability Discovery
    • How Houdini Escapes
    • Blind Bats
    • Accessing the File System
    • PostgreSQL Extensions
    • UDF Reverse Shell
    • More Shells!!!
    • Summary
  • Bassmaster NodeJS Arbitrary JavaScript Injection Vulnerability
    • Getting Started
    • The Bassmaster Plugin
    • Vulnerability Discovery
    • Triggering the Vulnerability
    • Obtaining a Reverse Shell
    • Wrapping Up
  • DotNetNuke Cookie Deserialization RCE
    • Serialization Basics
    • DotNetNuke Vulnerability Analysis
    • Payload Options
    • Putting It All Together
    • Wrapping Up
  • ERPNext Authentication Bypass and Server Side Template Injection
    • Getting Started
    • Introduction to MVC, Metadata-Driven Architecture, and HTTP Routing
    • Authentication Bypass Discovery
    • Authentication Bypass Exploitation
    • SSTI Vulnerability Discovery
    • SSTI Vulnerability Exploitation
    • Wrapping Up
  • openCRX Authentication Bypass and Remote Code Execution
    • Getting Started
    • Password Reset Vulnerability Discovery
    • XML External Entity Vulnerability Discovery
    • Remote Code Execution
  • openITCOCKPIT XSS and OS Command Injection - Blackbox
    • Getting Started
    • Black Box Testing in openITCOCKPIT
    • Application Discovery
    • Intro To DOM-based XSS
    • XSS Hunting
    • Advanced XSS Exploitation
    • RCE Hunting
    • Wrapping Up
  • Concord Authentication Bypass to RCE
    • Getting Started
    • Authentication Bypass: Round One - CSRF and CORS
    • Authentication Bypass: Round Two - Insecure Defaults
    • Wrapping Up
  • Server Side Request Forgery
    • Getting Started
    • Introduction to Microservices
    • API Discovery via Verb Tampering
    • Introduction to Server-Side Request Forgery
    • Render API Auth Bypass
    • Exploiting Headless Chrome
    • Remote Code Execution
    • Wrapping Up
  • Guacamole Lite Prototype Pollution
    • Getting Started
    • Introduction to JavaScript Prototype
    • Prototype Pollution Exploitation
    • EJS
    • Handlebars
    • Wrapping Up
  • Conclusion
    • The Journey So Far
    • Exercises and Extra Miles
    • The Road Goes Ever On
    • Wrapping Up
Download conspect training as PDF

Additional information

Prerequisites

All learners are required to have completed or have the equivalent knowledge corresponding to WEB-200 Foundational Web Application Assessments with Kali Linux. Especially:

  • Comfort reading and writing at least one coding language
  • Familiarity with Linux
  • Ability to write simple Python / Perl / PHP / Bash scripts
  • Experience with web proxies
  • General understanding of web app attack vectors, theory, and practice
Difficulty level
Duration 90 days
Certificate

After passing the OSWE exam, candidates receive a title of OffSec Web Expert (OSWE).
Trainer

Authorized OffSec Trainer
Additional informations

Course is available as the e-learning product, in two subscription's models:

  • Course & Cert Exam Bundle
  • Learn One

 

Price list

Other training OffSec | Learn Subscriptions

OffSec show more courses
Contact form

Please fill form below to obtain more info about this training.






* Fields marked with (*) are required !!!

Information on data processing by Compendium - Centrum Edukacyjne Spółka z o.o.

PRICE 2599 USD

FORM OF TRAINING ?

 
Sign up for training
close

Traditional training

Sessions organised at Compendium CE are usually held in our locations in Kraków and Warsaw, but also in venues designated by the client. The group participating in training meets at a specific place and specific time with a coach and actively participates in laboratory sessions.

Dlearning training

You may participate from at any place in the world. It is sufficient to have a computer (or, actually a tablet, or smartphone) connected to the Internet. Compendium CE provides each Distance Learning training participant with adequate software enabling connection to the Data Center. For more information, please visit dlearning.eu site

close

Paper materials

Traditional materials: The price includes standard materials issued in the form of paper books, printed or other, depending on the arrangements with the manufacturer.

Electronic materials

Electronic materials: These are electronic training materials that are available to you based on your specific application: Skillpipe, eVantage, etc., or as PDF documents.

Ctab materials

Ctab materials: the price includes ctab tablet and electronic training materials or traditional training materials and supplies provided electronically according to manufacturer's specifications (in PDF or EPUB form). The materials provided are adapted for display on ctab tablets. For more information, check out the ctab website.

Upcoming OffSec training

Training schedule OffSec