BONUS! Cyber Phoenix Subscription Included: All Phoenix TS students receive complimentary ninety (90) day access to the Cyber Phoenix learning platform, which hosts hundreds of expert asynchronous training courses in Cybersecurity, IT, Soft Skills, and Management and more!
Course Overview
OSWE Certification
Advanced Web Attacks and exploitation (WEB-300) is an advanced web application security course that teaches the skills needed to conduct white box web app penetration tests. Learners who complete the course and pass the exam earn the OffSec Web Expert (OSWE) certification and will demonstrate mastery in exploiting front-facing web apps. The OSWE is one of three certifications making up the OSCE³ certification along with the OSEP for advanced pentesting and OSED for exploit development. This course is intended for penetration testers, web application specialists, and web security professionals. Upon completing this course, participants will be able to:
- Conduct in-depth auditing of web application source code at an advanced level.
- Analyze code thoroughly, craft scripts, and exploit various web vulnerabilities.
- Execute complex, multi-step attacks by chaining together multiple vulnerabilities.
- Utilize innovative and lateral thinking to discover creative approaches for exploiting web vulnerabilities.
Schedule
WEB-300: Advanced Web Attacks and Exploitation
date
location
price
Program Level
Advanced
Prerequisites
- Comfort reading and writing at least one coding language
- Familiarity with Linux
- Ability to write simple Python / Perl / PHP / Bash scripts
- Experience with web proxies
- General understanding of web app attack vectors, theory, and practice
Course Outline
JavaScript Prototype Pollution
Advanced Server-Side Request Forgery (SSRF)
Web security tools and methodologies
Source code analysis
Persistent cross-site scripting
Session hijacking
NET deserialization
Remote code execution
Blind SQL injection
Data exfiltration
Bypassing file upload restrictions and file extension filters
PHP type juggling with loose comparisons
PostgreSQL Extension and User Defined Functions
Bypassing REGEX restrictions
Magic hashes
Bypassing character restrictions
UDF reverse shells
PostgreSQL large objects
DOM-based cross site scripting (black box)
Server-side template injection
Weak random token generation
XML external entity injection
RCE via database functions
OS command injection via WebSockets (black box)
Exam Information
- The WEB-300 web application security course and online lab prepares you for the OSWE certification
- 48-hour exam
- Proctored
BONUS! Cyber Phoenix Subscription Included: All Phoenix TS students receive complimentary ninety (90) day access to the Cyber Phoenix learning platform, which hosts hundreds of expert asynchronous training courses in Cybersecurity, IT, Soft Skills, and Management and more!
Phoenix TS is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints re-garding registered sponsors may be submitted to the National Registry of CPE Sponsors through its web site: www.nasbaregistry.org