×
OffSec

WEB-300: Advanced Web Attacks and Exploitation

OffSec is the global leader in cybersecurity skills and workforce development, certification, and the creator and stewards of Kali Linux. Phoenix TS takes great pride in being recognized as a leading official OffSec Training Provider!

BONUS! Cyber Phoenix Subscription Included: All Phoenix TS students receive complimentary ninety (90) day access to the Cyber Phoenix learning platform, which hosts hundreds of expert asynchronous training courses in Cybersecurity, IT, Soft Skills, and Management and more!


Course Overview

OSWE Certification

Advanced Web Attacks and exploitation (WEB-300) is an advanced web application security course that teaches the skills needed to conduct white box web app penetration tests. Learners who complete the course and pass the exam earn the OffSec Web Expert (OSWE) certification and will demonstrate mastery in exploiting front-facing web apps. The OSWE is one of three certifications making up the OSCE³ certification along with the OSEP for advanced pentesting and OSED for exploit development. This course is intended for penetration testers, web application specialists, and web security professionals. Upon completing this course, participants will be able to:

  • Conduct in-depth auditing of web application source code at an advanced level.
  • Analyze code thoroughly, craft scripts, and exploit various web vulnerabilities.
  • Execute complex, multi-step attacks by chaining together multiple vulnerabilities.
  • Utilize innovative and lateral thinking to discover creative approaches for exploiting web vulnerabilities.

Schedule

Currently, there are no public classes scheduled. Please contact a Phoenix TS Training Consultant to discuss hosting a private class at 301-258-8200.

Program Level

Advanced

Prerequisites

  • Comfort reading and writing at least one coding language
  • Familiarity with Linux
  • Ability to write simple Python / Perl / PHP / Bash scripts
  • Experience with web proxies
  • General understanding of web app attack vectors, theory, and practice

Course Outline

JavaScript Prototype Pollution

Advanced Server-Side Request Forgery (SSRF)

Web security tools and methodologies

Source code analysis

Persistent cross-site scripting

Session hijacking

NET deserialization

Remote code execution

Blind SQL injection

Data exfiltration

Bypassing file upload restrictions and file extension filters

PHP type juggling with loose comparisons

PostgreSQL Extension and User Defined Functions

Bypassing REGEX restrictions

Magic hashes

Bypassing character restrictions

UDF reverse shells

PostgreSQL large objects

DOM-based cross site scripting (black box)

Server-side template injection

Weak random token generation

XML external entity injection

RCE via database functions

OS command injection via WebSockets (black box)

Exam Information

  • The WEB-300 web application security course and online lab prepares you for the OSWE certification
  • 48-hour exam
  • Proctored

BONUS! Cyber Phoenix Subscription Included: All Phoenix TS students receive complimentary ninety (90) day access to the Cyber Phoenix learning platform, which hosts hundreds of expert asynchronous training courses in Cybersecurity, IT, Soft Skills, and Management and more!

Phoenix TS is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints re-garding registered sponsors may be submitted to the National Registry of CPE Sponsors through its web site: www.nasbaregistry.org

Subscribe now

Get new class alerts, promotions, and blog posts

Phoenix TS needs the contact information you provide to us to contact you about our products and services. You may unsubscribe from these communications at anytime. For information on how to unsubscribe, as well as our privacy practices and commitment to protecting your privacy, check out our Privacy Policy.

Download Course Brochure

Enter your information below to download this brochure!

Name(Required)