Training Hub

Training

in partnership with Applied technology academy

OffSec WEB-300: Advanced Web Attacks and Exploitation Training

NOW 20% OFF YOUR FIRST COURSE

USE CODE : WELCOME-20 at checkout to redeem!

Flexible Scheduling

Courses around your availability

Instructor-Led Course

LIVE Sessions with Expert Guidance

Learn from Anywhere

Our Courses are Virtual

Proven Success

Participants say classes provide the tools and confidence to earn certification

Course Overview

Advanced Web Attacks and Exploitation (WEB-300) is an advanced web application security review course. We teach the skills needed to conduct white box web app penetration tests.

With the 2021 update, WEB-300 now features three new modules, updated existing content, new machines, plus refreshed videos.

Students who complete the course and pass the exam earn the OffSec Web Expert (OSWE) certification, demonstrating mastery in exploiting front-facing web apps. The OSWE is one of three certifications making up the new OSCE3 certification, along with the OSEP for advanced pentesting and the OSED for exploit development.

All students are required to have:

  • Comfort reading and writing at least one coding language (Java, .NET, JavaScript, Python, etc)
  • Familiarity with Linux: file permissions, navigation, and editing and running scripts
  • Ability to write simple Python / Perl / PHP / Bash scripts
  • Experience with web proxies such as Burp Suite and similar tools
  • General understanding of web app attack vectors, theory, and practice
  • Experienced penetration testers who want to better understand white box web app pentesting
  • Web application security specialists
  • Web professionals working with the codebase and security infrastructure of a web application

Prerequisites

  • Comfort reading and writing at least one coding language
  • Familiarity with Linux
  • Ability to write simple Python / Perl / PHP / Bash scripts
  • Experience with web proxies
  • General understanding of web app attack vectors, theory, and practice

 Duration 

5 days

Certifications 

OSWE

Register For This Course By Filling Out The Form Below:

Course Outline

The course covers the following topics.

  • Cross-Origin Resource Sharing (CORS) with CSRF and RCE
  • JavaScript Prototype Pollution
  • Advanced Server-Side Request Forgery (SSRF)
  • Web security tools and methodologies
  • Source code analysis
  • Persistent cross-site scripting
  • Session hijacking
  • .NET deserialization
  • Remote code execution
  • Blind SQL injection
  • Data exfiltration
  • Bypassing file upload restrictions and file extension filters
  • PHP type juggling with loose comparisons
  • PostgreSQL Extension and User Defined Functions
  • Bypassing REGEX restrictions
  • Magic hashes
  • Bypassing character restrictions
  • UDF reverse shells
  • PostgreSQL large objects
  • DOM-based cross site scripting (black box)
  • Server-side template injection
  • Weak random token generation
  • XML external entity injection
  • RCE via database functions
  • OS command injection via WebSockets (black box)

Benefits of Training with us

  • Support a Mission – As a nonprofit, your purchase funds cyber community programs and STEM initiatives.
  • Strengthen National Security – Help combat cyber threats alongside the DoD and critical industries.
  • Access Our Network – Gain exposure to 1,000+ partners for internships, careers, and mentorship.

Boost Certification Success

Higher Pass Rate
60 %

Students who take our comprehensive bootcamp or guided training have an 80-90% higher chance of passing their certification exams compared to those who study alone.

Improve Your Job Performance and Skill Mastery
72% of IT professionals believe that certifications have a positive impact on their job performance
Increase Your Earning Potential
The average salary for certified professionals is often higher, with certified IT workers earning $12,000 to $20,000 more per year than their non-certified counterparts
Meet Industry Demands for Certifications
According to a Global Knowledge survey, 91% of organizations say certifications are either “important” or “very important” for their cybersecurity and IT teams, as certifications indicate a certain level of expertise and competence.

Student Feedback

Jessica B
Excellent professional team and the class was great. ​
MDP
Great classes for IT advancement with outstanding instructors. ​
Brett F
Experts in the field that tailor the delivery of the overwhelming abundance of material and somehow make it digestible!​
View All Upcoming Training Courses
View All

We use cookies to ensure the best browsing experience possible

Accept