About the course
Advanced Web Attacks and Exploitation (AWAE)
Focused Hands-on web application penetration testing
- Live training format with valuable student-instructor interaction
- Broaden your knowledge of web application hacking to identify and circumvent protection mechanisms in use on the web today
- Designed for experienced penetration testers who want to take their web application exploitation skills to the next level
- Course case studies are large web applications deployed in enterprise networks
- Earn the Offensive Security Web Expert (OSWE) certification after passing the 24-hour performance-based exam
AWAE Registration Options
Advanced Web Attacks and Exploitation (AWAE) is an especially demanding course, requiring a great deal of time and attention from the student.
For this reason, we recommend a clear schedule to focus on the material to get the most from the course-ware.
At this time, AWAE is only offered as a live course. We publish the available classes on this site as well as our twitter feed, so be sure to keep your eyes open. When booking a class, be sure to keep your evenings free. You will want to spend that time working case studies and reviewing the provided reading material as this is one of the more intense and challenging courses that Offensive Security Offers.
Can’t make it to a scheduled training or need to have a large group trained from your organization? Offensive Security In-House Training can bring our Advanced Web Attacks and Exploitation course to you.
Student Prerequisites
It is assumed that the student already has a medium understanding of the underlying protocols and technologies involved in testing web applications such as the HTTP protocol, SSL communications, and the usage of various browser plug-ins and proxies. A basic familiarity with web based programming languages such as PHP, JavaScript, and MySQL will also prove helpful.
Computer Lab Requirements
You want to bring a serious laptop along – one able to run 3 VMs with ease. Please do not bring netbooks or other low screen resolution systems.
- 64bit Host operating system
- A minimum 8 GB RAM installed
- VMware Workstation / Fusion installed
- At least 60 GB HD free
- Wired Network Support
- USB 2.0 support or better
OSWE Certification
The Offensive Security Web Expert (OSWE) is an entirely hands-on web application penetration testing certification. The OSWE challenges the students to prove they have a clear and practical understanding of the web application assessment and hacking process through a challenging twenty-four-hour certification exam.
The OSWE exam consists of a remotely-hosted dedicated vulnerable network, which is designed to be compromised within a 24-hour time period. The exam is entirely hands-on and is completed with the candidate submitting an in-depth penetration test report of the OSWE network consisting of the steps required to exploit each application. The coveted OSWE certification is awarded to students who successfully gain administrative access to systems on the vulnerable network.
Web services depend on the experts who help keep them running. You could become one of them.
As an AWAE Certified Professional, you will harness the Information Security Skills needed to successfully penetrate web services, web applications and the security of the web.
Real-World Web Applications
All of the case studies in Advanced Web Attacks and Exploitation are large web applications that are widely deployed in enterprise networks.
The systems studied include internet security gateways, web-mail applications, system management software, and more.
Topics covered in Advanced Web Attacks and Exploitation
- Advanced XSS attacks and exotic payloads
- Leveraging CSRF attacks to achieve remote code execution
- Advanced SQL injection attacks
- Compound attacks making use of multiple vulnerabilities
- Bypassing character restrictions in payloads
- Remote command execution attacks
- Advanced file inclusion attacks
- Real world attacks on widely deployed network infrastructure applications
40 (ISC)² CPE Credits
This course may qualify you for 40 (ISC)² CPE Credits after you submit your documentation at the end of the course or pass the certification challenge.