OffSec’s Foundational Web Application Assessments with Kali Linux (WEB-200) course introduces web application security testing methodology, tools, and techniques in a hands-on, self-paced environment. Learners gain a deep understanding of common web vulnerabilities and how to exploit them responsibly.
Topics covered in the WEB-200 course
Tools for the Web Assessor
Gain hands-on experience with industry-standard tools like Burp Suite, OWASP ZAP, and sqlmap, used by web application penetration testers to identify security vulnerabilities, exploit weaknesses, and assess the security posture of web applications.
Cross-Site Scripting (XSS) Introduction, Discovery, Exploitation and Case Study
Learn how attackers inject malicious code into web pages to hijack user sessions, steal sensitive data, or deface websites. Discover how to identify and exploit XSS vulnerabilities, and understand the different types of XSS attacks. Explore real-world case studies to learn from past incidents and strengthen your defenses.
Cross-Site Request Forgery (CSRF)
Uncover how attackers trick authenticated users into performing unintended actions on web applications. Learn how to identify and exploit CSRF vulnerabilities, and explore practical mitigation techniques to protect against these attacks. Understand the impact of CSRF on user trust and data integrity.
Exploiting CORS Misconfigurations
Dive into the security risks associated with Cross-Origin Resource Sharing (CORS) misconfigurations. Learn how attackers exploit these vulnerabilities to bypass access controls and access sensitive data. Understand how to identify and fix CORS misconfigurations to ensure secure cross-origin communication.
Database Enumeration
Master techniques to gather sensitive information about a web application’s database structure and content. Learn how attackers leverage this information to craft targeted attacks. Explore various database enumeration methods and learn to implement countermeasures to protect against them.
SQL Injection (SQLi)
Learn how to exploit vulnerabilities in web applications that interact with databases, potentially leading to data compromise, unauthorized access, or website defacement. Understand the different types of SQL Injection attacks and the impact they can have on an organization’s security posture. Explore techniques for preventing and mitigating SQL Injection vulnerabilities.
Directory Traversal
Understand how attackers navigate outside the intended web server directories to access sensitive files, configuration information, or source code. Learn to identify and exploit directory traversal vulnerabilities, and understand how to prevent unauthorized access to restricted areas of a web server.
XML External Entity (XXE) Processing
Explore how attackers manipulate XML processors to access files, execute commands, or perform denial-of-service attacks. Understand the mechanics of XXE attacks and the potential consequences. Learn to secure XML parsers and prevent XXE vulnerabilities in web applications.
Server-Side Template Injection (SSTI)
Understand how attackers inject code into web application templates, potentially leading to remote code execution, information disclosure, or privilege escalation. Learn how to identify and exploit SSTI vulnerabilities and explore mitigation techniques to protect your web applications.
Server-Side Request Forgery (SSRF)
Learn how attackers force a web application to make requests to internal or external systems, potentially leading to data exfiltration, service disruption, or access to internal resources. Understand the various SSRF attack vectors and implement countermeasures to prevent unauthorized requests.
The WEB-200 course is ideal for security professionals seeking to enhance their web application security testing skills and earn the OSWA certification. It’s designed for individuals with knowledge of web development technologies and basic familiarity with Linux systems.
Benefits of the WEB-200 Course
Advanced Security Toolkit
Gain proficiency in a wide range of assessment tools and methodologies, making you an indispensable asset for securing web applications
Hands-on Experience
Develop the essential skills used by web application penetration testers, through practical exercises and lab environments.
Career Development
Explore exciting roles like web application penetration tester, application security engineer, or security consultant by understanding web security threats and mitigation techniques.
Certificate
The course ends with an exam, the successful completion of which results in the awarding of the OffSec Web Assessor (OSWA) certificate.
Exam
- WEB-200 course and online labs will prepare you for OSWA certification - The exam lasts 23 hours 45 minutes - The exam is supervised
While there are no formal prerequisites, it is strongly recommended that you have:
- Web development technologies (HTML, CSS, JavaScript) - Networking Fundamentals - Linux operating system basics
All of the above can be found in our Web Application Assessment Essentials Learning Path, which will give you the skills necessary for success in this course.
All prices are given in USD (US dollars) net. We also allow payment in PLN (zloty) - in this case the final amount to be paid will be converted at the current NBP exchange rate on the day of the decision to purchase the product. 23% VAT should be added to the prices.
If the training and course are financed from public funds (applies to public sector entities), please contact us to agree on the price.
Note: A separate subscription is required for each course participant. Sharing a subscription between different individuals/companies is a violation of the Offensive Security course policy and may result in immediate termination of the course agreement.
Course + Cert Exam
1 749$
WEB-200 course + 90 days of access to the laboratory + 1 attempt at the OSWA exam.
Learn One
2 749$
WEB-200 Course (2 exam attempts) + Level 100 Courses + 365 days of lab access + PEN-103 Kali Linux Certified Professional (KLCP) Course (1 exam attempt) + PEN-210 Course (1 exam attempt) + Providing Grounds Practice Labs.
Learn Unlimited
6 099$
All courses (unlimited exam attempts) + 365 days of access to labs + Providing Grounds Practice Labs.
Exam
249$
Re-attempt of the OSWA exam.
Access
359$
Extension of access to the laboratory by another 30 days.
Order course or subscription
Are you interested in purchasing a course or subscription?
Do you have any questions?
Write to us through the contact form.
Do you want to maintain confidentiality?
Download our PGP/GPG key under the icon below and send an encrypted message to [email protected].
Cybersecurity and data protection. Penetration, social engineering and performance tests. Security audits and trainings. Authorized OffSec partner in Poland.
EN 
PL