WEB-300 course with OSWE certificate

OffSec’s Advanced Web Attacks and Exploitation (WEB-300) course dives deep into the latest web application penetration testing methodologies and techniques. Learners gain extensive hands-on experience in a self-paced environment, designed to elevate their skills in ethical hacking, vulnerability discovery, and exploit development.
WEB-300 OSWE

Topics covered in the WEB-300 course

JavaScript Prototype Pollution

Explore how attackers manipulate JavaScript’s prototype inheritance model to inject malicious data, compromise application logic, and even achieve remote code execution.

Advanced Server-Side Request Forgery (SSRF)

Delve into advanced techniques for exploiting SSRF vulnerabilities, including bypassing filters, accessing internal resources, and exploiting complex application architectures.

Web Security Tools and Methodologies

Master a variety of cutting-edge web security tools and methodologies, including fuzzing, static analysis, dynamic analysis, and manual code review.

Source Code Analysis

Learn how to analyze source code to identify security vulnerabilities, understand the application’s logic, and uncover potential attack vectors.

Persistent Cross-Site Scripting

Discover how attackers store malicious code on a web server to launch persistent XSS attacks, targeting multiple users over time.

Session Hijacking

Learn how attackers take over user sessions, potentially gaining unauthorized access to sensitive information and functionality.

.NET Deserialization

Understand the risks associated with deserialization in .NET applications and how attackers can exploit these vulnerabilities to achieve remote code execution.

Remote Code Execution

Explore various techniques used by attackers to execute arbitrary code on a target web server, often leading to complete compromise of the system.

Blind SQL Injection

Learn how to exploit SQL injection vulnerabilities even when there is no direct feedback from the application, using various techniques to infer information and compromise the database.

Data Exfiltration

Understand how attackers extract sensitive data from web applications, including through SQL injection, XXE attacks, and compromised file uploads.
See full course syllabus

Who is this course for?

The WEB-300 course is ideal for experienced penetration testers and security professionals seeking to master advanced web application attacks and exploitation techniques, ultimately earning the OSWE certification.

Benefits of the WEB-300 Course

Hands-on Experience

Go beyond the fundamentals and develop the specialized skills needed to uncover and exploit complex vulnerabilities in modern web applications. Learn from experienced professionals through practical exercises and lab environments.

Advanced Attacks

The OSWE certification showcases your mastery of advanced web security testing techniques, including API security, cloud security, and bypassing modern defenses. OSWE-certified professionals are highly sought after in the cybersecurity field.

Diverse Tools

Sharpen your web app penetration testing skills and explore a wide range of advanced exploitation techniques. Expand your knowledge of web security tools, attack methodologies, and mitigation strategies.

Career Development

Advance into specialized roles such as senior penetration tester, security architect, or vulnerability researcher by demonstrating your mastery of web application security testing.

Certificate

The course ends with an exam, the successful completion of which results in the awarding of the OffSec Web Expert (OSWE) certificate.

Exam

- WEB-300 course and online labs will prepare you for OSWE certification
- The exam lasts 47 hours 45 minutes
- The exam is supervised
Find out more about the exam

Prerequisites

While there are no formal certification requirements, it is strongly recommended to have:

- Comfort reading and writing at least one coding language
- Familiarity with Linux
- Ability to write simple Python / Perl / PHP / Bash scripts
- Experience with web proxies
- General understanding of web app attack vectors, theory, and practice

How to join the course?

course + cert exam

Course + Cert Exam
$1 749

90 days of access to labs
One attempt at the exam
Self-study
Buy now
learn one

Learn One
$2 749

1 course of your choice
365 days of lab access
2 exam attempts
Additional Content
Explore more
learn unlimited

Learn Unlimited
$6 099

Access to unlimited courses
365 days of lab access
Unlimited exam attempts
Additional Content
Explore more
learn enterprise

Learn Enterprise

Get Quotation
Access to unlimited courses
365 days of lab access
Flexible exam attempts
Additional Content
Explore more

Pricing

All prices are given in USD (US dollars) net. We also allow payment in PLN (zloty) - in this case the final amount to be paid will be converted at the current NBP exchange rate on the day of the decision to purchase the product. 23% VAT should be added to the prices.

If the training and course are financed from public funds (applies to public sector entities), please contact us to agree on the price.

Note: A separate subscription is required for each course participant. Sharing a subscription between different individuals/companies is a violation of the Offensive Security course policy and may result in immediate termination of the course agreement.

Course + Cert Exam

1 749$
WEB-300 course + 90 days of access to the laboratory + 1 attempt at the OSWE exam.

Learn One

2 749$
WEB-300 Course (2 exam attempts) + Level 100 Courses + 365 days of lab access + PEN-103 Kali Linux Certified Professional (KLCP) Course (1 exam attempt) + PEN-210 Course (1 exam attempt) + Providing Grounds Practice Labs.

Learn Unlimited

6 099$
All courses (unlimited exam attempts) + 365 days of access to labs + Providing Grounds Practice Labs.

Exam

249$
Re-attempt of the OSWE exam.

Access

359$
Extension of access to the laboratory by another 30 days.

Order course or subscription

Are you interested in purchasing a course or subscription?

Do you have any questions?

Write to us through the contact form.

Do you want to maintain confidentiality? 

Download our PGP/GPG key under the icon below and send an encrypted message to [email protected].
OffSec Training
Consent to data processing
Consent to commercial information
Cybersecurity and data protection.
Penetration, social engineering and performance tests. Security audits and trainings. 
Authorized OffSec partner in Poland.
© 2024 efigo.pl

Stay safe with us.
+48 570 450 695
+48 512 669 907
Efigo Sp. z o.o.
ul. Mikołaja Kopernika 8/6
40-064 Katowice
POLAND

VAT No: PL9542760427

New OffSec's course!
SJD-100: Secure Java Development Essentials
Explore more
en_GBEN
pl_PLPL en_GBEN