OffSec’s Advanced Web Attacks and Exploitation (WEB-300) course dives deep into the latest web application penetration testing methodologies and techniques. Learners gain extensive hands-on experience in a self-paced environment, designed to elevate their skills in ethical hacking, vulnerability discovery, and exploit development.
Topics covered in the WEB-300 course
JavaScript Prototype Pollution
Explore how attackers manipulate JavaScript’s prototype inheritance model to inject malicious data, compromise application logic, and even achieve remote code execution.
Advanced Server-Side Request Forgery (SSRF)
Delve into advanced techniques for exploiting SSRF vulnerabilities, including bypassing filters, accessing internal resources, and exploiting complex application architectures.
Web Security Tools and Methodologies
Master a variety of cutting-edge web security tools and methodologies, including fuzzing, static analysis, dynamic analysis, and manual code review.
Source Code Analysis
Learn how to analyze source code to identify security vulnerabilities, understand the application’s logic, and uncover potential attack vectors.
Persistent Cross-Site Scripting
Discover how attackers store malicious code on a web server to launch persistent XSS attacks, targeting multiple users over time.
Session Hijacking
Learn how attackers take over user sessions, potentially gaining unauthorized access to sensitive information and functionality.
.NET Deserialization
Understand the risks associated with deserialization in .NET applications and how attackers can exploit these vulnerabilities to achieve remote code execution.
Remote Code Execution
Explore various techniques used by attackers to execute arbitrary code on a target web server, often leading to complete compromise of the system.
Blind SQL Injection
Learn how to exploit SQL injection vulnerabilities even when there is no direct feedback from the application, using various techniques to infer information and compromise the database.
Data Exfiltration
Understand how attackers extract sensitive data from web applications, including through SQL injection, XXE attacks, and compromised file uploads.
The WEB-300 course is ideal for experienced penetration testers and security professionals seeking to master advanced web application attacks and exploitation techniques, ultimately earning the OSWE certification.
Benefits of the WEB-300 Course
Hands-on Experience
Go beyond the fundamentals and develop the specialized skills needed to uncover and exploit complex vulnerabilities in modern web applications. Learn from experienced professionals through practical exercises and lab environments.
Advanced Attacks
The OSWE certification showcases your mastery of advanced web security testing techniques, including API security, cloud security, and bypassing modern defenses. OSWE-certified professionals are highly sought after in the cybersecurity field.
Diverse Tools
Sharpen your web app penetration testing skills and explore a wide range of advanced exploitation techniques. Expand your knowledge of web security tools, attack methodologies, and mitigation strategies.
Career Development
Advance into specialized roles such as senior penetration tester, security architect, or vulnerability researcher by demonstrating your mastery of web application security testing.
Certificate
The course ends with an exam, the successful completion of which results in the awarding of the OffSec Web Expert (OSWE) certificate.
Exam
- WEB-300 course and online labs will prepare you for OSWE certification - The exam lasts 47 hours 45 minutes - The exam is supervised
While there are no formal certification requirements, it is strongly recommended to have:
- Comfort reading and writing at least one coding language - Familiarity with Linux - Ability to write simple Python / Perl / PHP / Bash scripts - Experience with web proxies - General understanding of web app attack vectors, theory, and practice
All prices are given in USD (US dollars) net. We also allow payment in PLN (zloty) - in this case the final amount to be paid will be converted at the current NBP exchange rate on the day of the decision to purchase the product. 23% VAT should be added to the prices.
If the training and course are financed from public funds (applies to public sector entities), please contact us to agree on the price.
Note: A separate subscription is required for each course participant. Sharing a subscription between different individuals/companies is a violation of the Offensive Security course policy and may result in immediate termination of the course agreement.
Course + Cert Exam
1 749$
WEB-300 course + 90 days of access to the laboratory + 1 attempt at the OSWE exam.
Learn One
2 749$
WEB-300 Course (2 exam attempts) + Level 100 Courses + 365 days of lab access + PEN-103 Kali Linux Certified Professional (KLCP) Course (1 exam attempt) + PEN-210 Course (1 exam attempt) + Providing Grounds Practice Labs.
Learn Unlimited
6 099$
All courses (unlimited exam attempts) + 365 days of access to labs + Providing Grounds Practice Labs.
Exam
249$
Re-attempt of the OSWE exam.
Access
359$
Extension of access to the laboratory by another 30 days.
Order course or subscription
Are you interested in purchasing a course or subscription?
Do you have any questions?
Write to us through the contact form.
Do you want to maintain confidentiality?
Download our PGP/GPG key under the icon below and send an encrypted message to [email protected].
Cybersecurity and data protection. Penetration, social engineering and performance tests. Security audits and trainings. Authorized OffSec partner in Poland.
EN 
PL