Train to become OSWA certified
WEB-200: Web Attacks with Kali Linux
Starting at $1,749
Level
200224h of content
- Learn web application security fundamentals using Kali Linux to find and exploit XSS, CSFR, SQLi, SSRF, XXE, CORS, SSTI, and more
- Earn the OffSec Web Assessor (OSWA) certification upon passing the exam
Overview
WEB-200 teaches web application vulnerability exploitation using Kali Linux tools. It covers essential techniques for identifying and exploiting XSS, SQL Injection, SSRF, and more, preparing learners for professional web application assessments and the OSWA certification
The WEB-200 course provides a comprehensive overview of web application vulnerabilities and their exploitation using tools available in Kali Linux. The purpose of this course is to explore the fundamental concepts needed to begin a much longer journey within Information Security, Penetration Testing, or Application Security. Web applications often represent the largest attack surface for an organization - anyone with a browser and internet access can discover and interact with a public-facing web application. By mastering the skills and techniques within this course, you will be prepared to identify and exploit vulnerabilities in web applications.
WEB-200 has topics and examples covering a large number of web application skills, including:
- Leveraging various types of Cross-Site Scripting (XSS) vulnerabilities using our Kali Linux environment
- Performing web application reconnaissance, enumerating web applications, and sourcing or generating wordlists
- Using fuzzing tools for SQL Injection vulnerabilities and sqlmap for automated site crawls, but also when a manual approach is preferred
- Mastering Burp Suite tools: Repeater, Comparer, Intruder, and Decoder, to be effective web assessors
- Understanding the impact of Server-side Request Forgery (SSRF) including how the vulnerability occurs, and how it interacts with the vulnerable server through a case study with two SSRF vulnerabilities found in a real-world application.
WEB-200 is organized into 16 modules, each with detailed explanations, specific case studies, and hands-on activities to emphasize the discovery, testing, and exploitation of these vulnerabilities to enhance offensive security skills. After the completion of the modules, learners will be able to test their knowledge on any one of 9 Challenge labs. Once prepared, the learner can sit for the OffSec Web Assessor (OSWA) certification, earning the right to share this accomplishment with employers.
WEB-200 is designed for learners who want to build foundational skills in professional web application assessments. The course material will help clarify the attacks and techniques used by malicious actors against web applications. Note that basic Linux, networking, and scripting skills will help significantly with this course.
Becoming OSWA certified
-
24-hour proctored
All exams are proctored by an OffSec employee in a private VPN
-
Hands-on labs
Identify, exploit, and report real-world vulnerabilities in live lab systems
-
5 independent targets
Each target contains local.txt and proof.txt files
-
Exploit the web application
Gain access to an authenticated administrator session and the proof.txt file form the server
OSWA certification
About the OSWA exam
The OffSec Web Assessor certification demonstrates your ability to identify and exploit vulnerabilities in web applications and stand out in the web security field
Start learning with OffSec
$2,749/year*
Best value
Learn One
Includes one year of access to one 200 or 300-level course, the associated labs, and two exam attempts
$1,749/once
Most popular
Course + Cert Bundle
Includes 90 days of access to one 200 or 300-level course, the associated labs, and a single exam attempt
Train your team with OffSec
$6,099/year*
All access
Learn Unlimited
Unlimited OffSec Learning Library access plus unlimited exam attempts for one year
Get a quote
Large teams
Learn Enterprise
Unlimited OffSec Learning Library access with flexible terms and volume discounts available
Validate your expertise.
Amplify your impact.
-
Mindset & work ethic
Instill a relentless problem-solving mindset that employers value highly in security professionals
-
Globally recognized certification
OffSec certs build elite, hands-on skills trusted by the world's top companies
-
Organization value & trust
Trusted to train skilled, consistent, and reliable security teams
-
Certified candidates win
91% of respondents prefer to hire candidates with certifications (Fortinet, 2024 Cybersecurity Skills Gap Report)
Realistic lab environments
Built to sharpen skills through practical, immersive learning
Request a free trial -
On-demand lab access
Train anytime in up-to-date, practical, cutting-edge labs
-
Structured learning modules
Progress through clear, goal-driven topics
-
Challenge-based learning
Build skills through real-world, hands-on challenges
-
AI-powered learning assisstant
Get instant, guided help with complex topics
Success stories from the field
The challenges were far from easy, and it was evident that their intention was to evaluate not only technical skills but also the ability to think outside the box. Also, awesome experience, lots of fun!
The way it's all presented, and the fact that there are VMs you can start that let us break the problem into smaller problems... makes for a very pleasant learning experience.
Thank you OffSec for the thrilling challenges. Some of these machines really made me question my sanity. This 24-hour exam proved that web hacking can really be tricky and difficult.
WEB-200 FAQ
Flexible pricing for teams of any size
Scalable options to fit your team's training needs
