Official Training Partner

Home Courses WEB-200: Web Attacks with Kali Linux

WEB-200: Web Attacks with Kali Linux

Learn web application security fundamentals using Kali Linux to find and exploit XSS, CSRF, SQLi, SSRF, XXE, CORS, SSTI, and more
Earn the OffSec Web Assessor (OSWA) certification upon passing the exam

4.5

Successfully delivered 49 sessions for over 91 professionals

Certification & Provider Information

Certification

OSWA

Certification Body

Offensive Security

Course Provided By

OffSec

Understand and discover various types of Cross-Site Scripting (XSS) vulnerabilities

Exploit XSS vulnerabilities by injecting and executing malicious scripts

Comprehend and identify SQL Injection points and exploit them to manipulate database queries

Utilize fuzzing tools to discover SQL Injection vulnerabilities

Learn the Same-Origin Policy and how it interacts with cross-origin requests

Test and exploit Cross-Origin Resource Sharing (CORS) vulnerabilities

Identify and exploit Cross-Site Request Forgery (CSRF) vulnerabilities

Use tools like Burp Suite, Nmap, and Gobuster for web application testing

Perform file, directory, and parameter discovery using tools like Wfuzz and Hakrawler

Apply offensive JavaScript techniques for web application exploitation

The WEB-200 course is ideal for:

Security professionals seeking to enhance their web application security testing skills
Those with knowledge of web development technologies and familiarity with Linux systems

While there are no formal prerequisites, it’s strongly recommended that you have a basic understanding of:

Web development technologies (HTML, CSS, JavaScript)
Networking Fundamentals
Linux operating system basics

Up to 40 (ISC)² CPE credits.

Course Information

Course Code: OSWA
Duration: Self Paced
Level: Foundation
Language: English
Delivery Mode: E-Learning Self-Paced

Need Help Choosing?

Talk to our course advisor for personalized guidance

Felice.deangelis@proficegroup.it

Course Curriculum

Tools for the Web Assessor

Gain hands-on experience with industry-standard tools used by web application penetration testers

Cross-Site Scripting (XSS)

Introduction, Discovery, Exploitation and Case Study Learn how attackers inject malicious code into web pages to hijack user sessions, steal sensitive data, or deface websites

Cross-Site Request Forgery (CSRF)

Discover how attackers trick authenticated users in web applications and learn how you can identify and exploit CSRF vulnerabilities

Exploiting CORS

Misconfigurations Understand how to identify and fix CORS misconfigurations to keep your web applications safe

Database Enumeration

Discover the techniques that attackers use to steal sensitive information related to a web application’s database structure and how to stop them

SQL Injection (SQLi)

Exploit vulnerabilities in web applications through SQL injections and learn techniques to prevent and mitigate SQL injection attacks

Directory Traversal

Learn how to identify and exploit directory traversal vulnerabilities and how you can prevent attackers from accessing restricted areas in your web servers

XML External Entities

Learn how attackers user manipulate XML processors to exploit input vulnerabilities, how to secure your XML parsers, and to prevent XXE vulnerabilities in your web applications

Server-Side Template Injection (SSTI)

Learn how to identify and exploit SSTI vulnerabilities and how you can protect your web applications from server-side template injections

Server-Side Request Forgery (SSRF)

Understand different SSRF attack vectors and how to implement countermeasures against them

Command Injection

Learn how attackers take advantage of command injection vulnerabilities and the potential impact on your system’s integrity. Practice identifying, exploiting, and mitigating command injection vulnerabilities

Insecure Direct Object Referencing

Learn how to handle object references in a secure manner to prevent attackers from accessing private data or performing unauthorized actions

Assembling the Pieces: Web Application Assessment Breakdown

Combine and expand different web application attack and assessment techniques you’ve learned throughout the course

Course Pricing Options

Choose the package that best fits your learning needs

Self Paced Learning - 90 Days Access

Access for 90 Days to full e-learning on demand, labs + exam voucher

Regular Price

€ 1,950.00

Self Paced Learning - Access for 365 days

Access for 365 days to full e-learning on demand, labs + exam voucher

Regular Price

€ 3,000.00

Early Bird Discount

Book 30 days in advance for 5% OFF

Group Discounts

10% OFF for >3 participants

Send Course Enquiry

Fill out the form and we will get back to you within 24 hours

Full Name *

Email Address *

Phone Number *

Training Mode *

Company Name (Optional)

Your Message *

Email: felice.deangelis@proficegroup.it

Whatsapp: +39 393 390 9401

Why Choose Profice?

India's Leading Training Partner with Proven Track Record

Official Partner

Authorized Training Partner delivering official curriculum

Expert Instructors

Learn from certified professionals with 10+ years experience

Hands-on Labs

Real-world projects and 24/7 lab environment access

95% Pass Rate

Industry-leading certification exam success rate

Job Assistance

Dedicated placement support with 500+ hiring partners

Lifetime Support

Ongoing mentorship and community access after course

Ready to Transform Your Career?

Join thousands of professionals who have achieved their certification goals with us

Enroll Now

2,500+ Alumni

4.8/5 Rating

NIS2 COMPLIANCE AND NIST2 CYBERSECURITY SPECIALIST

CCSP-Certified Cloud Security Professional

CISSP - Certified Information System Security Professional

ITIL® 4 FOUNDATION

ITIL® 4 LEADER: DIGITAL AND IT STRATEGY - DITS

ITIL® 4 SPECIALIST: ACQUIRING & MANAG. CLOUD SERVICES - AMCS

ITIL® 4 Specialist: Create, Deliver & Support Certification Course and Exam - CDS

ITIL® 4 Specialist: Drive Stakeholder Value - DSV

ITIL® 4 Specialist Certification Course with Exam: High Velocity IT- HVIT

ITIL® 4 SPECIALIST: IT ASSET MANAGEMENT - IT AM

ITIL® 4 STRATEGIST: DIRECT, PLAN AND IMPROVE - DPI

PRINCE2 FOUNDATION

PRINCE2 PRACTITIONER

AI ESSENTIALS

AI+ Everyone™

AI+ Executive™

AI+ Foundation™

AI+ Prompt Engineer Level 1™

AI BUSINESS

AI+ Chief AI Officer™

AI+ Finance™

AI+ Legal™

AI+ Marketing™

AI+ Product Manager™

AI+ Project Management Practitioner™

AI+ Project Manager™

AI+ Sales™

AI SECURITY

AI+ Ethical Hacker™

AI+ Security Compliance™

AI+ Security Level 1™

AI+ Security Level 2™

AI+ Security Level 3™

AI CLOUD

AI+ Architect™

AI+ Cloud™

AI DEVELOPMENT

AI+ Developer™

AI+ Engineer™

AI+ Prompt Engineer Level 2™

AI SPECIALIZATION

AI+ Agent™

AI+ UX Designer™

AI DATA & ROBOTICS

AI+ Data Agent™

AI+ Data™

AI+ Robotics™

BLOCKCHAIN & BITCOIN

Bitcoin+ Developer™

Bitcoin+ Everyone™

Bitcoin+ Executive™

Bitcoin+ Security™

Blockchain+ Developer™

Blockchain+ Executive™

ETHICAL HACKING

CEH v13

NETWORK SECURITY

CND v3

CCT

ICS/SCADA

COMPUTER FORENSICS

CHFI

Dark Web Forensic Workshop

EC-FDDW

INCIDENT HANDLING

CTIA v2

ECIH v3

CSA v2

TIE

PEN TESTING

CPENT v2

WAHS

APPLICATION SECURITY

CASE JAVA

CASE .NET

ECDE

DSE

ENCRYPTION

ECES

EXECUTIVE MANAGEMENT

ESCM Expert Scrum Master Certified