WEB-200: Web Attacks with Kali Linux (OSWA)

  • Learn web application security fundamentals using Kali Linux to find and exploit XSS, CSRF, SQLi, SSRF, XXE, CORS, SSTI, and more
  • Earn the OffSec Web Assessor (OSWA) certification upon passing the exam
Google 4.5/5 Average Rating
950+ Learners
Industry Recognized
Certification Body Offensive Security
Delivery Profice
Lowest price guaranteed
Self Paced Learning - 90 Days Access
€1950
Excl. VAT
Self Paced Learning - Access for 365 days
€3000
Excl. VAT
  • Exam voucher
  • Hands-on labs
  • Certificate
  • Lifetime support
  • Official courseware

Flexible payment — invoice, card or PayPal

Course Information

Course Code OSWA
Duration Self Paced
Delivery Self Paced
Exam Voucher Included
Certification Body Offensive Security
Certification OSWA

What You Will Learn

Understand and discover various types of Cross-Site Scripting (XSS) vulnerabilities
Exploit XSS vulnerabilities by injecting and executing malicious scripts
Comprehend and identify SQL Injection points and exploit them to manipulate database queries
Utilize fuzzing tools to discover SQL Injection vulnerabilities
Learn the Same-Origin Policy and how it interacts with cross-origin requests
Test and exploit Cross-Origin Resource Sharing (CORS) vulnerabilities
Identify and exploit Cross-Site Request Forgery (CSRF) vulnerabilities
Use tools like Burp Suite, Nmap, and Gobuster for web application testing
Perform file, directory, and parameter discovery using tools like Wfuzz and Hakrawler
Apply offensive JavaScript techniques for web application exploitation

Course Curriculum

Gain hands-on experience with industry-standard tools used by web application penetration testers

Introduction, Discovery, Exploitation and Case Study Learn how attackers inject malicious code into web pages to hijack user sessions, steal sensitive data, or deface websites

Discover how attackers trick authenticated users in web applications and learn how you can identify and exploit CSRF vulnerabilities

Misconfigurations Understand how to identify and fix CORS misconfigurations to keep your web applications safe

Discover the techniques that attackers use to steal sensitive information related to a web application’s database structure and how to stop them

Exploit vulnerabilities in web applications through SQL injections and learn techniques to prevent and mitigate SQL injection attacks

Learn how to identify and exploit directory traversal vulnerabilities and how you can prevent attackers from accessing restricted areas in your web servers

Learn how attackers user manipulate XML processors to exploit input vulnerabilities, how to secure your XML parsers, and to prevent XXE vulnerabilities in your web applications

Learn how to identify and exploit SSTI vulnerabilities and how you can protect your web applications from server-side template injections

Understand different SSRF attack vectors and how to implement countermeasures against them

Learn how attackers take advantage of command injection vulnerabilities and the potential impact on your system’s integrity. Practice identifying, exploiting, and mitigating command injection vulnerabilities

Learn how to handle object references in a secure manner to prevent attackers from accessing private data or performing unauthorized actions

Combine and expand different web application attack and assessment techniques you’ve learned throughout the course

Get the Full Syllabus as a PDF

Curriculum, exam format & everything included — sent straight to your inbox.

All You Need to Know

Who Should Attend

The WEB-200 course is ideal for:

  • Security professionals seeking to enhance their web application security testing skills
  • Those with knowledge of web development technologies and familiarity with Linux systems
Prerequisites

While there are no formal prerequisites, it’s strongly recommended that you have a basic understanding of:

  • Web development technologies (HTML, CSS, JavaScript)
  • Networking Fundamentals
  • Linux operating system basics

Premium training, now at the lowest price.

Self Paced Learning - 90 Days Access €1950 excl. VAT
Self Paced Learning - Access for 365 days €3000 excl. VAT
4.5/5 Official Offensive Security partner Exam included 950+ alumni
Lowest price guaranteed Ready to enrol?

No payment now — reserve your seat and we'll send the invoice.

Under a minute · invoice, card or PayPal
How it works: 1 Submit your details 2 Receive your invoice 3 Pay & get access