Leader in the cybersecurity training sector.

Contact

Offensive Security Web Expert (OSWE) preparation

Catégorie
Satisfaction rate
4.5
Success rate
5

The target audience for training

  • Experienced penetration testers wishing to learn more about web application security audits.
  • Specialists in web application security.
  • Web developers looking to enhance their security skills.

What you will learn

Preparation for Offensive Security Web Expert (OSWE) certification will enable you to master advanced penetration testing techniques specific to web applications. You will learn how to identify and exploit complex vulnerabilities in web environments, focusing on source code analysis, exploitation of logical flaws and manipulation of application flows. This course will focus on an in-depth understanding of the internal mechanisms of web applications, as well as the ability to develop custom exploits to demonstrate compromise. As a result, you will develop in-depth expertise in effectively securing web applications against targeted attacks.

Training programme

  • Duration: 5 days
  • Introduction and methodology
    • Presentation of the AWAE course.
    • Teaching approach and objectives.
    • Use of AWAE laboratories.
  • Tools and methodologies
    • Web traffic inspection with Burp Suite.
    • Interaction with web headphones via Python.
    • Source code recovery and analysis.
    • Source code analysis methodology.
    • Debugging and remote debugging.

 

  • Practical case studies
    • ATutor: authentication bypass and remote code execution.
    • ATutor LMS: juggling vulnerability.
    • ManageEngine Applications Manager: SQL injection and RCE.
    • Bassmaster NodeJS: arbitrary JavaScript injection.
    • DotNetNuke: deserialization of cookies and RCE.
    • ERPNext: authentication bypass and SSTI.
    • openCRX: authentication bypass and remote code execution.
    • openITCOCKPIT: XSS and OS command injection.
    • Concord: authentication bypass to RCE.
    • Guacamole Lite: JavaScript prototype pollution.

Training objectives

  • Master advanced security audit techniques for web applications in a white-box environment.
  • Identify and exploit complex vulnerabilities using source code analysis.
  • Developing custom operating scripts for web applications.
  • Preparing for and passing the OSWE certification exam.

Training prerequisites

  • Comfortable reading and writing at least one programming language (PHP, Java, C#, JavaScript).
  • Familiarity with Linux.
  • Ability to write simple scripts in Python, Perl, PHP or Bash.
  • Experience with web proxies (e.g. Burp Suite).
  • General understanding of web application attack vectors.
See the brochure for this course
  • Level : Intermediary
  • Certification body : ACG CYBERACADEMY
  • Certification: Yes
  • Accessibility : Yes
  • Duration: 5 days
Contact us
Book Now

Important information:

Our courses are not registered with the Répertoire National des Certifications Professionnelles (RNCP), but they do comply with the requirements of the Répertoire Spécifique (RS).

Réserver l’événement

icône Form/calendar icon
icône Form/ticket icon
icône Form/up small icon icône Form/down small icon
Billets disponibles: Illimité
Le billet de "" est épuisé. Vous pouvez essayer un autre billet ou une autre date.

We use cookies to improve your experience. See our Cookie policy and our Privacy policy.

Information request

I would like more information about your training courses

ACG Cyberacademy collects and uses the data provided via this form in order to process your registration requests. Fields marked with an * are required. The other information enables us to optimise the follow-up of your request and the quality of our customer relations.