Offensive Security Web Expert (OSWE) preparation
The target audience for training
- Experienced penetration testers wishing to learn more about web application security audits.
- Specialists in web application security.
- Web developers looking to enhance their security skills.
What you will learn
Preparation for Offensive Security Web Expert (OSWE) certification will enable you to master advanced penetration testing techniques specific to web applications. You will learn how to identify and exploit complex vulnerabilities in web environments, focusing on source code analysis, exploitation of logical flaws and manipulation of application flows. This course will focus on an in-depth understanding of the internal mechanisms of web applications, as well as the ability to develop custom exploits to demonstrate compromise. As a result, you will develop in-depth expertise in effectively securing web applications against targeted attacks.
Training programme
- Duration: 5 days
- Introduction and methodology
- Presentation of the AWAE course.
- Teaching approach and objectives.
- Use of AWAE laboratories.
- Tools and methodologies
- Web traffic inspection with Burp Suite.
- Interaction with web headphones via Python.
- Source code recovery and analysis.
- Source code analysis methodology.
- Debugging and remote debugging.
- Practical case studies
-
- ATutor: authentication bypass and remote code execution.
- ATutor LMS: juggling vulnerability.
- ManageEngine Applications Manager: SQL injection and RCE.
- Bassmaster NodeJS: arbitrary JavaScript injection.
- DotNetNuke: deserialization of cookies and RCE.
- ERPNext: authentication bypass and SSTI.
- openCRX: authentication bypass and remote code execution.
- openITCOCKPIT: XSS and OS command injection.
- Concord: authentication bypass to RCE.
- Guacamole Lite: JavaScript prototype pollution.
Training objectives
- Master advanced security audit techniques for web applications in a white-box environment.
- Identify and exploit complex vulnerabilities using source code analysis.
- Developing custom operating scripts for web applications.
- Preparing for and passing the OSWE certification exam.
Training prerequisites
- Comfortable reading and writing at least one programming language (PHP, Java, C#, JavaScript).
- Familiarity with Linux.
- Ability to write simple scripts in Python, Perl, PHP or Bash.
- Experience with web proxies (e.g. Burp Suite).
- General understanding of web application attack vectors.
- Language : French
- Level : Intermediary
- Certification body : ACG CYBERACADEMY
- Certification: Yes
- Accessibility : Yes
- Duration: 5 days
Important information:
Our courses are not registered with the Répertoire National des Certifications Professionnelles (RNCP), but they do comply with the requirements of the Répertoire Spécifique (RS).