OffSec WEB-200 (OSWA)
Provided by QA
Overview
Foundational Web Application Assessments with Kali Linux and OSWA Certification
Learn the foundations of web application assessments with Foundational Web Application Assessments with Kali Linux (WEB-200). Learners who complete the course and pass the exam will earn the OffSec Web Assessor (OSWA) certification and will demonstrate their ability to leverage web exploitation techniques on modern applications. This course teaches learners how to discover and exploit common web vulnerabilities and how to exfiltrate sensitive data from target web applications. Learners that complete the course will obtain a wide variety of skill sets and competencies for web app assessments.
Who should attend this course:
Anyone interested in expanding their understanding of Web Application Attacks, and/or Infra Pentesters looking to broaden their skill sets and Web App expertise. Job roles include: Web Penetration Testers, Pentesters, Web Application Developers, Application Security Analysts, Application Security Architects, and SOC Analysts and other blue team members.
+
Prerequisites
All learners should have basic knolwedge of Web Applications, Linux and Networking.
+
Delegates will learn how to
Learners will learn how to:
Outline
Introduction to WEB200
Module 1 Secrets of Success with WEB200
Getting Started
Introduction to the Sandbox
Cross-Site Scripting - Exploitation
Penetration Testing Reports
SQL Overview
Introduction to SQL Injection
Directory Traversal Overview
Introduction to XML
Foundational Web Application Assessments with Kali Linux and OSWA Certification
Learn the foundations of web application assessments with Foundational Web Application Assessments with Kali Linux (WEB-200). Learners who complete the course and pass the exam will earn the OffSec Web Assessor (OSWA) certification and will demonstrate their ability to leverage web exploitation techniques on modern applications. This course teaches learners how to discover and exploit common web vulnerabilities and how to exfiltrate sensitive data from target web applications. Learners that complete the course will obtain a wide variety of skill sets and competencies for web app assessments.
Who should attend this course:
Anyone interested in expanding their understanding of Web Application Attacks, and/or Infra Pentesters looking to broaden their skill sets and Web App expertise. Job roles include: Web Penetration Testers, Pentesters, Web Application Developers, Application Security Analysts, Application Security Architects, and SOC Analysts and other blue team members.
+
Prerequisites
All learners should have basic knolwedge of Web Applications, Linux and Networking.
+
Delegates will learn how to
Learners will learn how to:
- Enumerate web applications and four common database management systems
- Manually discover and exploit common web application vulnerabilities
- Go beyond alert() and actually exploit other users with cross-site scripting
- Exploit six different templating engines, often leading to RCE
- The OSWA exam voucher is included in the course, and is a proctored exam
- The WEB-200 course and online lab prepares you for the OSWA certification
Outline
Introduction to WEB200
Module 1 Secrets of Success with WEB200
- Understand some of the general concepts surrounding application security
- Recognize the unique mindset of a successful application security professional
- Understand the pillars of prerequisite knowledge for application security
- Understand the CIA triad and what it means
- Understand other key terms and unique traits of this field
- Understand the basic tools available to students
- Understand the basic tools available tostudents
- Understand how to be 'hands-on' with the material
- Understand how to connect to the VPN
Getting Started
- Learn how to edit the /etc/hosts file
- Understand how to test and confirm that our host file changes are working
- Develop a basic understanding of proxies
- Learn how to leverage Burp Suite's built-in browser
- Understand how to work fluently with the Proxy tab and Intercept functionality
- Understand how to use both Repeater and Intruder
- Understand how to execute an Nmap NSE Script
- Learn how to scan a specific port
- Develop an understanding of the wordlistconcept
- Understand how we attempt to select the best wordlist for our scenario
- Learn the basics needed to construct our own wordlist
- Learn about Retrieval Practice
- Understand Spaced Practice
- Learn how to discover files using Wfuzz
- Discover how to find directories with Wfuzz
- Understand how to discover parameters with Wfuzz
- Learn how to leverage Wfuzz to fuzz parameters
- Develop the skills to fuzz POST data using Wfuzz
- Learn what a crawling or spidering tool is
- Understand how hakrawler works with https://archive.org The Wayback Machine) to gather its results
- Learn how to determine specific the web technology of a web application
- Understand how to choose the correct shell (matching the web technology)
Introduction to the Sandbox
- Understand how to use the custom sandbox
- Understand fundamentals of JavaScript
- Read and understand basic JavaScript code
- Use JavaScript APIs to exfiltrate data
- Understand the different types of XSS
- Exploit reflected server XSS
- Exploit stored server XSS
- Exploit reflected client XSS
- Exploit stored client XSS
Cross-Site Scripting - Exploitation
- Cross-Site Scripting - Exploitation
- Case Study: Shopizer Reflected XSS
- Discover an XSS vulnerability in Shopizer
- Create advanced payloads to load external JavaScript resources
- Discover application-specific attack vectors
- Exploit a Shopizer user using application-specific attacks
Penetration Testing Reports
- Understand what an origin is
- Understand the Same-Origin Policy and how it interacts with cross-origin requests
- Understand the concept of cross-origin requests
- Understand the SameSite attribute and its three possible settings
- Construct an Executive Summary
- Understand how to identify cross-site request forgery vulnerabilities
- Understand how to exploit cross-site request forgery vulnerabilities
- Discover a CSRF vulnerability in a real-world web application
- Exploit a CSRF vulnerability to create a new user
- Use JavaScript to chain multiple CSRF requests
- Understand how the SameSite attribute influences different versions of CSRF attacks
- Understand the concept of CORS
- Understand the common headers found on CORS requests
- Understand the common headers found on
- Understand how to identify CORS response headers
- Understand how CORS policies that trust arbitrary origins can be exploited
- Understand how CORS policies that implement incomplete allowlists can be exploited
SQL Overview
- Understand the basic syntax of SQL
- Understand how to retrieve data from a table
- Understand how to identify the version of a MySQL database
- Understand how to identify the schemas within a MySQL database
- Understand how to identify the tables within a schema in a MySQL database
- Understand how to identify the column names and data types in a table in a
- Understand how to identify the version of a SQL Server database
- Understand how to identify the current user of a SQL Server database
- Understand how to identify the databases within a SQL Server instance
- Understand how to identify the tables within a database in a SQL Server instance
- Understand how to identify the column names and data types in a table in a SQL Server database
- Understand how to identify the version of a PostgreSQL database
- Understand how to identify the current user of a PostgreSQL database
- Understand how to identify the schemas within a PostgreSQL database
- Understand how to identify the tables within a schema in a PostgreSQL database
- Understand how to identify the column names and data types in a table in a PostgreSQL database
- Understand how to identify the version of an Oracle database
- Understand how to identify the current user of an Oracle database
- Understand how to identify other users or schemas in an Oracle database
- Understand how to identify the tables within a schema in an Oracle database
- Understand how to identify the column names and data types in a table in an Oracle database
Introduction to SQL Injection
- Understand the concept of SQL injection
- Understand how the OR operator can modify the results of a SQL query
- Understand how to test web applications to identify SQL injection vulnerabilities
- Understand the basics of where injections points may occur in SQL queries
- How to use fuzzing tools to identify SQL injection vulnerabilities
- Understand how to build and use Error-based payloads
- Understand how to build and use Union-based payloads
- Understand how to use Stacked Queries
- Understand how to use SQL injection to read and write filesinjection vulnerabilities
- Understand the basics of remote code execution in Microsoft SQL Server
- Understand how to use sqlmap to identify SQL injection vulnerabilities
- Understand how to use sqlmap to obtain a basic OS shell
- Understand how to use sqlmap to create a web shell
- Discover the parameter vulnerable to SQL injection
- Craft an error-based payload to extract information from the database
Directory Traversal Overview
- Understand and work with the results of a vulnerability scan with Nessus
- Provide credentials to perform an authenticated vulnerability scan
- Gain a basic understanding of Nessus Plugins
- Understand the basics of the Nmap Scripting Engine NSE
- Perform a lightweight Vulnerability Scan with Nmap
- Work with custom NSE scripts
- Understand what a Traversal String is
- Understand basics of Relative Pathing
- Understand basics of Absolute Pathing
- Understand what a Directory Listing is
- Understand how to analyze a web application's parameter for directory listing
- Understand what successful exploitation of directory listings looks like
- Understand how to successfully exploit Directory Traversal
- Understand how to implement Wordlists/Payload Lists
- Understand how to fuzz a potentially vulnerable parameter with Wfuzz
- Understand how our case study of Home Assistant would initially be assessed
- Understand how to exploit this real-world case study
- Understand how to find and discover the documentation for a web application
Introduction to XML
- Understand the basic syntax of XML
- Understand the basic concepts of XML Entities
- Understand the basic concepts of XML External Entity injection
- Understand how to test for XXE injection vulnerabilitie
Enquire
Start date | Location / delivery | |
---|---|---|
18 Nov 2024 | QA London International House Centre E1W, 1st Floor, International House, E1W 1UN | Book now |
01132207150
01132207150