This course provides a comprehensive overview of web application vulnerabilities and how to exploit them using tools available in Kali Linux.
The objective of this course is to teach the basic concepts required to get started in the fields of information security, penetration testing or application security. Web applications often represent the largest attack surface for an organization – anyone with a browser and internet access can discover and interact with a publicly accessible web application. By learning the skills and techniques taught in this course, you will be able to identify and exploit vulnerabilities in web applications.
WEB-200 covers topics and examples on many web application skills, including:
- Exploiting various types of cross-site scripting (XSS) vulnerabilities using our Kali Linux environment
- Implementation of web applications Reconnaissance, enumeration of web applications and procurement or generation of word lists
- Use of fuzzing tools for SQL injection vulnerabilities and sqlmap for automated website crawls, but also when a manual approach is preferred
- Mastering the Burp Suite tools: Repeater, Comparer, Intruder, and Decoder to become an effective web assessor
- Understanding the impact of Server-Side Request Forgery (SSRF), including the genesis of the vulnerability and its interaction with the vulnerable server, using a case study of two SSRF vulnerabilities found in a real-world application.
WEB-200: From the basics to OSWA certification
WEB-200 is divided into 16 modules, each containing detailed explanations, specific case studies, and practical exercises to emphasize the discovery, testing, and exploitation of these vulnerabilities, thus improving offensive security capabilities. After completing the modules, learners can test their knowledge in one of 9 challenge labs. Once prepared, learners can take the OffSec Web Assessor (OSWA) certification and earn the right to claim this achievement to employers.
WEB-200 is designed for learners who want to acquire fundamental skills in professional web application assessment. The course material helps to understand the attacks and techniques used by malicious actors against web applications. Please note that basic knowledge of Linux, networking, and scripting is very helpful for this course.