SINCON 2024 — WEB-200 LIVE Training: Foundational Web Application Assessments with Kali Linux by OffSec

Learn the foundations of web application assessments with Foundational Web Application Assessments with Kali Linux (WEB-200). Learners who complete the course and pass the exam will earn the OffSec Web Assessor (OSWA) certification and will demonstrate their ability to leverage web exploitation techniques on modern applications. This course teaches learners how to discover and exploit common web vulnerabilities and how to exfiltrate sensitive data from target web applications. Learners that complete the course will obtain a wide variety of skill sets and competencies for web app assessments.

TRAINING PRICE

• Super Early Bird: $6,500 USD (Sign up by 30 September 2023)
• Early Bird: $7,000 USD (Sign up by 16 February 2024)
• Standard: $8,100 USD (Sign up by 05 May 2024)
• Late: $9,800 USD

BENEFITS

Learners will learn how to:

• Enumerate web applications and four common database management systems
• Manually discover and exploit common web application vulnerabilities
• Go beyond alert() and actually exploit other users with cross-site scripting
• Exploit six different templating engines, often leading to RCE

WHO IS THIS COURSE FOR?

• Job roles like: Web Penetration Testers, Pentesters, Web Application Developers, Application Security Analysts, Application Security Architects, and SOC Analysts and other blue team members
• Anyone interested in expanding their understanding of Web Application Attacks, and/or Infra Pentesters looking to broaden their skill sets and Web App expertise

PREREQUISITES

• Web application basics
• Linux basics
• Networking basics

SYLLABUS

The course covers the following topics.

• Tools for the Web Assessor
• Cross-Site Scripting (XSS) Introduction, Discovery, Exploitation and Case Study
• Cross-Site Request Forgery (CSRF)
• Exploiting CORS Misconfigurations
• Database Enumeration
• SQL Injection (SQLi)
• Directory Traversal
• XML External Entity (XXE) Processing
• Server-Side Template Injection (SSTI)
• Server-Side Request Forgery (SSRF)
• Command Injection
• Insecure Direct Object Referencing
• Assembling the Pieces: Web Application Assessment Breakdown

View the full syllabus.

WHAT COMPETENCIES WILL YOU GAIN?

• Learners will obtain a wide variety of skill sets and competencies for Web App Assessments
• Learners will learn foundational Black Box enumeration and exploitation techniques
• Learners will leverage modern web exploitation techniques on modern applications

SUPPORTING YOUR JOURNEY

• Over 7 hours of video
• 492-page PDF course guide
• Active learner forums
• Private lab environment
• FREE 90 DAYS LAB ACCESS ONLINE COURSE + 1 CERT EXAM ATTEMPT
• FREE 6-MONTHS ALL ACCESS LEARN UNLIMITED SUBSCRIPTION (worth ~$3,000 USD)
• Complimentary OffSec Merchandise (View here)

TRAINER PROFILE 

Jon Michael Mancao

Jon started as a Software Engineer before entering the information security field. He loved investigating how things work and eventually dabbled in the inner workings of Operating Systems and Computer Architecture. There he discovered buffer overflows and started aiming for OSCP. He joined OffSec as a Student Mentor, where his experience in assisting and mentoring students was beneficial to his role as an OffSec Academy instructor.