OffSec Web Assessor (OSWA)

Xudong Wu

OffSec Web Assessors (OSWAs) have demonstrated the ability to assess web applications, discover web application vulnerabilities, and exploit vulnerabilities to exfiltrate sensitive data, compromise user accounts, and obtain remote code execution. OSWAs can: * Perform black box assessments of web applications * Discover common web application vulnerabilities * Exploit web application vulnerabilities using manual and automated techniques They are able to assist web development teams in securing web app by proactively discovering vulnerabilities.

Skills / Knowledge

Cross-site scripting
SQL Injection
Cross-site Request Forgery
Weak CORS Policies
Directory Traversal
XML External Entity
Server-side Template Injection
Command Injection
Server-side Request Forgery
Insecure Direct Object References

Issued on

April 4, 2023

Expires on

Does not expire

Earning Criteria

Required

course

WEB-200: Foundational Web Application Assessments with Kali Linux