Offensive Security Web Assessor (OSWA)

Published by Matheus Boschetti on

As an Offensive Security 200 level course, OSWA can be easily compared to OSCP at a certain level, where you’ll have 5 Web applications as targets with the objective of collecting local.txt and proof.txt flags to score points. Every flag equates to 10 points each, and you will need 70 points to be approved.

As per OffSec’s definition:

The exam consists of 5 independent targets and each target will contain local.txt and proof.txt files.

Students will learn how to:

  • Enumerate web applications and four common database management systems
  • Manually discover and exploit common web application vulnerabilities
  • Go beyond alert() and actually exploit other users with cross-site scripting
  • Exploit six different templating engines, often leading to RCE


Background and Preparation

I’ve been working with pentesting for a while now, and assessing webapps is something I do on an almost daily basis. My preparation consisted of doing the 6 lab machines available, plus a few more on Proving Grounds as per Discord folks’ recommendation.


Exam Experience

I really did underestimate the exam thinking it would be easy and simple, but as typical OffSec fashion it was quite the opposite!

My exam was scheduled to start at 9am on January 21st. I started the exam in a very slow pace, reaching only 10 points after around 6 hours. The exam machines were, in my opinion, very different from the lab ones. I would also rate them as harder in difficulty.

Overall I didn’t find the scenarios very realistic, it’s far from what I usually do on my daily job, in some way it reminded me of my eWPT experience.The applications were also more unstable compared to my OSCP experience, I had to revert the machines a few times and some functionalities would vary in their behavior.

There were, however, a few interesting spins for both the labs and the exam machines that made me satisfied with the overall experience. It’s also a good thing to get out of the “usual stuff” by doing such exams and challenges.


Final Thoughts

To be honest I really just took the exam to have another OffSec cert under my name, as I was already familiar with the topics covered by the training.

I think the only downside to this is that there are only 6 lab machines available as of now, which can be an even bigger downside if you actually intend to learn and practice.

With all the Web stuff available out there for free, I’m really not sure if it’s worth paying for the course depending on the price, which at the time (December 2022) was $1999 for the LearnOne subscription.

Categories: Certification Review
Tags:

0 Comments

Leave a Reply

Avatar placeholder

Your email address will not be published. Required fields are marked *

Related Posts

Certification Review

Offensive Security Web Expert (OSWE)

Advanced Web Attacks and exploitation (WEB-300) is an advanced web application security course that teaches the skills needed to conduct white box web app penetration tests. Learners who complete the course and pass the exam Read more…

Certification Review

Offensive Security Wireless Professional (OSWP)

Wireless Attacks (PEN-210) introduces learners to the skills needed to audit and secure wireless devices and is a foundational course alongside PEN-200 and benefits those who would like to gain more skills in network security. Read more…

Certification Review

eLearnSecurity Mobile Application Penetration Tester (eMAPT)

As mobile apps are a very common scope between the projects I currently take, I realized it would be a good idea to get certified on the topic. eMAPT is the only mobile certification besides Read more…