OSWA Review

Back in December 2022, OffSec was offering $500 off of their LearnOne Subscription. If you're not familiar with OffSec's LearnOne Subscription, it's a subscription that gives you access to one course of your choice for a year, along with the associated certification exam attempt.

I had been eyeing their Offensive Security Web Assessor (OSWA) course for a while, so I decided to take advantage of the discount. The OSWA is focused on web application security and covers topics like authentication, authorization, input validation, and more.

Course Structure

The course is structured around a series of modules, each covering a different aspect of web application security. Each module includes theory, practical exercises, and challenges that help reinforce the concepts being taught.

One thing I appreciated about the course was the hands-on nature of the material. Rather than just reading about vulnerabilities, you're actively exploiting them in the provided lab environment. This really helps cement the concepts and gives you practical experience that you can apply in real-world scenarios.

Exam Experience

The exam is a 24-hour practical assessment where you're given access to a number of vulnerable web applications. Your task is to identify and exploit the vulnerabilities to gain specific pieces of information (flags).

I found the exam to be challenging but fair. It tests not just your technical skills, but also your methodology and approach to web application testing. Time management is crucial, as is maintaining good notes throughout the process.

Preparation Tips

• Complete all the exercises and challenges in the course material
• Practice, practice, practice - set up your own vulnerable applications to test
• Join communities like the OffSec Discord to discuss concepts with others
• Take detailed notes during your studies that you can reference during the exam
• Get comfortable with your testing methodology and tools before the exam

Conclusion

Overall, I found the OSWA course and certification to be valuable additions to my security knowledge. The material is well-structured, the labs are excellent, and the exam is a fair test of your abilities.

If you're interested in web application security, I'd definitely recommend considering the OSWA. The skills you'll learn are directly applicable to real-world security testing scenarios.