OSWE opinions

Now that OSWE has been released as an online course like OSCP and the rest, it's making me ponder whether to for it before OSCP. I was curious if anyone here took it and can share some thoughts in terms of its difficulty and prerequisites. I'm currently dealing on the appsec side, so the web course seems just the right move for the present situation. I plan to prepare by subscribing to PentesterLab first.
I've got to finish a couple other certs that I've been working on before starting either way, but I'm really hyped about it! Happy to hear some more thoughts on this.
I've got to finish a couple other certs that I've been working on before starting either way, but I'm really hyped about it! Happy to hear some more thoughts on this.
Comments
l got access to the course content a couple weeks back and watched the videos content for it within a couple days. l'm personally very impressed by the content. l managed to land the eWPT back in 2014, and even if l'm rusty now days - l was still blown away by what they show off in AWAE. l even have access to the eWPTX material and it blows it out of the water.
The course shows off how powerful scripting is when pulling off these attacks. lt's all way more than just knowing how to use Burp Suite in the course. The scripts and payloads these guys come up with accomplishing these attacks will leave you going back and re-watching the video content again and again. l need to go back a second time and easily a 3rd time through to wrap my head around it. 30 days in my opinion is do-able lab time wise. l opted in for 30 but being 2 weeks in and having only connected to the Labs once because l've been busy means l'm just going to need to buy more time.
They're not playing around with their pre-requisites to the course. A developer background will help you out. You're taken through various platform scenarios (Java,Javascript (Node), C#, PHP, etc) (see their syllabus) and most of the course material approaches attacking it from a White Box perspective. lt's really amazing seeing these guys being able to sift through and examine source code, explain how it's vulnerable and flat out demonstrate exploitation of it in front of your eyes. They take it way beyond popping up cute xss alert boxes and combine/chain multiple attack vectors to gain remote code execution.
I work as a Senior Software Engineer and l was left with goosebumps seeing them show other people's source code and being able to point out, "Well they did a good job here at sanitization - but we're just going to take advantage of where it was overlooked in this place." Glad they got this one online - but l'm honestly a little in fear of what the exam is going to entail.
2023 Cert Goals: SC-100, eCPTX
Goals for 2019 : OSEE
Goals for 2020 : OSWE
Security Engineer/Analyst/Geek, Red & Blue Teams
OSCP, GCFA, GWAPT, CISSP, OSWP, AWS SA-A, AWS Security, Sec+, Linux+, CCNA Cyber Ops, CCSK
2021 goals: maybe AWAE or SLAE, bunch o' courses and red team labs?