Offensive Security: Advanced Web Attacks and Exploitation New content for 2020 - get 50% more

chrisone

Looks like the AWAE course has been updated this year with %50 more content. Same pricing.

WHAT’S NEW IN AWAE FOR 2020?

New

Material
- XML external entity injection
- Weak random token generation
- DOM XSS
- Server side template injection
- Command injection via websockets (black box material)
Labs: Three new private exercise machines with custom web apps
Updated control panel

In AWAE, students will learn how to:

Perform a deep analysis on decompiled web app source code
Identify logical vulnerabilities that many enterprise scanners are unable to detect
Combine logical vulnerabilities to create a proof of concept on a web app
Exploit vulnerabilities by chaining them into complex attacks

Find more posts tagged with

Save $250 on 2025 certification boot camps from Infosec!

Book now with code EOY2025

Button

Comments

yoba222

"...48 hour exam ... "

Did it used to be 48 hours?

LonerVamp

Nice, continuing to tempt me to commit to it.

charliemike

Anyone currently doing this course or did the old one? I'm looking at taking this one in the coming months (possibly next month) and I am trying to decide how to prepare for it. Is 30 days enough for lab time? I heard previously that 30 days was plenty of time for the AWAE and CTP labs.

chrisone

If you already have a few years experience of web app pentesting, then I could see 30 days being doable.

With the little experience I have with this path, I spent a month studying wetw0rk study guide to prep for the AWAE course. I was only able to touch 25% of the prep work "experience" one should have before attempting AWAE. I had a hard time understanding that little 25% within the month. I felt I needed a good 3-4 months of this prep work before attempting the AWAE course which I heard is dry and a lot of code review. Without prior experience I would find it hard for anyone to pass this cert within 30 days.

Not an authoritative statement, just my little experience and what I have read from other people experience.

charliemike

So you recommend 60 days for AWAE or the full 90? How many lab machines are there in the lab? I heard it was maybe like 7 or something. I also heard this course was more white box source code review like you said, less black box break into a computer kind of stuff like we saw with OSCP.

chrisone

I would be honest in telling you don't take my advice as truth. I do not know anything about the course or the exam. I was just stating a lot of people look for some sort of preparation before going into AWAE because it is really really hard. If you are experienced in web app pentesting then do the 30 days. Only you can really answer that question.

If it were me, I would need

3-4 months doing the AWAE prep from wetw0rks.
Possibly another added 2 months doing Burp Suite free online courses and triple-reading "The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws 2nd Edition."
I would also consider another month of webapp pentesting vms or online pentesting challenges (pentesterlabs, pentester academy active defense labs, other materials I am sure are out there) for hands-on.
Then I would get the 60 day lab minimum or 90 day if I could afford it.

It is an expert level course, walking into it without any web app experience would be a very rough challenge. Especially 30 days only. With minimum web app pentesting experience I would recommend you expect to spend 6 months minimum on this journey.

In any case, do what you feel is right based on your experience.