My Offensive Security OSWA certification experience and my personal opinion what helps in preparation for the exam. You think I missed something or have a question? Just reach out by creating an issue or sending me message on Twitter
The Offensive Security Web Assessor is the certification based on the web-200 course. The goal of the web-200 course is to enable the participant to perform black box web application penetration tests. Therefore, the course covers every relevant topic a pentester needs in these kind of penetration tests. For a more detailed view regarding the content you can view the following resources:
- https://www.offensive-security.com/web200-oswa/
- https://www.offensive-security.com/documentation/WEB-200-Syllabus.pdf
If you already took the OSCP certification of Offensive Security, the exam details probably sound very similar in your ears. The following points are some basic facts about the exam:
- 24 hours happy hacking
- 24 hours after the hacking part finished you need to have uploaded your pentest report
- 5 machines to pwn
- every machine has a local.txt and a proof.txt
- a total number of 100 points can be achived
- you need 70 points and a valid pentest report to pass the exam
If you want to know more details feel free to visit the official exam guide: https://help.offensive-security.com/hc/en-us/articles/4410105650964
I would consider myself as a pentester with some decent level of experience. But I have to admit that the time frame in this certification probably makes it even for more experienced pentesters not like a walk in the park. So, for me the key to pass the exam were different points:
- go completely through the course material (even if you think you already know everything... there might be tips and tricks you did not know)
- clear all exercises
- clear all challenge labs
- watch all videos (repition is the key to learn things)
- make some write up of the course where you write down commands in a copy/paste style, so you can recycle them during your exam (I did this several times)
- if you have a subscription I would highly recommend doing the proving ground boxes provided by Offensive Security to gain speed in solving boxes
- speed, speed, speed... you need speed in clearing web application based CTF boxes to get fast enough to clear the exam boxes in the given time (basically you have about 3 to 3.5 hours per box if you at least want to have some sleep during the exam)
- parallelize tasks (e.g.: if you are performing some kind of dir busting, manually look at the target website and look for the juicy spots)
- be consequent: if you realize you are totally stuck, switch the target and come back later
- make screenshots of every part of your exploitation steps in the moment you are successfully exploiting the target (you will need them during the reporting part)
It is difficult to recommend specific Proving Grounds boxes to prepare for the exam, as everyone is different. However, here are some boxes I would recommend to solve to get some practice.
- FunBoxEasyEnum
- Inclusiveness
- Potato
- Shakabra
- Sumo
- Hawat
- Interface
Even if Hack The Box (HTB) machines require privilege escalation and this is out of scope for the OSWA I also would recommend some of the boxes for the exam preparation.
If you want to have a look at WriteUps a friend of mine and me made together have a look at our blog