WEB-200: Web Attacks with Kali Linux
Explore the OffSec WEB-200: Web Attacks with Kali Linux Program
The essential web application security course, building your skills to identify, exploit, and defend against real-world web vulnerabilities.
Key features & benefits
50+ hands-on labs focused on real-world web application vulnerabilities and attacks
Comprehensive coverage of web exploitation techniques and defense strategies
Built on industry-standard tools like Burp Suite and Kali Linux
Develop practical, job-ready skills for web penetration testing and application security
Learn to identify, exploit, and mitigate common and advanced web threats
Gain a strong foundation for advanced courses like WEB-300 and OSWE certification
Trusted by leading companies and cybersecurity teams to train skilled professionals
A perfect starting point to launch or advance your career in web application security
Course outline
Module 01
Tools for the web assessor
Tools for the web assessor
Gain hands-on experience with industry-standard tools used by web application penetration testers
Module 02
Cross-site scripting (XSS) introduction, discovery, exploitation and case study
Cross-site scripting (XSS) introduction, discovery, exploitation and case study
Learn how attackers inject malicious code into web pages to hijack user sessions, steal sensitive data, or deface websites
Module 03
Cross-site request forgery (CSRF)
Cross-site request forgery (CSRF)
Discover how attackers trick authenticated users in web applications and learn how you can identify and exploit CSRF vulnerabilities
Module 04
Exploiting CORS misconfigurations
Exploiting CORS misconfigurations
Understand how to identify and fix CORS misconfigurations to keep your web applications safe.
Module 05
Database Enumeration
Database Enumeration
Discover the techniques that attackers use to steal sensitive information related to a web applications database structure and how to stop them.
Module 06
SQL injection (SQLi)
SQL injection (SQLi)
LExploit vulnerabilities in web applications through SQL injections and learn techniques to prevent and mitigate SQL injection attacks.
Module 07
Directory traversal
Directory traversal
Learn how to identify and exploit directory traversal vulnerabilities and how you can prevent attackers from accessing restricted areas in your web servers.
Module 08
XML external entities
XML external entities
Learn how attackers user manipulate XML processors to exploit input vulnerabilities, how to secure your XML parsers, and to prevent XXE vulnerabilities in your web applications.
Module 09
Sever-side template injections (SSTI)
Sever-side template injections (SSTI)
Learn how to identify and exploit SSTI vulnerabilities and how you can protect your web applications from server-side template injections
Module 10
Server-side request forgery (SSRF)
Server-side request forgery (SSRF)
Understand different SSRF attack vectors and how to implement countermeasures against them.
Module 11
Command injection
Command injection
Learn how attackers take advantage of command injection vulnerabilities and the potential impact on your system’s integrity. Practice identifying, exploiting, and mitigating command injection vulnerabilities.
- Perform footprinting on the target network using search engines, internet research services, and social networking sites
- Perform whois, DNS, network, and email footprinting on the target network
- Perform Footprinting using A
Key topics covered: Reconnaissance, Footprinting Using Advanced Google Hacking Techniques, Footprinting through People Search Services, Dark Web Footprinting, Competitive Intelligence Gathering, Footprinting through Social Networking Sites, Whois Lookup, DNS Footprinting, Traceroute Analysis, Email Footprinting, Footprinting through Social Engineering, AI-Powered OSINT Tools
Module 12
Insecure direct object referencing
Insecure direct object referencing
Learn how to handle object references in a secure manner to prevent attackers from accessing private data or performing unauthorized actions.
Module 13
Assembling the pieces: web application assessment breakdown
Assembling the pieces: web application assessment breakdown
Combine and expand different web application attack and assessment techniques you’ve learned throughout the course.
Our partners & vendors
Ready to grow your cybersecurity team?
Training prerequisites
Core knowledge
Understanding of web technologies such as HTTP/HTTPS, HTML, CSS, and JavaScript. Familiarity with common web vulnerabilities like SQL injection, XSS, and authentication issues. Basic knowledge of networking concepts, including TCP/IP, DNS, and standard network services.
Technical skills
Comfortable working with Linux systems, including: Command-line navigation and basic scripting, Managing file systems, permissions, and processes, Installing and configuring software packages
Familiarity with Windows environments and basic system administration tasks.
Ability to use essential security and troubleshooting tools such as: curl, nmap, Burp Suite, netcat, ping, and traceroute.
Recommended experience
Confident using Linux or macOS (or Windows Subsystem for Linux).
Can install packages and use command-line tools.
Understands basic file systems, permissions, and user management.
Training & register details
TRAINING OVERVIEW
WEB-200: Web Attacks with Kali Linux
Build your team’s expertise in web application security with hands-on training through the industry-recognized WEB-200 course.
Duration: 231h of content
Format: Online
Level: Intermediate
Language: English
Exam: online
HOW TO REGISTER
1. Submit Your Application
Fill out a quick application to show your interest in the WEB-200: Web Attacks and Exploitation course.
2. Intro Call
We’ll schedule a short call to discuss your background, web security knowledge, and learning goals.
3. Confirm Your Spot
Once accepted, complete your enrollment and get all the details and prep materials to start your journey.
4. Start Learning
Access the WEB-200 learning platform, dive into hands-on labs, and begin building your web application security skills.
5. Join the Community
Connect with peers and mentors through exclusive chats, events, and networking opportunities to grow together.
Who is OSWA for?
Aspiring web security professionals
Kickstart your career in web application security with hands-on, real-world training. Build essential skills to identify and exploit vulnerabilities in modern web technologies.
Teams & enterprises
Strengthen your organization’s defenses by training your teams to think like attackers and secure web applications from evolving threats.
Government & Defense
Trusted by government agencies and defense sectors to develop specialists capable of protecting critical web-based systems and data.
Educators
Enhance your cybersecurity programs with practical, lab-driven content, helping students gain real-world experience in web application security.
FAQ
What is the WEB-200 course?
WEB-200: Web Attacks and Exploitation is a hands-on, practical course by OffSec designed to teach the fundamentals of web application security. It focuses on identifying, exploiting, and mitigating real-world web vulnerabilities, providing a strong foundation for advanced web security training such as WEB-300 and OSWE certification.
Who should take the WEB-200 course?
The course is ideal for:
- Aspiring web application penetration testers
- Security analysts and SOC team members
- Web developers looking to understand application vulnerabilities
- Cybersecurity students building their offensive security skills
- Teams and enterprises focused on securing web-based systems
What skills will I gain from WEB-200?
You will learn to:
- Identify and exploit common web vulnerabilities such as SQL injection, XSS, and authentication flaws
- Understand web technologies and protocols like HTTP, HTTPS, and JavaScript
- Use professional tools such as Burp Suite, curl, and nmap for web exploitation
- Apply secure coding practices to prevent vulnerabilities in development
- Build a foundation for advanced courses like WEB-300 and the OSWE exam
Does WEB-200 include a certification?
While WEB-200 itself is a training course, it prepares you for WEB-300: Advanced Web Attacks and Exploitation, which leads to the prestigious OSWE certification.