Read on Twitter
#OSWE tip 1
If you are spending a money opting a certification it is to learn new things out of it, OSWE was focused on Web app Source Code Review, I learned all the additional required things and registered for it when I didn't knew about Code Review
If you are spending a money opting a certification it is to learn new things out of it, OSWE was focused on Web app Source Code Review, I learned all the additional required things and registered for it when I didn't knew about Code Review
#OSWE tip 2
The certification is not a entry level cert but a advanced level, so it is expected from you that you are already having a experience in Pentesting, completing OSCP can be one of them, other than this Pentesterlab, or a hands-on experience of webapp testing
The certification is not a entry level cert but a advanced level, so it is expected from you that you are already having a experience in Pentesting, completing OSCP can be one of them, other than this Pentesterlab, or a hands-on experience of webapp testing
#OSWE tip 3
Your need to be familiar with atleast one of the programming language, in which you can automate whole exploitation and other small things during lab time, i used python, but there is no limitation from offsec side
What is your choice
Your need to be familiar with atleast one of the programming language, in which you can automate whole exploitation and other small things during lab time, i used python, but there is no limitation from offsec side
What is your choice
#OSWE tip 4
The course it focused on code review but for that you will need to be familiar with basics of programming so that you can understand the code and can follow the codeflow, it is not require that you have to be able to write your own code
The course it focused on code review but for that you will need to be familiar with basics of programming so that you can understand the code and can follow the codeflow, it is not require that you have to be able to write your own code
#OSWE tip 5
Other than programming languages, you will need to be familiar with the concepts of SQL and SQL queries, understanding how the queries work in each sql and basic concepts, writing your own queries to perform simple operations
Other than programming languages, you will need to be familiar with the concepts of SQL and SQL queries, understanding how the queries work in each sql and basic concepts, writing your own queries to perform simple operations
#OSWE tip 6
In addition to the above you should also be familiar with implementation of SQL with programming languages and how many methods are there to implement SQL operations in particular technology. There can be more than 1-2 for sure
In addition to the above you should also be familiar with implementation of SQL with programming languages and how many methods are there to implement SQL operations in particular technology. There can be more than 1-2 for sure
#OSWE tip 7
As from the publicly available index of course content the course includes following technologies
1. PHP
2. Java
3. Node.js & Javascript
4. C#
5. Python
And SQL
1. MySQL/MariaDB
2. PostreSQL
You should be familiar with basic concepts
As from the publicly available index of course content the course includes following technologies
1. PHP
2. Java
3. Node.js & Javascript
4. C#
5. Python
And SQL
1. MySQL/MariaDB
2. PostreSQL
You should be familiar with basic concepts
#OSWE tip 8
As I said earlier to be familiar with Pentesting, below are some vulnerabilities listed you should read about
1. SQL Injection
2. File Upload(bypass)
3. LFI/RFI/Directory Traversal
4. XSS/CSRF
5. SSTI/XXE
I would not say in depth, but knowing basics will save time
As I said earlier to be familiar with Pentesting, below are some vulnerabilities listed you should read about
1. SQL Injection
2. File Upload(bypass)
3. LFI/RFI/Directory Traversal
4. XSS/CSRF
5. SSTI/XXE
I would not say in depth, but knowing basics will save time
#OSWE tip 9
For the above mentioned vulnerabilities you can read @Hacker0x01 publicly available reports @PentesterLand also contains a list of very good categorized writeups. Practice on @PentesterLab
For the above mentioned vulnerabilities you can read @Hacker0x01 publicly available reports @PentesterLand also contains a list of very good categorized writeups. Practice on @PentesterLab
#OSWE tip 10
Now about the lab, as of my experience I think a 2 month lab is good choice to go and learn in depth, there are many things to learn and in lack of time you will miss many things as I did
Now about the lab, as of my experience I think a 2 month lab is good choice to go and learn in depth, there are many things to learn and in lack of time you will miss many things as I did
#OSWE tip 11
You should go through all the content both in PDF & Video, there may be some cases where you can find something in pdf which is not in videos or Vice-versa, at the same time try to follow it in the respective lab machine
You should go through all the content both in PDF & Video, there may be some cases where you can find something in pdf which is not in videos or Vice-versa, at the same time try to follow it in the respective lab machine
#OSWE tip 12
After replication and understanding the explained analysis and exploitation procedure, the next step is Exercises, this will be objectives related to explanation like automation of that or finding something similar, easy objectives if you understood the vulnerability
After replication and understanding the explained analysis and exploitation procedure, the next step is Exercises, this will be objectives related to explanation like automation of that or finding something similar, easy objectives if you understood the vulnerability
#OSWE tip 13
Extra Miles, this is where the things start getting complicated, this are objectives which may or may not be related to the explained vulnerability. This can be (easy, medium, hard, WTF)
Extra Miles, this is where the things start getting complicated, this are objectives which may or may not be related to the explained vulnerability. This can be (easy, medium, hard, WTF)
#OSWE tip 14
I would recommend everyone to complete Extra Miles as it will give you a brief about the Exam. This is like going above and beyond, there are some extra miles which may take a week also but believe me it's worth it
I would recommend everyone to complete Extra Miles as it will give you a brief about the Exam. This is like going above and beyond, there are some extra miles which may take a week also but believe me it's worth it
#OSWE tip 15
After completing extra miles you will be familiar with the application, so I will recommend that you should review the application and try to find more similar vulnerabilities, most of the lab machines are having more than 2 vulnerabilities not mentioned in course
After completing extra miles you will be familiar with the application, so I will recommend that you should review the application and try to find more similar vulnerabilities, most of the lab machines are having more than 2 vulnerabilities not mentioned in course
#OSWE tip 16
After lab take some time go through open source applications and review the source code try to find some vulnerabilities in real life, doind that will improve the skills and also will give a confidence boost up
After lab take some time go through open source applications and review the source code try to find some vulnerabilities in real life, doind that will improve the skills and also will give a confidence boost up
#OSWE tip 17
Now for exam, the main thing is to take proper rest, stay hydrated and don't be in hurry, take power napsin between wheneveryou fill, also ensure a proper internet connection as you will have to work mostly with RDP
Now for exam, the main thing is to take proper rest, stay hydrated and don't be in hurry, take power napsin between wheneveryou fill, also ensure a proper internet connection as you will have to work mostly with RDP
#OSWE tip 18
As @offsectraining said it is marathon not sprint. So start easy try to understand application and code do proper analysis, debug it, if you think you got something try hit->debug continously until it's exploited
As @offsectraining said it is marathon not sprint. So start easy try to understand application and code do proper analysis, debug it, if you think you got something try hit->debug continously until it's exploited
#OSWE tip 19
Try until all pieces come together, there will be a time when you will start putting all pieces in place and you will be happy to see that all the hardwork and efforts you have put are worth it. Most importantly believe in yourself
Try until all pieces come together, there will be a time when you will start putting all pieces in place and you will be happy to see that all the hardwork and efforts you have put are worth it. Most importantly believe in yourself
#OSWE tip 20
So it is all the information that I can share for now, further more I will be writing a blog soon on my experience and all the resources that I can share. I will check with @offsectraining before publishing blog so that it does not impact any policies
So it is all the information that I can share for now, further more I will be writing a blog soon on my experience and all the resources that I can share. I will check with @offsectraining before publishing blog so that it does not impact any policies
