Advanced Web Attacks and Exploitation

0.1.1.1.1

1 Introduction
Modern web applications present an attack surface that has unquestionably continued to grow in
importance over the last decade. With the security improvements in network edge devices and
the reduction of successful attacks against them, web applications, along with social engineering,
arguably represent the most viable way of breaching the network security perimeter.
The desire to provide end-users with an ever-increasingly rich web experience has resulted in the
birth of various technologies and development frameworks that are often layered on top of each
other. Although these designs achieve their functional goals, they also introduce complexities into
web applications that can lead to vulnerabilities with high impact.
In this course, we will focus on the exploitation of chained web application vulnerabilities of
various classes, which lead to a compromise of the underlying host operating system. As a part
of the exploit development process, we will also dig deep into the methodologies and techniques
used to analyze the target web applications. This will give us a complete understanding of the
underlying flaws that we are going to exploit.
Ultimately, the goal of this course is to expose you to a general and repeatable approach to web
application vulnerability discovery and exploitation, while continuing to strengthen the
foundational knowledge that is necessary when faced with modern-day web applications.

1.1 About the AWAE Course

This course is designed to develop, or expand, your exploitation skills in web application
penetration testing and exploitation research. This is not an entry level course–it is expected that
you are familiar with basic web technologies and scripting languages. We will dive into, read,
understand, and write code in several languages, including but not limited to JavaScript, PHP,
Java, and C#.
Web services have become more resilient and harder to exploit. In order to penetrate today’s
modern networks, a new approach is required to gain that initial critical foothold into a network.
Penetration testers must be fluent in the art of exploitation when using web based attacks. This
intensive hands-on course will take your skills beyond run-of-the-mill SQL injection and file
inclusion attacks and introduce you into a world of multi-step, non-trivial web attacks.
This web application security training will broaden your knowledge of web service architecture in
order to help you identify and exploit a variety of vulnerability classes that can be found on the
web today.
The AWAE course is made up of multiple parts. A brief overview of what you should now have
access to is below:

WEB-300 Copyright © 2022 Hide01.ir Free Learning. All rights reserved. 10

 Advanced Web Attacks and Exploitation

1.1.1.1.1

• The AWAE course materials

• Access to the AWAE VPN lab network
• Student forum credentials
• Live support
• OSWE exam attempt/s
AWAE course materials: comprised of various book modules and the accompanying course
videos. The information covered in both the book modules and videos overlaps, which allows you
to watch what is being presented in the videos in a quick and efficient manner, and then reference
the book modules to fill in the gaps at a later time.
In some modules, the book modules will go into more depth than the videos but the videos are
also able to convey some information better than text, so it is important that you pay
close attention to both. The book modules also contains exercises for each chapter, as well as
extra miles for those students who would like to go above and beyond what is required in order to
get the most out of the course.
Access to the AWAE VPN lab network: Once you have signed up for the course, you will be able to
download the VPN pack required to access the lab network via the course lab page in the Offsec
Training Library. This will enable you to access the AWAE VPN lab network, where you
will be spending a considerable amount of time. Lab time starts when your course begins, and is
in the form of continuous access.
If your lab time expires, or is about to expire, you can purchase a lab extension at any time. To
purchase additional lab time, use the “Extend” link available at top right corner of the
Offsec Training Library. If you purchase a lab extension while your lab access is still active,
you can continue to use the same VPN connectivity pack. If you purchase a lab extension
after your existing lab access has ended, you will need to download a new VPN connectivity pack
via the course lab page in the Offsec Training Library.
Students who have purchased a subscription will have access to the lab as long as the
subscription is active. Your subscription will be automatically renewed, unless cancelled via the
billing page.
The Offensive Security Student Forum:1 The student forum is only accessible to Offensive Security
students. Forum access is permanent and does not expire when your lab time ends. You may
even continue to interact with your peers long after having passed the OSWE exam.
By using the forum, you are able to freely communicate with your peers to ask questions, share
interesting resources, and offer tips and nudges as long as there are no spoilers (due to the fact
they may ruin the overall course experience for others). Please be very mindful when using the
forums, otherwise the content you post may be moderated. Once you have successfully passed
the OSWE exam, you will gain access to the sub-forum for certificate holders.
Live Support:2 The support system allows you to directly communicate with our student
administrators, who are members of the Offensive Security staff. Student administrators
will

1
(Offensive Security, 2021), https://forums.offensive-security.com/

WEB-300 Copyright © 2022 Hide01.ir Free Learning. All rights reserved. 11

 Advanced Web Attacks and Exploitation

primarily assist with technical issues; however, they may also clear up any doubts you may have
regarding the course material or the corresponding course exercises. Moreover, they may
occasionally provide with you a nudge or two if you happen to be truly stuck on a given exercise,
provided you have already given it your best try. The more detail you provide in terms of things
you have already tried and the outcome, the better.

1.1.2 OSWE Exam Attempt

Included with your initial purchase of the WEB-300 course is an attempt at the Offensive Security
Web Expert (OSWE) certification.
To book your OSWE exam, go to your exam scheduling calendar. The calendar can be located in
the OffSec Training Library under the course exam page. Here you will be able to see your exam
expiry date, as well as schedule the exam for your preferred date and time.
Keep in mind that you won’t be able to select a start time if the exam labs are full for that time
period so we encourage you to schedule your exam as soon as possible.
For additional information, please visit our support page.3

1.2 Our Approach

Students who have taken our introductory PWK course will find this course to be significantly
different. The AWAE labs are less diverse and contain a few test case scenarios that the course
focuses on. Moreover, a set of dedicated virtual machines hosting these scenarios will be
available to each AWAE student to experiment with the course material. In few occasions,
explanations are intentionally vague in order to challenge you and ensure the concept behind the
module is clear to you.
How you approach the AWAE course is up to you. Due to the uniqueness of each student, it is not
practical for us to tell you how you should approach it, but if you don’t have a preferred learning
style, we suggest you:
1. Read the emails that were sent to you as part of signup process
2. Start each module by reading the book module and getting a general familiarity with it
3. Once you have finished reading the book module, proceed by watching the accompanying
video for that module
4. Gain an understanding of what you are required to do and attempt to recreate the exercise in
the lab
5. Perform the Extra Mile exercises. These are not covered in the labs and are up to you to
complete on your own
6. Document your findings in your preferred documentation environment
You may opt to start with the course videos, and then review the information for that given book
module, or vice versa. As you go through the course material, you may need to re-watch or re-

2
(Offensive Security, 2021), https://help.offensive-security.com/
3
(Offensive Security, 2021), https://help.offensive-security.com/

WEB-300 Copyright © 2022 Hide01.ir Free Learning. All rights reserved. 12

 Advanced Web Attacks and Exploitation

read modules a number of times prior to fully understanding what is being taught. Remember, it
is a marathon, not a sprint, so take all the time you need.
As part of most course modules, there will be course exercises for you to complete. We
recommend that you fully complete them prior to moving on to the next module. These will test
your understanding of the material to ensure you are ready to move forward and will help you
preparing for the OSWE exam. The extra miles exercises are optional but we encourage students
to “play” with them especially if they have the intention of attempting the certification challenge.
The time it takes to complete these exercises depends on your background.
Note that IPs and certain code snippets shown in the book module and videos will not match your
environment. We strongly recommend you try to recreate all example scenarios from scratch,
rather than copying code from the book modules or videos. In all modules we will challenge you
to think in different ways, and rise to the challenges presented.
In addition to the course modules, the lab also contains three standalone lab machines running
custom web applications. These applications contain multiple vulnerabilities based on the
material covered in the course modules. You will need to apply the lessons learned in this course
to tackle these additional machines on your own.
A heavy focus of the course is on whitebox application security research, so that you can create
exploits for vulnerabilities in widely deployed appliances and technologies. Eventually, each
security professional develops his or her own methodology, usually based on specific technical
strengths. The methodologies suggested in this course are only suggestions. We encourage you
to develop your own methodology for approaching web application security testing as you
progress through the course.

1.3 Obtaining Support

AWAE is a self-paced online course. It allows you to go at your own desired speed, perform
additional research in areas you may be weak at, and so forth. Take advantage of this type of
setting to get the most out of the course–there is no greater feeling than figuring something out
on your own.
Prior to contacting us for support, we expect that you have not only gone over the course material
but also have taken it upon yourself to dig deeper into the subject area by performing additional
research. Our Help Centre may help answer some of your questions prior to contacting support
(the link is accessible without the VPN):
• https://help.offensive-security.com/
If your questions have not been covered there, we recommend that you check the student forum,
which also can be accessed outside of the internal VPN lab network. Ultimately, if you are unable
to obtain the assistance you need, you can get in touch with our student administrators by visiting
Live Support or sending an email to help@offensive-security.com.

WEB-300 Copyright © 2022 Hide01.ir Free Learning. All rights reserved. 13