OSWA
OffSec

Offensive Security Web Assessor

Intermediate 48hr practical + report Pass: 100+ points $1,499

Web application penetration testing — SQL injection, XSS, SSRF, deserialization.

Official Page
IssuerOffSec
Format48hr practical + report
Duration72 hours total
Pass Score100+ points
Valid For3y
Overview Syllabus (7) Tools (7) Cheat Sheets (1) Labs (1)
Syllabus Overview

7 exam domains — click "Syllabus" tab for full breakdown

Web Application Reconnaissance 15%
Cross-Site Scripting (XSS) 15%
SQL Injection 20%
Authentication & Session Attacks 15%
File Inclusion & Path Traversal 10%
File Upload Vulnerabilities 10%
XXE & SSRF 15%
More from OffSec
OSCP
Offensive Security Certified Professional
Advanced
 OSEP
Offensive Security Experienced Pentester
Expert
 OSED
Offensive Security Exploit Developer
Expert
 OSWE
Offensive Security Web Expert
Expert
 OSMR
Offensive Security macOS Researcher
Expert