Offensive Security Web Assessor

Intermediate Practical web assessment exam + report Pass: Objective/report-based; exact threshold may vary … $1,499

OSWA is a practical web-assessment certification focused on finding and exploiting web vulnerabilities in realistic environments. For 2026 readiness, focus on API-first testing, auth logic flaws, and report clarity.

Official Page

IssuerOffSec

FormatPractical web assessment exam + report

Duration48h exam window + report window (indicative)

Pass ScoreObjective/report-based; exact threshold may vary …

Valid For3y

Overview Syllabus (5) Tools (7) Cheat Sheets (2) Labs (3)

Recommended Tools

Burp Suite Essential

Proxy

Intercept, modify, and automate web testing workflows.

usageburpsuite

ffuf Essential

Web Fuzzing

Directory, parameter and virtual host fuzzing.

installsudo apt install -y ffuf

usageffuf -u https://target/FUZZ -w wordlist.txt

SecLists Essential

Wordlists

Payloads/wordlists for discovery and exploitation.

installsudo apt install -y seclists

usagels /usr/share/seclists

CherryTree/Obsidian Essential

Workflow

Structured notes for report-grade evidence capture.

usageUse for methodology + proof tracking

Nuclei

Automation

Template-based vulnerability checks for breadth.

installgo install -v github.com/projectdiscovery/nuclei/v3/cmd/nuclei@latest

usagenuclei -u https://target

feroxbuster

Content Discovery

Recursive web content discovery.

installcargo install feroxbuster

usageferoxbuster -u https://target

sqlmap

Injection Testing

Automated SQL injection testing and validation.

installsudo apt install -y sqlmap

usagesqlmap -u "https://target/item?id=1" --batch