A review of the OffSec Advanced Web Attacks and Exploitation (AWAE) course and OSWE certification, written by someone with a malware analysis background. Covers the course's white-box approach to web vulnerabilities, its difficulty relative to OSWA, and practical preparation tips including: building small web apps in PHP/Python/Java/C# to understand MVC patterns, writing exploit scripts from scratch, using PortSwigger Academy as a supplement, avoiding LLMs during practice to prepare for exam conditions, and organizing scripts with thorough documentation.
Table of contents
So why OSWE?Background going inThe “rest of the owl” problemOverall thoughtsGet Cyd Tseng’s stories in your inboxWeb Security Academy: Free Online Training from PortSwiggerProgramming with MoshGitHub - snoopysecurity/OSWE-Prep: Useful tips and resources for preparing for the AWAE exam.GitHub - rizemon/exploit-writing-for-oswe: Tips on how to write exploit scripts (faster!)GitHub - Xcatolin/OSWE-Prep: Resources and exploits made for OSWE preparation.GitHub - saunders-jake/oswe-resources: My resources for passing the OSWE exam.Labs, extra miles, and exam prepOverall tips and takeawaysSort: