From AWAE to OSWE: The Preperation Guide

oswe

As promised on Twitter this post will document my steps through the OSWE exam preperation.

Searching for available study material

After some google action i found some useful stuff

  • AWAE-PREP – GitHub Repo
    A lot of trainings, courses and other random stuff for the AWAE preperation.
  • OSWE – GitHub Repo
    Additionall sources about the vulnerabilites and exploits within the AWAE course material.
  • OSWE Preperation – YouTube Playlist
    I found a lot of interesting videos about Deserialization (important topic!), so i created a small playlist on my YouTube Channel.

Step 1: The Plan

I decided to follow the training order mentioned in AWAE-PREP because it seemed logical considering the AWAE course material.

Step 2: Start

Javascript

I started with the Javascript for Pentesters course on Pentester Academy. I learned some useful stuff to create even more customized XSS Payloads with fancy functions xD. Some examples are Multi-Level JSON/XML/HTML Parsing, CSRF Token Manipulation, Posting/ Fetching XMLhttpRequests or Stealing data from fields with autocomplete.

SQLi

I also ordered a awesome book about SQLi. So far i have only read 50 pages but i highly recommend this one! You will learn the very basics of most SQLi vectors and sharpen your skills for more sophisticated attacks! I will add more information when reading further 😉

Random Stuff

Loading…

This post will frequently be updated, so watch my Twitter Feed or visit this page again 😉
As always, every feedback is very welcome (please via Twitter)!