Rayhan0x01's Blog

CyberSecurity Enthusiast | Hackish Programmer | Penetration Tester

12 April 2021

Just another AWAE / WEB-300 / OSWE guide in 2021

A few days ago I earned my OSWE certification and naturally, this calls for a write-up that many asked me to do! Without reiterating the same things and suggestions written better in some of the guides I read before my exam, I will link those in this post and only add some pointers that I think will be helpful. It never hurts with one extra write-up as you get another angle on the same thing and you may resonate better with the person’s thinking!

Before diving into my guide for this course, here are a few lines about my experience and the journey. Feel free to skip this paragraph if you are only interested in the guide! After I got done with my OSCP journey, I found myself creating web-based CTF challenges for various community CTF events. To write custom web challenges, I had to read vulnerable codes to understand why certain vulnerabilities occur to implement them on my challenges. I think this in particular helped me prepare for the OSWE course without even knowing! Fast forward a few months, I saw the $999 deal for 30 days lab of OSWE course. I was very fast-paced with my OSCP course and barely took everything the course had to offer in 30 days, I wanted to do the same again for OSWE so I jumped the wagon and got myself enrolled! My lab time started on 28th February and lasted till 30th March. Now You cannot purchase 30 days offer anymore, the minimum is 60 days and I think that’s plenty of time. I was able to sift through my course content in just under 16 days all thanks to my previous experience working with OWASP top 10 vulnerabilities, automation, and scripting with Python. I have been informally coding in Python, PHP, JavaScript, and many other languages since I was 15 (now 20!) that has surely given me the edge to be able to quickly adapt to white box web application assessment methodology. Still, my weakest section on the course has to be not much exposure to MVC (model-view-controller) applications. But with little practice and patients, I was able to overcome the difficulties! Took my exam 5 days after the lab ending period, finished the exam in 47 hours, got my result in 24 hours that I passed. Also, it brings me great joy to share that I may very well be the first person or at least one of the few to earn OSWE in my country as I have not found anyone else who achieved this certification from my country.


Now coming to the main part of this post, I’ll try keeping it as simple as possible with different sections below.

# What is this course and what skills will I gain from this course?

I feel like Offensive security answered it best on their online badge issued in acclaim/credly. Find more about the course here



# What should I need to know as pre-preparation before the course?

These should be enough as pre-preparations for the course. The course materials are enough to pass the OSWE exam. This has been asked so many times so I wanted to make it clear that yes it’s enough.


# What should I do during my lab time?


# What should I do during my exam?


I tried giving some useful pointers for the overall course and avoided referencing specific resources to practice as there have been many good write-ups on those. Here are two additional write-ups that will contain real world applications that you may practice or look at if needed:

So that was it for this one! If you have questions for me, feel free to reach out via Twitter or LinkedIn.

tags: web-300,oswe-2021,awae