90% off

Weekly

$12.99/wk

Monthly

$19.99/mo

Save 80%

Yearly

$199.99/yr

Lifetime

$199.99

This course only · lifetime access

Buy lifetime access → Add to cart

Earn a Certificate of CompletionShareable on LinkedIn & resumes.

30-day money-back guarantee

For organizations

Upskill your entire team.

Get AI-certified with Mammoth Club. Volume pricing, SSO, and admin tools included.

For teams of 5 or more users
Access to all 3,000+ Mammoth Club courses
Learning engagement tools
Team progress tracking & analytics
SSO and LMS integration

Get started with Teams →

Talk to us about volume pricing

Catalog / All levels / OffSec Web Assessor (OSWA) Certification with 10 Practice Exams

Mammoth Club All levels 49 sections 235 lectures

OffSec Web Assessor (OSWA) Certification with 10 Practice Exams

Web Attacks with Kali Linux: Web applications are often the most exposed entry point in an organization’s infrastructure. Any user with a browser and internet access can potentially engage with a public-facing app, making them a prime target for attacks. This course equips you with the hands-on skills and tools needed to uncover and exploit vulnerabilities in modern web environments.

Created by Team Mammoth

Skill level

All levels

Sections

Lectures

235

Instructor

Team Mammoth

What's inside

This course includes.

✓

Sections

✓

235

Lectures

✓

390

Resources

✓

Quizzes

✓

Certificate of completion

Included

✓

Mobile and desktop access

Included

✓

AI learning assistance

Included

Unlock all courses with our Subscription Bundle! Get unlimited access to entire course library, books and assets. Learn more and subscribe today!

Course content

Curriculum & lectures.

19 sections · 62 lectures

+ Welcome 1 lecture

What is the OffSec Web Assessor (OSWA) Exam? Locked

+ Cybersecurity Fundamentals for the Web 3 lectures

Cybersecurity Fundamentals for the Web Locked

CIA Triad Locked

Connecting and Disconnecting a VPN Locked

+ Use Web Attack Tools 4 lectures

How to Use Web Attack Tools Locked

How to Use Burpsuite Locked

Execute Nmap Scripts and Scan Ports Locked

Discover Endpoints and Bust Subdomains with Gobuster Locked

+ Build Wordlists 2 lectures

Select and Build Wordlists Locked

Use SecLists Collection of Wordlists Locked

+ Fuzz and Crawl 2 lectures

Discover and Fuzz Data with Wfuzz Locked

Crawl with Hakrawler Locked

+ Reverse and Web Shells 2 lectures

What is a reverse shell or web shell? Locked

Choose a Shell to Match a Web App’s Technology Locked

+ Cross-Site Scripting 5 lectures

What is Cross-Site Scripting and Sandbox? Locked

Exfiltrate Data with JavaScript APIs Locked

Exploit Various Types of XSS Locked

How to Exploit Various Data Locked

Case Study - Cross-Site Scripting Exploitation Locked

+ Cross-Origin Attacks 4 lectures

Same-Origin Policy Locked

Cross-Origin Requests and SameSite Cookies Locked

Exploit Cross-Site Request Forgery Vulnerabilities Locked

Case Study - Exploit CSRF Vulnerability Locked

+ Cross-Origin Resource Sharing (CORS) 2 lectures

Understand Cross-Origin Resource Sharing (CORS) Locked

Exploit Weak CORS Policies Locked

+ Enumerate Databases 5 lectures

Retrieve Data with SQL Locked

Enumerate MySQL Databases Locked

Enumerate Microsoft SQL Server Databases Locked

Enumerate PostgreSQL Databases Locked

Enumerate Oracle Databases Locked

+ Exploit SQL Injection 5 lectures

SQL Injection Fundamentals Locked

Test Apps to Identify SQL Injection Vulnerabilities Locked

Exploit SQL Injection Locked

Database Dumping with SQLMap Automation Locked

Case Study - SQL Injection Exploitation Locked

+ Directory Traversal Attacks 5 lectures

Directory Traversal Fundamentals Locked

Suggestive Parameters with Nmap Scripting Engine (NSE) Locked

Relative and Absolute Pathing Locked

Exploit Directory Listings Locked

Exploit Directory Traversal Locked

+ Exploit XML External Entities (XXE) Vulnerabilities 4 lectures

XML Fundamentals Locked

XXE Injection Locked

Test for XXE Injection Vulnerabilities to Exfiltrate Data Locked

Case Study - Exploit XXE Vulnerability Locked

+ Discover and Exploit Server-Side Template Injection 6 lectures

Understand Templating Engines Locked

Discover and Exploit Twig Templates Locked

Discover and Exploit Apache Freemarker Templates Locked

Discover and Exploit Pug Templates Locked

Discover and Exploit Jinja Templates Locked

Discover and Exploit Mustache and Handlebars Templates Locked

+ Command Injection 3 lectures

Command Injection Fundamentals Locked

Understand Common Protections Locked

Enumerate and Exploit with Common Techniques Locked

+ Exploit Server-Side Request Forgery 3 lectures

Server-Side Request Forgery (SSRF) Fundamentals Locked

Test for SSRF Vulnerabilities Locked

Exploit SSRF to Retrieve Data Locked

+ Exploit Insecure Direct Object Referencing (IDOR) 2 lectures

Insecure Direct Object Referencing (IDOR) Fundamentals Locked

Exploit IDOR Locked

+ App Exploitation Workflow: From Enumeration to Shell Access 3 lectures

Enumerate a Web App Locked

Bypass Authentication to Access Admin Locked

Exploit SQL Injection Vulnerability to Gain Shell Access Locked

+ Challenge Your 10 FREE Practice Exams 1 lecture

Where to Find Your Exams Locked

Description

About this course.

This program teaches you the manual, methodical process of assessing modern web applications to uncover the critical vulnerabilities that put businesses at risk.

Master the end-to-end workflow of a web application penetration tester, from reconnaissance and mapping to identifying, exploiting, and reporting on a wide range of common vulnerabilities.

✅ Learn to perform thorough reconnaissance and application mapping to understand the target's attack surface and technology stack.

✅ Master techniques to identify and exploit various injection vulnerabilities, including SQL Injection, NoSQL Injection, and Command Injection.

✅ Explore common client-side vulnerabilities like Cross-Site Scripting (XSS), Cross-Site Request Forgery (CSRF), and insecure session management.

✅ Learn to uncover and exploit broken access control mechanisms, business logic flaws, and insecure direct object references (IDORs).

Whether you're an OSCP holder wanting to specialize in web attacks or a developer looking to understand the offensive mindset, this course provides the definitive, hands-on training for web pentesting.

🎁 Includes 10 Practice Exam. Map the app. Find the flaw. Demonstrate the impact.

If you're ready to move beyond automated scans and become the human expert who can systematically break down a web application's defenses, this is your assessment plan.