Advanced Web Attacks and Exploitation (AWAE) is a security course from Offensive-Security that focused on advanced web application security. The course content focus more on the WhiteBox approach of web application penetration testing and a bit of BlackBox approach. The student will spend most of time understanding the underlying source code and debugging the web application in order to find any vulnerabilities or broken logic flaw. The Offensive Security Web Expert (OSWE) certification will be granted upon the completion of 48-hour certification exam. The course syllabus can be found here.


This is a tricky questions. Personally I think its for everyone who want to step up and learn more on web application penetration testing, regardless whether they have any developer or programming background. If you have the developer background, yes it will help you to pick up faster, however I have seen a lot of people without developer background obtained the OSWE certification, even some pass it within the first attempt. So I think in the end, it come back to what you want, not what you have.


This is simple, in my opinion, Offensive-Security is simply the best information security training provider right now in term of offensive security (Change my mind, fanboys alert). Furthermore, I think there’s not many source code review/WhiteBox penetration test course out there. The one I think on par is the course provided by mr_me on Its actually make sense considering mr_me is the original creator of the AWAE content (CMIIW). Unfortunately, the course only available as live training course. 


There’s no better time than now, just do it! Personally, I always think restraining yourself to something like “I have to be proficient on five programming languages, I need to be proficient on scripting, I need to know the complex web application architectures, etc.” before taking the course is limiting too much of yourself. In the end, it will become procrastinating, you will get old and never start. Read the syllabus and if it incite the flame inside you, hit the register link and prepare to empty your pocket.


Its an online course and you can find the course details on the following link:


The course started as the live training course that only available at BlackHat. On 2019, Offensive-Security released the training online to keep up with the high demands from the security professionals. Its a very good move since not everyone has the privileges to come to BlackHat event.

Leave a Reply

Your email address will not be published. Required fields are marked *