WEB-300: Advanced Web Attacks and Exploitation (OSWE)

The advanced web exploitation course that separates web security professionals from the rest. Course modules: • White-Box Penetration Testing Methodology — source code review workflow, threat modeling • Tools & Environment Setup — custom Kali configurations for code auditing • PHP Type Juggling — loose comparison exploitation, authentication bypass via type confusion • ATMAIL — chained vulnerability exploitation in real webmail software • DotNetNuke — remote code execution via deserialization in .NET CMS • ERPNext — business application attack surface, privilege escalation chains • MantisBT — SQL injection to RCE in bug-tracking software • Sanitization & Filter Bypass — regex weaknesses, encoding tricks, blacklist evasion • JavaScript & Node.js — prototype pollution, server-side template injection • Authentication Mechanisms — OAuth flaws, JWT manipulation, session fixation • Custom Exploit Development — adapting PoCs, building reliable exploits from scratch • Blind SQL Injection — time-based extraction, out-of-band techniques at advanced level • Two-Factor Authentication Bypass — TOTP weaknesses, backup code enumeration This course is built for experienced pentesters ready to move from black-box to white-box testing. Leads to the OSWE certification.