: Hands-on training for exploiting Cross-Site Request Forgery (CSRF), Cross-Origin Resource Sharing (CORS), and Template Engine Exploitation. Study Resources
OffSec provides several official materials to guide students through the curriculum: Learning Plans : Structured web-200 offensive security pdf %28%28NEW%29%29
One of the most critical sections of the course covers cross-site scripting (XSS) and SQL injection. While these are "classic" vulnerabilities, the WEB-200 approaches them through the lens of modern filter evasion and context-aware exploitation. Students are taught not just how to find a pop-up alert box, but how to leverage these flaws to exfiltrate sensitive data or hijack user sessions. The move toward more interactive, JavaScript-heavy applications in the industry is reflected in the updated labs, which require a more nuanced understanding of the Document Object Model (DOM). Students are taught not just how to find
The curriculum is designed to tackle the most pervasive threats identified by security frameworks like the OWASP Top 10. Key areas of focus include: SQL Injection (SQLi): Key areas of focus include: SQL Injection (SQLi):