OSWA — Foundational Web Application Assessments (WEB-200)

Section 01

01. At a Glance

About the course

OSWA bridges the gap between CEH-level web knowledge and the elite OSWE. Black-box testing of realistic web apps with all major attack classes plus modern web vulnerabilities.

Section 02

02. Who Is This Course For

• Web pentesters
• Application security engineers
• Bug bounty beginners

Prerequisites

• Basic web app fundamentals
• OWASP Top 10 conceptual familiarity

Section 03

03. What You Will Be Able To Do

• Conduct end-to-end web application assessments
• Exploit OWASP Top 10 plus SSRF, IDOR, JWT issues
• Pass the 24-hour OSWA exam

Section 04

04. Curriculum — 14 Modules

Module structure and topic coverage authored by Macksofy Technologies based on the publicly-published vendor syllabus, current as of the issue date of this brochure. Vendor reserves the right to revise content; Macksofy keeps cohort material aligned to the latest release.

1. Module 01

   Module 01 · Tools for the Web Assessor

   3 topics
   • Burp Suite Pro proxy & repeater
   • ffuf, gobuster, sqlmap basics
   • Browser DevTools workflows
2. Module 02

   Module 02 · Cross-Site Scripting — Introduction & Discovery

   3 topics
   • Reflected, stored, DOM-based XSS
   • Sources & sinks
   • Auto-discovery techniques
3. Module 03

   Module 03 · Cross-Site Scripting — Exploitation & Case Study

   3 topics
   • Cookie theft & session hijacking
   • Bypassing Content Security Policy
   • Real-world case study
4. Module 04

   Module 04 · Cross-Origin Attacks

   4 topics
   • CORS misconfiguration exploitation
   • CSRF (Cross-Site Request Forgery)
   • SameSite cookie nuances
   • Postmessage abuse
5. Module 05

   Module 05 · Introduction to SQL

   3 topics
   • Database fundamentals
   • Common SQL syntax across MySQL / MSSQL / Postgres
   • Reading database schema
6. Module 06

   Module 06 · SQL Injection

   4 topics
   • In-band, blind, time-based SQLi
   • Second-order SQLi
   • sqlmap automation
   • WAF bypass patterns
7. Module 07

   Module 07 · Directory Traversal Attacks

   3 topics
   • Linux & Windows path traversal
   • URL encoding bypass
   • Sensitive-file enumeration
8. Module 08

   Module 08 · XML External Entities (XXE)

   3 topics
   • In-band & out-of-band XXE
   • Blind XXE
   • SSRF via XXE
9. Module 09

   Module 09 · Server-Side Template Injection (SSTI)

   3 topics
   • Discovery techniques
   • Jinja2, Twig, FreeMarker exploitation
   • Sandboxing escapes
10. Module 10

    Module 10 · Command Injection

    3 topics
    • OS command injection vectors
    • Argument injection
    • Time-based blind detection
11. Module 11

    Module 11 · Server-Side Request Forgery (SSRF)

    3 topics
    • Internal-port discovery
    • Cloud-metadata service abuse
    • Filter bypass techniques
12. Module 12

    Module 12 · Insecure Direct Object Reference (IDOR / BOLA)

    3 topics
    • IDOR discovery
    • Mass-assignment patterns
    • Authorization-logic flaws
13. Module 13

    Module 13 · Assembling the Pieces (capstone)

    3 topics
    • End-to-end web assessment
    • Reporting per OffSec standards
    • 24-hour exam preparation
14. Module 14

    Macksofy bootcamp · Modern API testing

    3 topics
    • REST + GraphQL + gRPC fuzzing
    • JWT alg-confusion attacks
    • OAuth 2.0 / OIDC flow attacks

Section 05

05. Tools You Will Operate

Section 06

06. Career Outcomes

Section 07

07. Placement Support

Macksofy's placement desk works directly with 80+ hiring partners across India and the UAE. Resume coaching, mock interviews and direct intros included.

• 1:1 resume + LinkedIn rewrite with our hiring desk
• Mock interviews with active practitioners
• Direct intros to BFSI, fintech and Big-4 partners
• UAE placement support (Dubai, Abu Dhabi)

Section 08

08. Why Macksofy

• Vendor-true delivery — Macksofy is a hands-on cybersecurity training provider delivering practitioner-led bootcamps with exam-prep support.
• Practitioner-led delivery — every Macksofy instructor is a working OSCP / OSWE / OSEP / CISA-certified consultant on real client engagements during the week.
• Mentor support until you pass — extended access to mentor office hours and exam-day prep at no additional cost.
• Placement desk — Macksofy works with 80+ hiring partners across India and the UAE; your post-course resume, portfolio review and mock interviews are included.
• Indian classroom + online cohorts — onsite delivery in Mumbai BKC and Hyderabad HITEC City; live virtual cohorts pan-India with recordings.

Section 09

09. How to Enrol

1. Submit the enquiry form at macksofy.com/contact or call +91 99308 24239.
2. A Macksofy advisor will respond within 4 business hours with the next batch dates, payment terms and invoice.
3. Confirm enrolment via NEFT / RTGS / corporate card. EMI options available for select courses.
4. Receive welcome kit, lab credentials and the cohort calendar within 24 hours of confirmation.