Prior OSWE Course

This page will include all the useful pre-requisites I have been doing in preparation for the exam ofcourse.

Just Read Every Single URL from these:

These URLs I'll mention below might be overwhelming to you as they are crammed up into a very tight single pages. I really wished I had an easier path for you to follow, but every single thing from these URLs allowed me to learn something new. I'll try to list the important subjects for you first:

  • Cross-Site-Scripting : Reflected/Persistent/DOM-based ( DOM based is overrated)

  • Session Hijacking : Basically stealing victim's cookie to reuse it and authenticate as the victim

  • Session Riding : A fancier name for Cross Site Request Forgery (CSRF)

  • Bypassing File Upload Restrictions : Client Side, Content-Type/Length, and File-Name Filters etc.

Okay I wont judge you if these following list take you more than a few weeks:

  • PHP Type Juggling : In PHP language ( 0 == "password" ) due to type juggling.

  • PHP Magic Hashes:

    • A thing due to magic hashes, if (0e) is followed by integers, such as "0e51217526859264863", PHP will see this as 0. This can arise in vulnerabilities when using it together with sessions, cookies etc.

  • Deserialization : Python, PHP, Java, Node.js, Each one of them are different in terms of exploiting.

  • JavaScript Server Side Injection : eval() ,setTimeout(), setInterval(),Function()

  • SQL Injections: Blind-Injection-> Time-Based, Boolean-Based, In-Band injection

Links to read up on the vulnerabilities I talked about above:

GitHub Blog: Z-r0crypt [ OSWE/AWAE Preparation ]

GitHub Link: wetw0rk [ AWAE-PREP ]

GitHub Link: M507 [ AWAE-Preparation ]

GitHub Link on AWAE Syllabus: deletehead [ awae_oswe_prep ]

Dangerous Functions: rinku191 [ OSWE-preparation ]

PreviousApplicationcontext.xmlNextDeserializations

Last updated