Welcome to OffSec WEB-100! We are excited to provide a personalized learning plan tailored to bolster your learning journey, ultimately enhancing your readiness for fulfilling your job role.
The Learning Plan consists of a week-by-week journey, which encompasses a structured study approach, approximate learning hours, emphasized course topics, exercises related to those topics, challenge tasks to accomplish, and additional resources (if needed) for strengthening your learning, should you opt to use them.
Our OffSec Mentors also play a valuable role in providing guidance and support to you by facilitating dedicated OffSec Discord channels. Through these channels, you will have the opportunity to collaborate with other learners, ask questions, and build relationships to gain a deeper understanding of our curated offensive material and methodology. We strongly encourage you to take advantage of this resource and actively engage with our Mentors throughout your learning journey. Click here to join the OffSec Discord server and find answers to more frequently asked questions (FAQs).
Should you encounter technical issues or have questions about VPN connections, lab access, navigating the OffSec Learning Platform, or any other related matters, our 24/7 OffSec Technical Service Team is available to assist you. Please click here to contact us.
Getting Ready
In order to maximize the benefits of this learning plan, we encourage you to consult the quick reference guide. This guide will aid you in initiating your journey with the OffSec Learning Platform (OLP) and enriching your overall learning experience.
Please see our Course Start Guide for further onboarding details.
OffSec WEB-100 Learning Plan - 24 Week
Jump to Week: 1, 2, 3, 4-5, 6-7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24
Week 1: Linux Basics I
Overview and Study Approach | This week will get you familiar with linux. |
Learning Module | Linux Basics I |
Learning Units | Linux Basics I: 1.1 - 1.8 |
Videos for Reinforcement | None |
Exercises | 1.1.3. Kali Linux 1.2.1. Command Line Interface (Shells) 1.2.3. Listing Files 1.2.4. Reading File Contents 1.3.1. Using man and -h 1.4.1. Linux FHS 1.5.1. Setting and Using Variables 1.5.2. System Information 1.6.1. Creating and Removing Files, Directories, and Symlinks 1.6.2. Linux File Management with Wildcards 1.6.3. Finding Files in Kali Linux 1.7.1. Redirecting Output 1.8.1. Using grep, sed, cut, and awk 1.8.2. Comparing Files 1.8.3. Editing Files from the Command Line |
Challenges | None |
Estimated Time (Hours) | 10 |
Supplemental Learning* | None |
Week 2: Linux Basics II
Overview and Study Approach | This week will get you familiar with linux. |
Learning Module | Linux Basics II |
Learning Units | Linux Basics II: 2.1 - 2.9 |
Videos for Reinforcement | None |
Exercises | 2.1.1. User Account Details 2.1.2. Changing User Context 2.2.1. Reading and Altering File Permissions 2.2.2. Setuid, setgid, and the Sticky Bit 2.3.2. Listing Running Processes 2.4.1. Using tail and watch for Monitoring 2.5.1. Managing applications with APT 2.6.1. Using Job Schedulers 2.7.1. Introduction to log files 2.8.1. Memory Space, Partitions, and External Drives |
Challenges | 2.9.1. Linux Practical Challenge |
Estimated Time (Hours) | 10 |
Supplemental Learning* | None |
Week 3: Networking Fundamentals
Overview and Study Approach | This week will focus on helping learners get a solid understanding of networking. |
Learning Module | Networking Fundamentals |
Learning Units | Networking Fundamentals: 3.1 - 3.7 |
Videos for Reinforcement | None |
Exercises | 3.1.1. OSI Model Details 3.2.1. TCP/IP Model Details 3.3.1. Link Layer: Ethernet 3.3.2. Internet Layer: Internet Protocol (IP) 3.3.3. Transport Layer: Transmission Control Protocol (TCP) and User Datagram Protocol (UDP) 3.3.4. Application Layer Protocols 3.4.1. Traffic, Packet Captures and Wireshark 3.4.2. Using Wireshark: Display Filters 3.4.3. Pcap files 3.4.4. Opening a .pcap File 3.5.1. Following TCP Streams and Exporting Objects in Wireshark 3.5.2. Tcpdump 3.5.3. Live Network Capture with Tcpdump 3.6.1. Address Resolution Protocol (ARP) 3.6.2. Internet Control Messaging Protocol (ICMP) 3.6.3. Dynamic Host Configuration Protocol (DHCP) 3.7.1. Routing Tables 3.7.2. Firewalls 3.7.4. Virtual Private Networks (VPNs) |
Challenges | None |
Estimated Time (Hours) | 10 |
Supplemental Learning* | None |
Week 4 - 5: Bash Scripting Basics
Overview and Study Approach | This week you will learn how to manage and interact with Bash scripting to streamline and automate many Linux tasks and procedures. |
Learning Module | Bash Scripting Basics |
Learning Units | Bash Scripting Basics : 4.1 - 4.8 |
Videos for Reinforcement | None |
Exercises | 4.1.2. Run our Bash Script 4.2.4. Numeric Variables 4.3.1. Arguments in a Bash Script 4.3.2. Special Bash Variables 4.4.3. Introduction to Managing Files 4.5.3. Elif Statement 4.6.2. The OR Boolean Operator 4.7.3. Write a Program to Loop Through Files 4.8.4. Variable Scope |
Challenges | None |
Estimated Time (Hours) | 15 |
Supplemental Learning* | None |
Week 6 -7: Python Scripting Basics
Overview and Study Approach | This week you will learn the basics of scripting using the Python language. |
Learning Module | Python Scripting Basics |
Learning Units | Python Scripting Basics : 5.1 - 5.7 |
Videos for Reinforcement | None |
Exercises | 5.1.1. Finding our Version of Python 5.1.2. Writing our First Python Script 5.1.3. Setting Variables 5.1.4. Data Types 5.1.5. Strings and Slicing 5.1.6. Integers 5.1.7. Floats 5.1.8. Booleans 5.1.9. Type Casting 5.2.1. Python Lists 5.2.2. Python Dictionaries 5.3.1. Loops 5.3.2. Conditional Statements 5.3.3. User Input 5.4.1. Working with Files 5.4.2. Python Functions 5.4.3. Combining File Operations in a Function 5.5.1. Importing a Module 5.5.2. Web Requests 5.6.1. Creating the Python Socket Client 5.7.1. Writing Programs in Pseudocode 5.7.3. Creating the Spider |
Challenges | None |
Estimated Time (Hours) | 20 |
Supplemental Learning* | None |
Week 8: Troubleshooting
Overview and Study Approach | This week you will learn how to fix and troubleshoot exploits. |
Learning Module | Troubleshooting |
Learning Units | Troubleshooting : 6.1 - 6.6 |
Videos for Reinforcement | None |
Exercises | 6.2.1. Practice with Misaligned Instructions 6.3.1. Practice Resolving Coding Errors 6.4.1. Practice Resolving Compilation Errors 6.5.1. Practice Troubleshooting Networks 6.6.1. Practice Recovering Deleted Files |
Challenges | None |
Estimated Time (Hours) | 6 |
Supplemental Learning* | None |
Week 9: Web Applications
Overview and Study Approach | This week will focus on helping learners understand: 1) the OWASP Top Ten 2) Understand why it is relevant to information security 3) Understand the basic workings of these common web attacks 4) Learn about HTTP Proxying and Burp Suite |
Learning Module | Web Applications |
Learning Units | Web Applications: 7.1 - 7.3 |
Videos for Reinforcement | None |
Exercises | 7.1.12. OWASP Exercises 7. 3. 1. Burp Suite 7. 3. 2. Proxying and Manipulating Data |
Challenges | None |
Estimated Time (Hours) | 4 |
Supplemental Learning* | None |
Week 10: JavaScript Basics
Overview and Study Approach | This week will focus on covering the basics of JavaScript programming. |
Learning Module | JavaScript Basics |
Learning Units | JavaScript Basics: 8.1 - 18.3 |
Videos for Reinforcement | None |
Exercises | 8.1.2. JavaScript Variables 8.1.4. Assignment and Arithmetic Operators 8.2.1. JavaScript Functions and Methods 8.2.3. JavaScript Loops 8.2.4. JavaScript APIs, Documentation, and "How to Research" |
Challenges | None |
Estimated Time (Hours) | 7 |
Supplemental Learning* | None |
Week 11: Introduction to Burp Suite
Overview and Study Approach | This week you will learn about Burp Suite, one of the most popular tools for penetration testing. |
Learning Module | Introduction to Burp Suite |
Learning Units | Introduction to Burp Suite: 9.1 - 9.4 |
Videos for Reinforcement | None |
Exercises | 9.1.3. Integrating Burp Suite with Other Browsers 9.2.2. Scope 9.3.1. Repeater 9.3.2. Comparer 9.3.4. Decoder |
Challenges | None |
Estimated Time (Hours) | 7 |
Supplemental Learning* | None |
Week 12: Cryptography
Overview and Study Approach | This week you will learn about data transformation mechanisms such as encoding and hashing. Then, you will learn about symmetric and asymmetric encryption. |
Learning Module | Cryptography |
Learning Units | Cryptography : 10.1 - 10.8 |
Videos for Reinforcement | None |
Exercises | 10.2.1. Binary Encoding 10.2.2. Hexadecimal Encoding 10.3.1. Unicode and UTF 10.3.2. Base64 Encoding 10.3.3. Encoding - Putting it all Together 10.4.1. Basic Hashing 10.4.3. Verifying Checksums 10.5.1. Password Hashing Algorithms 10.5.2. Salting 10.5.3. Password Cracking 10.6.3. XOR Cipher 10.6.5. Advanced Encryption Standard (AES) 10.7.2. Asymmetric Encryption Practical 10.7.3. Asymmetric Encryption Math 10.7.4. Asymmetric Authentication with SSH 10.7.5. Asymmetric Encrypted Bind Shells 10.7.6. SSL and HTTPS 10.8.1. Cryptography Practical Challenge |
Challenges | None |
Estimated Time (Hours) | 10 |
Supplemental Learning* | None |
Week 13: Web Attacker Methodology
Overview and Study Approach | This week will focus on introducing the phases of web application assessments and cover the commonly used methodology for each phase. |
Learning Module | Web Attacker Methodology |
Learning Units | Web Attacker Methodology : 11.1 - 11.6 |
Videos for Reinforcement | None |
Exercises | 11.2.1. Web Stacks and Technologies 11.2.2. User Enumeration 11.4.1. Authentication Bypass 11.4.2. Session Hijacking 11.4.3. Business Logic Flaws 11.6.2. Classifying Vulnerabilities 11.6.3. Assessing Impact and Severity |
Challenges | None |
Estimated Time (Hours) | 8 |
Supplemental Learning* | None |
Week 14: Introduction to Web Secure Coding
Overview and Study Approach | This week we will focus on trust boundaries and how they factor into application security. Then, we'll focus on input validation and output encoding. Finally, we will discuss parameterized queries. |
Learning Module | Introduction to Web Secure Coding |
Learning Units | Introduction to Web Secure Coding : 12.1 - 12.5 |
Videos for Reinforcement | None |
Exercises | 12.1.1. Intro to Trust Boundaries 12.1.2. Subresource Integrity 12.2.2. Enforcing Data Types 12.2.3. Dangerous Characters 12.2.4. Blocklists and Allowlists 12.2.5. Pattern Validation 12.3.1. Intro to Output Encoding 12.4.1. Validate File Format and Extensions 12.4.2. Path Normalization 12.5.1. Intro to SQL Injection 12.5.3. Parameterized Query Syntax |
Challenges | None |
Estimated Time (Hours) | 10 |
Supplemental Learning* | None |
Week 15: Web Session Management
Overview and Study Approach | This week will focus on analyzing what HTTP browser session tracking means from a technical perspective. And will also point out security concerns and ways to address them. |
Learning Module | Web Session Management |
Learning Units | Web Session Management: 13.1 - 13.5 |
Videos for Reinforcement | None |
Exercises | 13.1.1. Authentication vs Authorization 13.1.2. Session Management 13.2.1. Web Application Credential Storage 13.2.2. Authentication Process Introduction 13.3.2. Session Expiration 13.4.2. HTTP Cookies - Attributes 13.5.1. Single Sign-On Process 13.5.2. Single Sign-On Protocols |
Challenges | None |
Estimated Time (Hours) | 8 |
Supplemental Learning* | None |
Week 16: Input Validation Fundamentals
Overview and Study Approach | This week will explore the different ways we can receive user input and analyze the ways different programming languages approach variable typing. |
Learning Module | Input Validation Fundamentals |
Learning Units | Input Validation Fundamentals : 14.1 - 14.3 |
Videos for Reinforcement | None |
Exercises | 14.1.1. Receiving Input from Users 14.1.2. Static vs Dynamic Typing and Type Coercion 14.2.1. Blocklists and Allowlists 14.2.2. Crafting Regular Expressions 14.2.3. File Uploads |
Challenges | None |
Estimated Time (Hours) | 6 |
Supplemental Learning* | None |
Week 17: Introduction to Encoding, Serialization, XML, JSON, and YAML
Overview and Study Approach | This week will explore serialization and apply it to data serialization languages. |
Learning Module | Introduction to Encoding, Serialization, XML, JSON, and YAML |
Learning Units | Introduction to Encoding, Serialization, XML, JSON, and YAML: 15.1 - 15.4 |
Videos for Reinforcement | None |
Exercises | 15.1.2. XML, JSON, and YAML 15.2.2. XML Syntax 15.3.2. JSON Syntax 15.4.2. YAML Syntax 15.4.3. YAML Files |
Challenges | None |
Estimated Time (Hours) | 6 |
Supplemental Learning* | None |
Week 18: Introduction to Templating Engines
Overview and Study Approach | This week you will examine the functionality that templating engines provide, and how this can fall outside the desired scope of the presentation layer. |
Learning Module | Introduction to Templating Engines |
Learning Units | Introduction to Templating Engines: 16.1 - 16.3 |
Videos for Reinforcement | None |
Exercises | 16.1.1. Model View Controller Architecture 16.1.2. Comparing a Single-tier Application with one that Follows MVC 16.1.3. Introducing Templating Engines 16.2.3. Filters |
Challenges | None |
Estimated Time (Hours) | 6 |
Supplemental Learning* | None |
Week 19: Introduction to Web Services
Overview and Study Approach | This week you will explore ways to interact with interfaces that provide standardized communications between systems, as well as analyze methodologies to secure these communications. |
Learning Module | Introduction to Web Services |
Learning Units | Introduction to Web Services: 17.1 - 17.2 |
Videos for Reinforcement | None |
Exercises | 17.1.2. SOAP 17.1.3. RESTful 17.1.4. GraphQL 17.2.2. Basic Authentication in HTTP 17.2.6. OAuth 2.0 in Action |
Challenges | None |
Estimated Time (Hours) | 6 |
Supplemental Learning* | None |
Week 20: Same-Origin Policy and CORS
Overview and Study Approach | This week will focus on SOP and CORS and their security implications. Will also cover how to send cross-origin requests in JavaScript. |
Learning Module | Same-Origin Policy and CORS |
Learning Units | Same-Origin Policy and CORS: 18.1 - 18.3 |
Videos for Reinforcement | None |
Exercises | 18.1.1. Same-Origin Policy (SOP) 18.2.1. Exploring CORS 18.2.2. OPTIONS and Preflight Requests 18.2.3. CORS Request Headers 18.2.4. CORS Server Headers 18.2.5. Exploring CORS Revisited |
Challenges | None |
Estimated Time (Hours) | 6 |
Supplemental Learning* | None |
Week 21: Getting Started with Git
Overview and Study Approach | This week will focus on Git's background and its impact on the computing world. |
Learning Module | Getting Started with Git |
Learning Units | Getting Started with Git: 19.1 - 19.2 |
Videos for Reinforcement | None |
Exercises | 19.1.2. Git Features 19.1.3. Version Control 19.1.4. Technical Characteristics 19.2.2. Getting Started 19.2.3. Git Objects 19.2.4. Pushing and Pulling |
Challenges | None |
Estimated Time (Hours) | 7 |
Supplemental Learning* | None |
Week 22: Git Branching and Merging
Overview and Study Approach | This week will focus on slightly more advanced Git commands and features, like branching, stashing, rebasing, and forking. |
Learning Module | Git Branching and Merging |
Learning Units | Git Branching and Merging: 20.1 |
Videos for Reinforcement | None |
Exercises | 20.1.2. Branching and Stashing 20.1.3. Merging 20.1.4. Rebasing and Squashing 20.1.5. Forking |
Challenges | None |
Estimated Time (Hours) | 10 |
Supplemental Learning* | None |
Week 23: Introduction to Git Security
Overview and Study Approach | This week you will examine Git from a security perspective. |
Learning Module | Introduction to Git Security |
Learning Units | Introduction to Git Security: 21.1 |
Videos for Reinforcement | None |
Exercises | 21.1.2. Reviewing and Undoing |
Challenges | 21.1.9. Challenge |
Estimated Time (Hours) | 10 |
Supplemental Learning* | None |
Week 24: Web Application Assessment Essentials Assessment
Overview and Study Approach | There are two goals for this assessment: - To test for the student's ability to take Penetration Testing with Kali Linux (WEB-200) - To validate that a student has successfully completed WEB-100 with an OffSec Digital Badge. |
Learning Module | Web Application Assessment Essentials Assessment |
Learning Units | Web Application Assessment Essentials Assessment |
Videos for Reinforcement | None |
Exercises | None |
Challenges | Web Application Assessment Essentials Assessment |
Estimated Time (Hours) | 6 |
Supplemental Learning* | None |