Please read this entire document carefully before beginning your exam!
In this article, you will find relevant information on:
- Introduction
- Section 1: Exam Requirements
- Section 2: Exam Information
- Section 3: Submission and Results
INTRODUCTION
This guide explains the objectives of the OffSec CyberCore - Secure Java Development Essentials (OSCC-SJD) exam certification. Section 1 describes the requirements for the exam, Section 2 provides important information and suggestions, and Section 3 specifies instructions for after the exam is complete.
The exam features a vulnerable Java web application. You will have six (6) hours to complete the proctored exam. Once your exam has started, you will see a timer at the bottom of your screen. Upon submission of the exam, your results will be immediately displayed.
All OSCC-SJD exams are proctored.
Please make sure to read the proctoring tool learner manual and the proctoring FAQ at the following URL: https://help.offsec.com/hc/en-us/sections/360008126631-Proctored-Exams
SECTION 1: EXAM REQUIREMENTS
Objectives
The exam is a lab machine with five vulnerabilities with high-level descriptions of each. Through the exam, you must identify and remediate these vulnerabilities while maintaining the core application functionality. We have designed each scenario to take approximately 1 hour each, but you are welcome to work on each scenario as you see fit.
Documentation Requirements
You do not need to write or submit a professional report.
Exam Restrictions
AI chatbots such as ChatGPT, YouChat, and similar are not allowed.
NOTE: While you may use Discord as a resource for searching for information during the exam, under no circumstances are you permitted to seek or receive assistance from others on the platform.
Downloading any applications, files, or source code from the exam environment to your local machine is strictly forbidden. For more information, please refer to the https://www.offsec.com/legal-docs/
SECTION 2: EXAM INFORMATION
Exam Connection
Your connection to the exam is to be done primarily via the OffSec Portal. Target machines can be accessed via a local Kali machine and VPN pack, or via the OffSec Portal by using Kali in-browser (KiB).
Passing
The exam consists of five vulnerabilities that need to be solved in order to receive points.
Points are awarded as follows:
Total Points | Points Breakdown |
25 points | Two vulnerabilities |
20 points | One vulnerability |
15 points | Two vulnerabilities |
The exam has a combined total of 100 points. You must achieve a minimum score of 75 points to pass the exam and receive the OffSec CyberCore - Secure Java Development Essentials (OSCC-SJD) certification.
The maximum achievable score is 100. No additional/bonus points are applicable for this course.
Guidelines for Handling Unforeseen Factors During the Exam
This subsection of the exam guide documents what you should do in case you are unable to complete your exam due to severe external factors. Please make sure to read and understand it carefully.
The exam lab is a dedicated environment with no learners connected other than yourself. The total allotted time of 6 hours does take life and its situations into consideration:
- You are welcome to take rest breaks, eat and drink
- You are also expected to have a contingency plan in the event that there is an issue outside your control. (e.g. ensure you have access to a backup Internet connection, power etc.)
If you have a legitimate issue, please send an email with your OSID to "challenges AT offsec DOT com" immediately. Make sure to include all of the necessary details and supporting information - such as a letter from your power company, ISP, or any other relevant documentation.
Please note that we are only able to extend the exam time if the issues you experience are present on our side and only when the exam subnet is not immediately in use by another learner following your exam. In the event of an issue on our side and the exam subnet is scheduled immediately following your exam we will provide a free exam retake attempt. We work diligently to ensure that our environments are highly available and issues are very rare.
Contact Protocol
If you encounter any connectivity problems with Kali in-browser, the VPN or target machines, inform us immediately, directly in the proctoring chat. Should you not be able to access the proctoring tool, please contact us via the live chat available at https://chat.offsec.com/ or via email to "help AT offsec DOT com".
Please note that we will not be able to assist with, or give hints on, any exam objectives and will only be available for technical problems during the exam.
SECTION 3: SUBMISSION AND RESULTS
Submission and Results
Once you have completed the exam and are ready to submit, click the 'Submit exam' button located at the bottom right of the 'Next Steps' section. Please be aware that after submitting, you will not be able to edit your answers. This step is crucial as it finalizes your exam, so ensure all answers are reviewed and complete before clicking the button. Once submitted, the system processes your exam immediately, and no further changes can be made.
Results
Upon submission, your results will be displayed immediately and will be final. If you pass the exam, you will receive an email with instructions on how to access and view your badge in Accredible. Additionally, you can view or access your digital credentials via the OSCC-SJD tile from your Achievements Page.
In the event of a failing result, you can schedule another attempt if you still have a valid OSCC-SJD exam attempt on your account. This can be done through the Exam tab. If you do not have a valid attempt left, you will need to purchase a new exam attempt. For further guidance or questions, please refer to the OSCC-SJD Exam FAQ page.