In this article, you will find relevant information regarding the WEB-200: Foundational Web Application Assessments with Kali Linux Exam.
- Exam Tour
- Introduction
- Where can I find the exam guide?
- How do I know if I'm ready to take the exam?
- How do I schedule my certification exam?
- Documentation requirements
- How can I find out my exam score?
- How do I get points on the exam?
- How many points do I need to pass the exam?
- Can I use Discord during the exam?
- Can I appeal my exam result ?
- May I request feedback on the exam?
- Is sqlmap and sqlninja or any type of SQLi scanner allowed?
- Is Burp Suite Professional allowed on the exam? Can I use any Burp Suite Professional plugin on the exam?
- What is the exam retake policy?
- What information is available about exam proctoring?
Exam tour
Watch this video for a quick overview on the exam process, from scheduling to submitting your exam report.
This video was current as of October 2022. As we continue to improve the Learning Library, slight modifications in the interface or functionality may appear.
Have more questions? Check the frequently asked questions below.
Introduction
The OSWA certification exam simulates a live network, which contains several vulnerable systems. You need to exploit these machines and provide proof of exploitation. The objective of the certification challenge is to demonstrate creative thinking and success in penetration of the victim targets.
You will have 23 hours and 45 minutes to complete the challenge itself and further a 24 hours to submit your documentation.
Where can I find the exam guide?
The OSWA exam guide is available at the following link: OSWA Exam Guide
How do I know if I'm ready to take the exam?
This is, of course, a very difficult question to answer. At a minimum, we recommend that you understand the majority of the concepts taught in the course and complete the challenge labs.
How do I schedule my certification exam?
To learn how to schedule an exam, how to see the amount of time you have left before your exam attempt expires or understand how rescheduling an exam works, please visit our Managing OffSec Certification Exams article, depending on the environment you are studying in.
Documentation requirements
You must retrieve local.txt and proof.txt files and input them into your Exam Control Panel. In addition, you must include screenshots that prove access showing the content of these files inside your exam report.
You must document your attempts or attacks and send in your exam documentation within 24 hours after the completion of the 24 hours. Please use our OSWA exam report template for your documentation, available at the following URLs:
How can I find out my exam score?
While we cannot provide your exact exam score, you can use the point assignment outlined in the exam guide and exam control panel objectives to approximate your score.
How do I get points on the exam?
Points are awarded from finding flags in the form of local.txt or proof.txt files; each flag is worth 10 points. Please also refer to OSWA Exam Guide in order to meet with the requirements.
How many points do I need to pass the exam?
You must obtain at least 70 points.
Can I use Discord during the exam?
While you may use Discord as a resource for searching for information during the exam, under no circumstances are you permitted to seek or receive assistance from others on the platform. This includes but is not limited to, asking for help, sharing exam-related information, or discussing any aspect of the exam with others.
Can I appeal my exam result?
Learners who wish to address any concerns or seek clarification regarding their results can initiate an appeal through our Challenges Department. To initiate an appeal, please contact us via email at "challenges AT offsec DOT com."
Upon receiving your appeal, our team will conduct a diligent review of your results. We understand the significance of a timely response, and we commit to providing you with an update promptly after we have reached a final decision on the matter. Please note that we strive to complete the review process within a maximum of ten (10) business days.
May I request feedback on the exam?
Certainly! You can request an exam feedback should you have provided your exam report with us and have insufficient points. Please contact us via email at "challenges AT offsec DOT com" and we will provide you with feedback within 10 business days.
Is sqlmap and sqlninja or any type of SQLi scanner allowed?
Sqlmap, sqlninja, and similar tools are allowed on the OSWA exam. These tools are not required to pass the exam. If you choose to use them, you must still fulfill the documentation requirements in your report.
Please refer to OSWA Exam Guide for more details on allowed and restricted tools.
Is Burp Suite Professional allowed on the exam? Can I use any Burp Suite Professional plugin on the exam?Is Burp Suite Professional allowed on the exam? Can I use any Burp Suite Professional plugin on the exam?
Burp Suite Professional is allowed on the OSWA exam. Burp Suite Professional is not required to pass the exam. Additionally, plugins that do not perform any restricted actions are allowed on the exam. Any Burp Suite plugins used during the exam must be documented in your report.
What is the exam retake policy?
All exams have a cooling off period in between attempts. You can view additional details on the cooling off period here.
What information is available about exam proctoring?
All OSWA exams are now proctored. Please make sure to read our online FAQ.