In this article, you will find relevant information regarding the WEB-200: Foundational Web Application Assessments with Kali Linux Exam.
- Exam Tour
- Where can I find the exam guide?
- How do I know if I'm ready to take the exam?
- How do I schedule my certification exam?
- Documentation requirements
- How can I find out my exam score?
- How do I get points on the exam?
- How many points do I need to pass the exam?
- Can I use Discord during the exam?
- Can I appeal my exam result ?
- May I request feedback on the exam?
- Is sqlmap and sqlninja or any type of SQLi scanner allowed?
- Is Burp Suite Professional allowed on the exam? Can I use any Burp Suite Professional plugin on the exam?
- What is the exam retake policy?
- What information is available about exam proctoring?
Watch this video for a quick overview on the exam process, from scheduling to submitting your exam report.
This video was current as of October 2022. As we continue to improve the Learning Library, slight modifications in the interface or functionality may appear.
Have more questions? Check the frequently asked questions below.
The OSWA certification exam simulates a live network, which contains several vulnerable systems. You need to exploit these machines and provide proof of exploitation. The objective of the certification challenge is to demonstrate creative thinking and success in penetration of the victim targets.
You will have 23 hours and 45 minutes to complete the challenge itself and further a 24 hours to submit your documentation.
The OSWA exam guide is available at the following link: OSWA Exam Guide
This is, of course, a very difficult question to answer. At a minimum, we recommend that you understand the majority of the concepts taught in the course and complete the challenge labs.
To learn how to schedule an exam, how to see the amount of time you have left before your exam attempt expires or understand how rescheduling an exam works, please visit our Important information about exam scheduling or Important information about exam scheduling in the Learning Library article, depending on the environment you are studying in.
You must retrieve local.txt and proof.txt files and input them into your Exam Control Panel. In addition, you must include screenshots that prove access showing the content of these files inside your exam report.
You must document your attempts or attacks and send in your exam documentation within 24 hours after the completion of the 24 hours. Please use our OSWA exam report template for your documentation, available at the following URLs:
While we cannot provide your exact exam score, you can use the point assignment outlined in the exam guide and exam control panel objectives to approximate your score.
Points are awarded from finding flags in the form of local.txt or proof.txt files; each flag is worth 10 points. Please also refer to OSWA Exam Guide in order to meet with the requirements.
You must obtain at least 70 points.
While you may use Discord as a resource for searching for information during the exam, under no circumstances are you permitted to seek or receive assistance from others on the platform. This includes but is not limited to, asking for help, sharing exam-related information, or discussing any aspect of the exam with others.
Learners who wish to address any concerns or seek clarification regarding their results can initiate an appeal through our Challenges Department. To initiate an appeal, please contact us via email at "challenges AT offsec DOT com."
Upon receiving your appeal, our team will conduct a diligent review of your results. We understand the significance of a timely response, and we commit to providing you with an update promptly after we have reached a final decision on the matter. Please note that we strive to complete the review process within a maximum of ten (10) business days.
Certainly! You can request an exam feedback should you have provided your exam report with us and have insufficient points. Please contact us via email at "challenges AT offsec DOT com" and we will provide you with feedback within 10 business days.
Sqlmap, sqlninja, and similar tools are allowed on the OSWA exam. These tools are not required to pass the exam. If you choose to use them, you must still fulfill the documentation requirements in your report.
Please refer to OSWA Exam Guide for more details on allowed and restricted tools.
Is Burp Suite Professional allowed on the exam? Can I use any Burp Suite Professional plugin on the exam?Is Burp Suite Professional allowed on the exam? Can I use any Burp Suite Professional plugin on the exam?
Burp Suite Professional is allowed on the OSWA exam. Burp Suite Professional is not required to pass the exam. Additionally, plugins that do not perform any restricted actions are allowed on the exam. Any Burp Suite plugins used during the exam must be documented in your report.
All exams have a cooling off period in between attempts. You can view additional details on the cooling off period here.
All OSWA exams are now proctored. Please make sure to read our online FAQ.