26/07/2022
From Unknown to Have Something (OSWE)
Hi all here i will share my journey to become an “OSWE” certified holder
Hi everyone, Today i received that i passed the oswe exam, ok let’s jump into the what is my steps and how i tackle the oswe module and lab.
Pre OSWE
Before i enroll, i also know the oswe design to identify vulnerability on source code level and also need to automated the exploitation process. you can view the course prerequisites here.
The prerequisites look like we need to know atleas one programming language to automated our exploitation process.
My steps and Journey
1st steps
Before enroll i starting to learn programming language like PHP (Object-oriented programming) OOP i learn from Edvin Diaz. This course will teach you how to create a web application using oop style and also include the CRUD part.
2nd steps
I completed my learning, then what i’m doing started to create one vulnerable web application for practice my writing code skill and also i created containts vulnerability like below.
- SQL Injection
- File Upload
- Cross site scripting (XSS)
- Open Redirect
3rd steps
I understand the code and how the function call inside the function and outside the function and also i know the sql query work. Then i try to learn http request in python3 from here python3 request. After i learn the python requests i try to create one scripting code to perform Authentication like below :).
My first scripting code xD
4th steps in the lab oswe
When i got access the lab and material i started to reading the material and started to approach slow by slow don’t need to rush. I started watch the video and read the pdf when i dont understand what inside the video i try to read slow by slow in the pdf and at the same time i started doing the lab machine. After almost complete the lab i started to solve the extra miles on every chapter but unfortunately i’m not able to complete all extra miles just complete 45% over 100%. Beside that, i also practice my scripting code using python3 because in module you will learn python2 so you need to convert the exploit code to python3. My approach in weekday trying to read the pdf and watch the video on weekend i started to solve the challenge inside the module because on weekend i can spent for 10-11 hours for study and practice my scripting and automation.
In the lab offsec will give you 3 machine to perform source code review without solution i’m able to complete 1 machine and able to write full exploit code for that machine.
Tips And Tricks
- Understand what is inside the function.
- Understand the sql query example you need to know string and int variable inside the sql query.
- Enable the SQL error log when perform debugging.
- Familiar your self which GetMapping, PostMapping, doGet , doPost, doPut, doCopy , doDelete, doOptions.
End
Thanks you for your time reading this post!.
Credits
Special thanks to my friend who supporting me when i’m doing this certification and also thanks to jlx.
without you guys, I won’t be able to reach this far.