OSWE Exam review “2020” + Notes & Gifts inside!

@bumika said:
Thank you for the detailed description and congratulations! How can I imagine a proctored exam in 48 hours? Do they follow my activity through a camera?

It is very similar to OSCP, if you’ve taken that. Basically they watch you through webcam and view your screen, to ensure that you are the one doing the work, and not someone else. It goes on for the whole 48 hours.

I took OSCP in the pre-proctored era. I hope sleeping is not a subject of visibility. :slight_smile:

How long did you wait for results after the exam?

@bumika
Well, you can take short/long breaks. I didn’t go through proctoring since I covered it in my OSCP review.

@martin59
Around 5 days.

I have both Sec+ and CISSP. I would say skip the Sec+ and go for CISSP. CISSP has everything Sec+ has and more. CISSP is a beast in its own right, you have to learn the rules in ISC2’s reality. Think like a high level boss in terms of how to defend everything, including stupid employees who write their password on a notepad and leave it on the subway. Even if you stay as a pen tester for life, CISSP helps you see the big picture so you never have to ask why am I doing this, or who does this affect?

@squirrelpizza said:
I have both Sec+ and CISSP. I would say skip the Sec+ and go for CISSP. CISSP has everything Sec+ has and more. CISSP is a beast in its own right, you have to learn the rules in ISC2’s reality. Think like a high level boss in terms of how to defend everything, including stupid employees who write their password on a notepad and leave it on the subway. Even if you stay as a pen tester for life, CISSP helps you see the big picture so you never have to ask why am I doing this, or who does this affect?

Thanks for the feedback… check dm…

Congrats! I’m going to be taking this one in a couple of weeks.

First of all congratulations!

As a fellow OSWE holder I disagree with your assessment that the course doesn’t cover vulnerability discovery enough, I actually found it was quite good.

They give you all the tools needed to find vulnerabilities and the extra miles are really good at making you go through things and create your own methodology for vulnerability discovery.

I also don’t think the course should dive into blackbox testing, it’s meant to be a whitebox testing course.

I do agree that the course could use more extra miles and a tweak to a certain one…

More languages is probably not needed since it covers the more common languages for web development, but more challenges would be nice.

Just my opinions to offer some counter points :smiley:

Hope to have a go at your box when it’s out!!!

Some boxes to practice with

@s0j0hn said:
Some boxes to practice with
NetSecFocus Trophy Room - Google Drive

These boxes are for OSCP, not OSWE.
You may mention them in my OSCP review.

Type your comment> @21y4d said:

@s0j0hn said:
Some boxes to practice with
NetSecFocus Trophy Room - Google Drive

These boxes are for OSCP, not OSWE.
You may mention them in my OSCP review.

There is a tab for OSWE at the top

@s0j0hn said:
Type your comment> @21y4d said:

(Quote)
There is a tab for OSWE at the top

Oh, I see… Yeah, some of them are the same boxes mentioned above.

I must mention that they contain parts that might be useful for OSWE, but unfortunately I couldn’t find any with whitebox testing vectors.

Hopefully sourceCode will be dedicated for this area, once it goes live.

Thanks for sharing

Thanks for this detailed review. I am rather interested in this exam, since it would be a good fit for my day job as a developer. Do you think/know if OSCP is required for this exam?

@dnperfors said:
Thanks for this detailed review. I am rather interested in this exam, since it would be a good fit for my day job as a developer. Do you think/know if OSCP is required for this exam?

You can definitely go directly to OSWE, since there are no prerequisite to this course. I think it would also be good for you, since OSWE is also aimed towards developers.

However, I must note that OSWE is an advanced course, so you must have good knowledge in web exploitation. If you do take and pass OSCP, and then complete the areas I mentioned in the study plan above, then you are good to go.

Thanks, I already planned to look at several boxes, including the ones mentioned in the link. After studying those, I can always decide whether or not I am confident enough to start…

If anyone took OSCE with any of “GXPN, OSEE, PACES”, I would love to hear your feedback on how to prioritize them, and which ones aren’t necessary.

Thank you so much for the detailed review, it’s probably the best one for the OSWE so far.

But I still have some questions, as you mentioned before that you took some courses in web development, and you did not go very deep in each, but after reading the whole review, it gives the implication that you have to be an expert in the mentioned languages, or at least called a developer in that certain language, that you can read and write anything. Is this true?
And can you please recommend any courses (URL’s) that helped you in learning those languages?

@ASD0 said:
Thank you so much for the detailed review, it’s probably the best one for the OSWE so far.

But I still have some questions, as you mentioned before that you took some courses in web development, and you did not go very deep in each, but after reading the whole review, it gives the implication that you have to be an expert in the mentioned languages, or at least called a developer in that certain language, that you can read and write anything. Is this true?
And can you please recommend any courses (URL’s) that helped you in learning those languages?

What I meant is that you wouldn’t have to become and expert in each language, but you have to be able to read it’s code, understand it’s web functionality, and be able to write some code in it, in case you have to modify any of the code. So you should be able to develop things in it, but by no means do you have to become an expert developer in each.

Other than the courses i mentioned above, you can either search YouTube for introductory courses, or you can take an web development course in that language from udemy.

For those interested, I have just done Smasher2, and I think the user part is an excellent example and practice for the OSWE exam.

Type your comment> @s0j0hn said:

Type your comment> @21y4d said:

@s0j0hn said:
Some boxes to practice with
NetSecFocus Trophy Room - Google Drive

These boxes are for OSCP, not OSWE.
You may mention them in my OSCP review.

There is a tab for OSWE at the top

Take a look at this on:

@21y4d May I ask your thoughts about it?