OSWE Syllabus Table

These topics are listed in the course syllabus therefore they can be used during the exam:

Auth Bypass
RCE

SQL Injection - Payloads

Deserialization

Persistent Cross-Site Scripting

Bypassing File Upload Restrictions

IDOR

SQL Injection RCE (Postgres UDF or Mysql copy to function)

Weak random token generator

XXE - Payloads

Type Juggling

XML Injection

Cross-Site Request Forgery - Payloads

SSTI - Payloads

Authentication Token/Cookie Manipulation

Prototype Pollution

-

JavaScript Injection

-

OS Command Injection

PreviousZIP SlipNextAuthorization Bypass Options

Last updated