thomfre.dev@home:~$

Yet another development, infosec and offensive security blog

My OSWE experience

I’ve had my eyes in the AWAE course for several months, and initially thought it would be too difficult for me to do this year. But then I just decided to give it a try!

Note: This blog post is very low quality compared to the one I wrote about My OSCP experience, I encourage you to go read An experience leading up to Offensive Security Web Expert by loca1gh0s7, which was my inspiration for starting on this journey.

My advice

Pre-AWAE advice

This is not a beginner certification. Unless you already work as a developer, you should really look into some basic coding before attempting this course.

AWAE advice

  • As with the other OFfensive Security courses, read all of the PDF!
  • Take notes (I recommend Markdown in VS Code)
  • Do the exercises and write down your steps (good training for the exam report, and nice to have later)
  • Do the extra miles
  • Use the latest Kali, or whatever Linux distro you prefer
  • Do not treat this as a “Code Review Certification”, this is a penetration testing certification, with a white box focus

Exam advice

  • Schedule your exam as soon as possible
  • Schedule the exam for a time slot that best fits you
  • Use the provided report template
  • Keep it simple
  • Take notes and screenshots (make sure you get the required screenshots!)
  • Do not treat this as a “Code Review Exam”! This is a penetration testing certification, use the code to your advantage, but also use your regular penetration testing techniques

My background

I’ve been a hobby coder since I was 10, and a professional developer for a long time. That background did without a doubt help me a lot on this certification.

Pre-AWAE

I finished the entire eLearnSecurity Web Application Penetration Tester Training Path before starting on AWAE. The certifications are very different in some ways, but that clearly helped me prepare for this.

AWAE

This was my 7th certification in less than 8 months, and I started the AWAE course during the summer. This made me a lot less focused than I was during the other courses/certifications, and I ended up not finishing all the exercises. I instead focused on the ones I thought would be most beneficial to me.

The AWAE update was released the same day as I submitted my exam report, but Offensive Security was nice enough to give all existing students a free upgrade.

If I had taken this course earlier, I would have spent a lot more time on the extra miles. And I might revisit them later, at least the ones I can work on without access to the labs.

OSWE Exam

The OSWE exam is hard, as it should be. But 48 hours is plenty of time, as long as you remember to take breaks, sleep and eat.

I managed to get all the exam objectives. Even though I got stuck a couple times, this exam was mostly fun and exciting.

By far my favorite exam!

The (not so) long wait

I was used to waiting for exam results by now, but this one wasn’t nearly as long as the previous ones. Only a couple days later, I got the confirmation that I had passed!

Time spent

I decided that I wanted to track all the time I spent doing the course and the exam, so I have very accurate numbers of how much time I used.

Total hours spent: 63

Task Hours spent
Notes, preparation, etc. 3 hours, 11 minutes
Study (PDF) 12 hours, 36 minutes
Study (Videos) 8 hours, 23 minutes
Exercises/Labs 5 hours, 41 minutes
Extra miles 4 hours, 19 minutes
Exam 24 hours, 14 minutes
Exam Report 4 hours, 45 minutes

My timeline

  • April 23rd, 2020: AWAE Ordered
  • May 17th, 2020: Course material received
  • June 6th, 2020: Course started
  • July 12th, 2020: Exam started
  • July 13th, 2020: Exam done
  • July 14th, 2020: Exam report submitted
  • July 14th, 2020: AWAE Update released, and received!
  • July 16th, 2020: Exam result received, delivery address submitted