The OSWA certification exam simulates a live network, which contains several vulnerable systems. You need to exploit these machines and provide proof of exploitation. The objective of the certification challenge is to demonstrate creative thinking and success in penetration of the victim targets.
You will have 23 hours and 45 minutes to complete the challenge itself and further a 24 hours to submit your documentation.
The OSWA exam guide is available at the following link: OSWA Exam Guide
This is, of course, a very difficult question to answer. At a minimum, we recommend that you understand the majority of the concepts taught in the course and complete the challenge labs.
To learn how to schedule an exam, how to see the amount of time you have left before your exam attempt expires or understand how rescheduling an exam works, please visit our Important information about exam scheduling or Important information about exam scheduling in the Training Library article, depending on the environment you are studying in.
You must retrieve local.txt and proof.txt files and input them into your Exam Control Panel. In addition, you must include screenshots that prove access showing the content of these files inside your exam report.
You must document your attempts or attacks and send in your exam documentation within 24 hours after the completion of the 24 hours. Please use our OSWA exam report template for your documentation, available at the following URLs:
While we cannot provide your exact exam score, you can use the point assignment outlined in the exam guide and exam control panel objectives to approximate your score.
Points are awarded from finding flags in the form of local.txt or proof.txt files; each flag is worth 10 points. Please also refer to OSWA Exam Guide in order to meet with the requirements.
You must obtain at least 70 points.
Sqlmap, sqlninja, and similar tools are allowed on the OSWA exam. These tools are not required to pass the exam. If you choose to use them, you must still fulfill the documentation requirements in your report.
Please refer to OSWA Exam Guide for more details on allowed and restricted tools.
Is Burp Suite Professional allowed on the exam? Can I use any Burp Suite Professional plugin on the exam?
Burp Suite Professional is allowed on the OSWA exam. Burp Suite Professional is not required to pass the exam. Additionally, plugins that do not perform any restricted actions are allowed on the exam. Any Burp Suite plugins used during the exam must be documented in your report.
All exams have a cooling off period in between attempts. You can view additional details on the cooling off period here.
All OSWA exams are now proctored. Please make sure to read our online FAQ.