This is arguably the best free resource available. Focus heavily on the "Advanced" topics, specifically Server-Side Template Injection (SSTI), Insecure Deserialization, Prototype Pollution, and XML External Entities (XXE).
Beyond the Checkbox: The Strategic Value of the OSWE Certification and Study Materials offensive security web expert -oswe- pdf
Do you need help finding to practice white-box code review before buying the course? This is arguably the best free resource available
|