OSWE
OffSec's web-exploitation cert. The deepest hands-on AppSec credential for source-aware testers.
OffSec's web-exploitation cert. The deepest hands-on AppSec credential for source-aware testers. Pursue if: You can read code and want depth in web exploitation. Avoid if: You're not comfortable with source-level review.
In context
This cert in isolation tells you very little. Here is where it actually sits. The pathways that use it, and the roles it realistically supports.
Recommended prior knowledge
- Strong web app testing experience
Common misconceptions
- It helps with senior appsec / code-review interviews. It does not unlock pentest or red-team roles by itself.
- OSWE alone clears HR filters; it doesn't replace shipped, documented work.
What this cert does NOT guarantee
- Pentest or red-team roles by itself
Practical skills that matter
- Senior AppSec / code-review interviews
- Bug-bounty credibility
The serious next step
A cert is a signal. A Career Verdict tells you whether the signal is worth sending.
A Career Verdict tells you whether this cert earns its place on your specific route, what it won't fix, and what to sit before or after it.
Built on POST's practitioner-authored assessment framework, calibrated by James from twenty years across helpdesk, infrastructure and security. Framework is human-authored; the verdict applies it to your inputs.