Advanced Surfaces

Domain overview

Advanced surfaces are where offensive work becomes more architecture-aware. Cloud identity, API object models, mobile runtime control, federation, build pipelines, model-facing systems and industrial protocols all require different questions, tooling and reporting language from standard web or internal assessments.

Related certification context

These certifications map to parts of the specialist surface collected here.

• OffSec OSAI+ / AI-300Dedicated AI red teaming across LLMs, agents and AI infrastructure.
• OffSec OSWE / WEB-300Useful for API- and source-guided exploitation in complex web-backed systems.
• OffSec OSEP / PEN-300Useful for mature operator workflow where specialist targets intersect with internal operations.

Curated public references

• OWASP API Securityowasp.org/www-project-api-security/
• OWASP MASmas.owasp.org/
• OWASP API Security Top 10 2023owasp.org/API-Security/editions/2023/en/0x00-header/
• OWASP MAS · MASVSmas.owasp.org/MASVS/
• PortSwigger · JWTportswigger.net/web-security/jwt
• Frida Documentationfrida.re/docs/home/
• GitHub · MobSF / Mobile-Security-Framework-MobSFgithub.com/MobSF/Mobile-Security-Framework-MobSF
• Microsoft Learn · Exchangelearn.microsoft.com/en-us/exchange/
• PX4 Documentationdocs.px4.io/
• MAVLink Developer Guidemavlink.io/en/
• ArduPilot Developer Documentationardupilot.org/dev/

Domain index