5.0★
- Training introduction and orientation.
- Web technology fundamentals.
- Penetration testing methodology.
- Configuring the testing environment.
- Introducing Burp Suite Proxy.
Become a certified web application pentester with our hands-on BWAPT course. Master ethical hacking, OWASP Top 10 vulnerabilities, and professional pentest tools. 2-month online program with certification exam.
Learn pentesting online with the BSG Web Application Pentester Training (BWAPT) program. This pentesting course helps web developers, QA engineers, and IT professionals obtain ethical hacker skills and start a career in cybersecurity, penetration testing, or bug hunting.
BWAPT teaches fundamentals of application security and web application pentesting. The program covers modern web application vulnerabilities and attacks and fully covers OWASP Top 10. Students get practical assignments in the online labs through the course. After completing the study, the students can attempt the final examination and get a BSG Web Application Penetration Tester certificate.
The training course spans over eight lessons, about three hours each. The students have one lesson per week. Classes are taught live in Zoom by the BSG pentesting experts who focus on the related topics. We record all lessons and privately share them on YouTube for your review if you miss a class.
Our tutors assign students the tasks to solve in the online labs throughout the course. The assignments vary from topic to topic and aim at strengthening the students’ understanding of the material. Tutors guide and support the students in their homework and remain available in a private Discord channel throughout the course.
The course exam is a real-world web application pentest. In the end, students document their findings and prepare an industry-grade pentest report. All students get an attendance certificate and an opportunity to pass the final exam and get a certificate of achievement. Those who successfully pass the exam are awarded a BWAPT certified status.
Intermediate
April-May 2023
8 hours per week for lessons and homework
Online classes in Zoom
Private videos on YouTube.
Practical tasks in the interactive online labs
Certificate of Completion to all students, Certificate of Achievement after successfully passing the exam
Private Discord chat to interact with trainers during and after the course
Practice on vulnerable web applications with real vulnerabilities—SQL injection, XSS, CSRF, and more—in safe lab environments.
Earn the BSG Web Application Penetration Tester certificate after passing a realistic pentest exam with professional reporting.
Taught by OSCP and OSEP-certified penetration testers who find vulnerabilities in production applications every week.
Designed to qualify you for junior pentester roles or bug bounty hunting—practical skills employers actually look for.
Evening classes compatible with work or studies. All sessions recorded on YouTube so you never miss a lesson.
Join our Discord server for ongoing support from instructors, networking with other students, and career guidance after the course.
Practice on vulnerable web applications with real vulnerabilities—SQL injection, XSS, CSRF, and more—in safe lab environments.
Earn the BSG Web Application Penetration Tester certificate after passing a realistic pentest exam with professional reporting.
Taught by OSCP and OSEP-certified penetration testers who find vulnerabilities in production applications every week.
Designed to qualify you for junior pentester roles or bug bounty hunting—practical skills employers actually look for.
Evening classes compatible with work or studies. All sessions recorded on YouTube so you never miss a lesson.
Join our Discord server for ongoing support from instructors, networking with other students, and career guidance after the course.
Berezha Security conducted effective training sessions. They demonstrated various penetration testing tools to great success, so our team is now familiar with new frameworks. The Berezha team was responsive and communicative; it's comprised of professional experts who know their field well.
The audience remained highly engaged during the workshop. The trainer's delivery radically differed from what we expected based on previous experience with CBT security awareness courses. As a result, the audience learned a lot and was able to clear out every pre-existing ambiguity in the corporate security requirements and countermeasures with a professional third-party expert.
Internal development teams are now successfully implementing the skills they learned from Berezha Security. The specialists maintained an excellent communication style throughout the sessions. The training covered practical secure coding techniques that our developers could apply to real projects immediately.
We assign classes to the BSG experts who know the related topic the best. All our trainers have day-to-day hands-on experience in web application penetration testing and hold prestigious professional certificates. Besides that, they have vast public speaking experience at cybersecurity conferences and deliver the best training experience.
BWAPT trainers are experts with day-to-day hands-on experience in web application pentesting projects which hold top industry certifications. An expert who is the best fit for the topic teaches it to students.
Besides their technical skills, our trainers deliver the best training experience. We provide corporate training, give practical workshops, arrange webinars, and speak at cybersecurity conferences. Our trainers are at the core of the OWASP Kyiv chapter and NoNameCon – Ukraine’s largest professional cybersecurity conference.
Security Consultant, Training Lead
OSCP, Burp Suite Certified Practitioner, eWPTX, eMAPTPenetration tester. CTF game master. OWASP Kyiv chapter leader.
Serhii is an information security professional with vast experience in Application Security and Penetration Testing. He holds industry-recognized certifications including OSCP, Burp Suite Certified Practitioner, eWPTX, and eMAPT, demonstrating comprehensive expertise across web and mobile application security. He manages the full spectrum of appsec and pentesting engagements in the BSG portfolio.
As the BSG Training Lead, he is always up to date on the latest security trends and is passionate about organizing conferences and speaking publicly. He presented and volunteered at BruCON, OWASP Ukraine, NoNameCon, and TestingStage, among many others.
Serhii is fond of sports videogames and loves riding the drone and taking footage of his picturesque travels.
Security Consultant OSCP, eWPTX
Penetration tester.
Security trainer.
OWASP Kyiv chapter leader.
Kyrylo is a cybersecurity consultant specializing in web and mobile Application Security analysis, wired and wireless network Penetration Testing, and Social Engineering security assessments.
His passion for cybersecurity developed from his dedication to technical disciplines and a superpower of accumulating practical knowledge in astronomical amounts. Kyrylo is a talented trainer, and he contributes to the cybersecurity community by volunteering at OWASP Kyiv, OWASP Ukraine, NoNameCon, and other professional movements.
Security Analyst BWAPT
Penetration Tester.
Professional community volunteer.
Roman is a cybersecurity engineer who holds the BWAPT (BSG Web Application Penetration Testing) certification and focuses on the technical aspects of Penetration Testing, Application Security, and Social Engineering assessments.
Roman is working hard to develop his network pentesting skills and trains for the OSCP course and exam in the Hack The Box playground. Meanwhile, he has started sharing his knowledge with the community as the best way to learn something by trying to teach it.
Roman is a dedicated professional events volunteer and a hobbyist basketball player.
Co-founder & COO CISSP
BSG services, operations, and quality leader.
IT auditor and cybersecurity consultant.
Andriy is an accomplished manager with 10+ years of experience in various industry verticals. He has started his IT audit and consulting career and continued in enterprise IT and custom software development services.
Andriy has experience in leading customer relationships within the US, UK, and Western Europe geographies, responsible for distributed teams and permanent engagements of different scales.
Andriy has stood at the root of the Ukrainian cybersecurity professional community and has joined BSG to advance his contribution to the cybersecurity industry's development.
At BSG, Andriy acts the Chief Services Officer and a security consulting practice lead.
Our team holds the industry's most demanding security certifications, independently validating expertise in penetration testing, application security, cybersecurity consulting, and red team operations.
OSEP
Offensive Security Experienced Penetration Tester
CISSP
(ISC)2 Certified Information Systems Security Professional
OSCP
Offensive Security Certified Professional
CISA
ISACA Certified Information Systems Auditor
CRTP
Certified Red Team Professional
CRTE
Certified Red Team Expert
Burp
Burp Suite Certified Practitioner
eWPTX
INE Security Web Application Penetration Tester eXtreme
eMAPT
INE Security Mobile Application Penetration Tester
eCPPT
INE Security Certified Professional Penetration Tester
CEH
EC-Council Certified Ethical Hacker
We are not afraid to share our knowledge. In fact, as part of our mission, we teach ethical hacking. One might say we do it for money; others suspect this is how we find and train new employees. But we just love what we do and wish others could do and enjoy it too.
After completing the course and successfully passing the exam, you will fully qualify for a junior Penetration Tester position. Alternatively, you could start in cyber security bug bounty hunting.
The BWAPT online training course lasts for two months. The coursework consists of one three-hour class per week and the homework in the online labs. The weekly load varies between 5 and 8 hours based on the student’s level of prior knowledge.
Yes. This course includes an examination: a realistic pentest of a test web application with real vulnerabilities in a virtual lab. After the certification exam, you will prepare a report of your findings. Your grade will depend on the report’s completeness and quality.
Yes. You will get a certificate of attendance at the end of the course. After successfully passing the certification exam, you will earn a certificate of achievement and the BSG Web Application Penetration Tester (BWAPT) title.
Yes. We have classes starting at 18:00 and finishing around 21:00 on Tuesdays (EET). We record the lessons and share them privately on YouTube for you to watch them later if you miss the class. You will also be able to revisit the videos before and during the exam.
Yes. However, we recommend starting the course with a basic understanding of HTML, JavaScript, SQL, and HTTP. If you have experience in IT or related fields – it will help a lot. We will teach all security topics in the class.
The web penetration testing online classes are available in English or Ukrainian, depending on the current group preferences. English is required to deal with documentation and online labs.
BWAPT is an online training course. You take classes in Zoom and have access to the online labs from wherever you want. All classes are being recorded and remain available to you on YouTube.
Yes. We will add you to a Discord server for all out-of-class communications with tutors and other students. You can use this server to get help from the training team and network with other security enthusiasts.