10 hours per week, including the lessons
Online classes, privately recorded on YouTube
Build your web application security testing skills with our professional training program. Hack into your cybersecurity career!
Learn the offensive security fundamentals with the BSG Web Application Pentester Training (BWAPT) program. We have created this course to help software developers, QA engineers, and IT professionals obtain ethical hacking skills and even start a cybersecurity career.
The BWAPT program is split into two units: basic and advanced. First, the Basic course teaches application security and web pentesting fundamentals. Then, the Advanced course is a series of deep dives into complex and modern attacks on web apps. Through both courses, students have practical assignments in the freely available online labs. After completing both training units, the students are accepted to the final examination and get a chance to obtain the BSG Web Application Penetration Tester certificate (BWAPT).
10 hours per week, including the lessons
Online classes, privately recorded on YouTube
Practical tasks in the interactive online labs
Certificate of Completion to all students
Certificate of Achievement after successfully passing the exam
Private chat group to interact with trainers during and after the course
The BSG Web Application Pentester Training program covers the skills required to start a web application security career.
You will benefit from this course if:
The training course spans over 13 lessons, about three hours each. The students have two classes per week. Classes are being recorded and remain available on YouTube, so you can review them if you missed a class. Our tutors are the BSG pentesting experts focusing on the corresponding areas.
Throughout the course, our tutors assign students the tasks to solve in the online labs. The assignments vary from topic to topic and aim at strengthening the students’ understanding of the material. Tutors guide and support the students in their homework.
The course exam is a week-long real-world web application pentest. In the end, students document all findings and prepare an industry-grade pentest report. All students get an attendance certificate, but only those who accomplished both units of this course can pass the final test and get a certificate of achievement.
As part of our mission, we teach others how to pentest. One might say, we do it for money, others suspect this is how we find and train new employees. But in fact, we just love what we do and wish others could do and enjoy it as well.
We expect all our students to be familiar with the following:
You should know the markup tags (A, INPUT, SCRIPT, etc.) and how to use them.
There is no need to be an expert, but you should know the basics. If you can pop-up an alert(), you are good to go.
Only the basics, we will teach you the rest. You should know how to use the main verbs like SELECT or INSERT.
You should know the protocol structure and its main elements, such as headers, cookies, request types, and (roughly) response codes.
Introduction to application security and penetration testing.
Reconnaissance and enumeration
Server-side attacks. Part 1
Server-side attacks. Part 2
Crypto and the web
Attacks on web services
Deep dive in client-side attacks
Deep dive into injection attacks
Pentesting the cloud
Reporting, risk management, and negotiations
We assign classes to the BSG experts who know the related topic the best. All our trainers have day-to-day hands-on experience in web application penetration testing and hold prestigious professional certificates. Besides that, they have vast public speaking experience at cybersecurity conferences and deliver the best training experience.
Your trainers are the experts who have day-to-day hands-on experience in web application security and penetration testing and have top industry certifications. An expert who is the best fit for the topic teaches it to students.
Besides their technical skills, our trainers provide the best training experience. We provide corporate training, give practical workshops, arrange webinars, speak at cybersecurity conferences, and organize them. Our trainers are at the core of the OWASP Kyiv chapter and the NoNameCon – Ukraine’s largest professional cybersecurity conference.
Security Consultant, Training Lead
Serhii is a cybersecurity pro with vast experience in both Application Security and Penetration Testing. He manages the full spectrum of appsec assessments and penetration tests from the BSG portfolio.
As a training lead, he is always up to date on the latest security trends and is passionate about organizing conferences and speaking publicly. He presents and volunteers at various events, BruCON, OWASP Ukraine, NoNameCon, and TestingStage, among others.
Serhii is fond of sports videogames and loves riding the drone and take footage of his picturesque travels.
Kyrylo is a cybersecurity consultant specializing in web and mobile Application Security analysis, wired and wireless network Penetration Testing, and Social Engineering security assessments.
His passion for cybersecurity developed from his dedication to technical disciplines and a superpower of accumulating practical knowledge in astronomical amounts. Kyrylo is a talented trainer, and he contributes to the cybersecurity community by volunteering at OWASP Kyiv, OWASP Ukraine, NoNameCon, and other professional movements.
Anatolii is an information security professional who got bored with security management and compliance and transformed into a practical cybersecurity expert.
In the BSG team, he leads Penetration Testing and Application Security projects and consults customers on issue remediation.
Anatolii demonstrates a strong expertise in Web Application, Cloud Infrastructure, and Network security. He is an athlete and long-distance runner, and he never stops learning and sharing his knowledge at cybersecurity conferences.
Application Security Lead
Ihor Bliumental is a world-class application security expert and one of the most successful bug-hunters globally. He was named the BugCrowd MVP multiple times and submitted around 150 vulnerabilities within bug bounty programs of global brands such as MasterCard, Netflix, Upwork, Tesla, and others.
At BSG, Ihor leads, plans, and coordinates all our security assessment projects and coaches the teammates on various cybersecurity aspects.
He is a compulsive book reader and a professional intellectual games team captain.
Co-founder & CEO
Vlad Styran is an internationally known cybersecurity professional with 15+ years of experience in Penetration Testing, Social Engineering, and Security Awareness. He currently holds OSCP, CISSP, and CISA credentials and was certified as C|EH, ISO27001LA, and many more throughout his career.
Vlad is a co-founder of the OWASP Kyiv chapter and the NoNameCon cybersecurity conference. He is a notable blogger, podcaster, and conference speaker.
At BSG, Vlad is responsible for our growth and customer experience. His involvement allows us to deliver first-rate cybersecurity consulting services in software security, cybersecurity awareness, cybersecurity strategy, and security investment.
We made this course for those who interested in learning:
Yes! This course includes a week-long exam in the virtual lab. An examination task is a real-world web application penetration test scenario. You will get access to a personal test web application that has real security vulnerabilities. After a week in the lab, you will prepare a report that describes all your findings. Your grade will depend on the completeness of results and the report's quality.
Yes! You will get a certificate of attendance at the end of the course. After you successfully pass the final exam, you will earn a certificate of achievement and the BSG Web Application Penetration Tester (BWAPT) title.
The coursework consists of two three-hour classes per week and the homework in the online labs. From experience, we can say that based on the student’s prior knowledge level, the weekly load varies between 10 and 14 hours.
Yes! We usually have classes starting at 16:00 and finishing around 19:00 on Tuesdays and Thursdays. We record the lessons and share them privately on YouTube, so you can watch them later if you miss the class. You will also be able to revisit the videos before and during the exam.
We teach primarily in Ukrainian. Basic English is required to deal with documentation and online labs.
This training course is entirely remote. You take classes in Zoom and have access to the online labs from wherever you want.
Yes! We will add you to a Discord server for all out-of-class communications with tutors and other students. You can use this server to get help from the training team and network with other security-minded people.
After completing the coursework and successfully passing the exam, you will be qualified to take a junior penetration tester position or start a security bug bounty hunter career.