Web Application Pentester Training

Berezha Web Application Penetration Tester training is a professional program aimed at building and improving your application security testing skills. 


What will you learn?

The Berezha Web Application Pentester Training program covers the body of knowledge that is required to become a professional in web application security testing.

Berezha experts that excel at specific areas teach the corresponding topics. The lessons consist of both teachings the theoretical background and practical hands-on training in the labs.

After completing the training, all students obtain an attendance certificate. Those who successfully pass the final test get a completion certificate.

Training Schedule

  1. Environment configuration: pitfalls, tips & tricks
  2. Reconnaissance methodology, tools & hacks
  3. Server-side attacks: SQLi, SSTI, SSRF, XXE, LFI, etc.
  4. Client-side attacks: XSS, CSRF, etc.
  5. Web service & API (in)security
  6. Access control, session management & authorization
  7. Business logic flaws & vulnerabilities
  8. Security misconfiguration: environment, headers & beyond
  9. Web sockets as an attack vector
  10. Crypto & the web
  11. Deep dive into XSS, SQLi & GraphQL flaws
  12. IoT security basics
  13. Cloud security basics
  14. Reporting, risk management & communications


What should you already know?

For the training to be effective, students must have certain prior knowledge about web application technologies. We expect all students to be familiar with the following:

  1. HTML: you should know different markup tags and their meaning.
  2. JavaScript: there is no need to be an expert for this course, but you should know the basics. If you can pop-up an alert(), you are good to go.
  3. SQL: again, only the basics, we will teach the rest. If you know how to use the main verbs like SELECT – that’s about it.
  4. HTTP: know the protocol structure and its main elements, such as headers, cookies, request types, and (roughly) response codes.

If you are ready to join one of our groups, register now. Our representative will contact you soon with training schedule options and all required paperwork.


What is the training price?

The training price is 22,000 UAH (VAT excluded).

  1. If paid in full upfront, the cost is 20,000 UAH.
  2. The payment schedule is 50/50: a 50% advance payment before the training starts, and a 50% payment before it is half-over. If you require a more flexible payment schedule, we can discuss it further.
  3. We distribute promo codes at OWASP and NoNameCon events. Ask around, maybe someone you know already has one.
  4. The daytime students of Ukrainian academic institutions and high schools get a 25% discount off the agreed price.
  5. In line with our social responsibility goals, we offer a 40% discount for the former Ukrainian military personnel who are willing to start a career in Application Security.

If you feel that the above list is incomplete and you are in a position to get a discount, please let us know.


Who teaches the course?

The training is taught by Berezha Security professionals who have day-to-day hands-on experience in web application security and penetration testing, and hold the best penetration testing certifications themselves.

Each topic is presented by an expert who is the best fit for it. There is a person in each team who knows more about something than everybody else. We make sure that each training session is held by a trainer who we all learn from.

Besides the technical expertise, our trainers have the best presenting and training experience. We do corporate training and provide practical workshops in Berezha Security projects and beyond. We arrange webinars, speak at security conferences, and organize them too. All of us are somehow involved in the OWASP Kyiv chapter and the organization of NoNameCon – a practical security conference in Kyiv, Ukraine.

Register for training

Call Us

+1 (315) 303 2323
+380 (44) 364 7336


6 Nimanska St., 41, Kyiv, Ukraine 01103


77 Sichovykh Striltsiv St., Kyiv, Ukraine 

Copy link
Powered by Social Snap