Web Application Pentester Training

Build your application security testing skills with our professional training program. Hack into your cybersecurity career!

Training Program

The Berezha Web Application Pentester Training program covers the knowledge required to become a professional in web application security testing.

The training consists of 14 lessons, and there is a potential for a bonus lesson in each group of students. The course covers both the theoretical background and the hands-on practice in the labs.

The course exam is a real-world web application security pentest that lasts for 7 days and ends with an industry-grade report. All students get an attendance certificate, but only those who complete the final test get a certificate of achievement.

Training Schedule

  1. Configuring the environment, common pitfalls, tips, and tricks.
  2. Reconnaissance methodology, tools and hacks.
  3. Testing for server-side attacks: SQLi, SSTI, SSRF, XXE, LFI, etc.
  4. Testing for client-side attacks: XSS, CSRF, etc.
  5. Web service & API security testing.
  6. Access control, session management & authorization.
  7. Architecture and business logic flaws and vulnerabilities.
  8. Security misconfiguration: environment, headers, and beyond.
  9. Web sockets as an attack vector.
  10. Crypto (as in cryptography) and the Web.
  11. Deep dive into XSS, SQLi & GraphQL flaws.
  12. Internet of Things security testing.
  13. Testing security in the Cloud.
  14. Reporting, risk management, and communications.

Prior Knowledge

We expect all our students to be familiar with the following:

  1. HTML: you should know different markup tags (A, INPUT, SCRIPT, etc.) and how to use them.
  2. JavaScript: there is no need to be an expert, but you should know the basics. If you can pop-up an alert(), you are good to go.
  3. SQL: again, only the basics; you will learn the rest. If you know how to use the main verbs like SELECT or INSERT – that’d be enought.
  4. HTTP: know the protocol structure and its main elements, such as headers, cookies, request types, and (roughly) response codes.

If you are ready to join one of our student groups, register now.

Training Price

The course price is 22,000 UAH (VAT excluded).

  1. If paid in full upfront, the cost is 20,000 UAH (ex VAT).
  2. Another payment schedule option is 50/50: a 50% advance payment before the training starts, and a 50% payment before it is half-over.
  3. The daytime students of Ukrainian academic institutions and high schools get a 25% discount.
  4. In line with our social responsibility goals, we offer a 40% discount for the former Ukrainian military personnel who are willing to start a career in cybersecurity.

If you feel that the above list is incomplete and you are in a position to get a discount, please let us know.


Your trainers are the experts who have day-to-day hands-on experience in web application security and penetration testing and have top industry certifications. An expert who is the best fit for the topic teaches it to students.

Besides their technical skills, our trainers provide the best training experience. We provide corporate training, give practical workshops, arrange webinars, speak at cybersecurity conferences, and organize them. Our trainers are at the core of the OWASP Kyiv chapter and the NoNameCon – Ukraine’s largest professional cybersecurity conference.

Demo Lesson

Register for training

Call Us

+1 (315) 303 2323
+380 (44) 364 7336


6 Nimanska St., 41, Kyiv, Ukraine 01103


77 Sichovykh Striltsiv St., Kyiv, Ukraine