We are glad to mention that the first open Web Application Security Pentester Training, provided by Berezha Security, has finished. Although we conducted a dozen tailored corporate AppSec training sessions before, this was the first open group for everyone to register and participate. The number of people willing to sign up turned out to be higher than we expected. So, the 15 available seats disappeared almost instantaneously.

The training program is designed for the audience without prior application security background and starts from the basics. The first run consisted of 14 online lessons and one bonus lesson, where we discussed the topics requested by the group. The agenda covered general AppSec concepts, approach to reconnaissance, server-side and client-side attacks, deep dives into some vulnerability classes, business logic flaws, testing web service API, IoT specifics, cloud security basics, and advice on proper reporting of the findings. During the whole course, Berezha Security trainers were available for assistance in homework tasks and related questions. The training videos were recorded and available to students throughout the course. The training ended with a comprehensive practical exam, and at the moment, six students have successfully passed it.

We got plenty of questions and positive feedback and are glad to have such an active and engaged group of pioneers. Today we are happy to announce the second edition of the online training, which we plan to start on the 14th of September. Please contact us to find out more and register.