BSG Web Application Pentester Training (BWAPT) is an online training program designed to teach web application penetration testing skills to web developers, QA engineers, and IT professionals. The program covers fundamentals of application security and web application pentesting, including modern web application vulnerabilities and attacks. The training fully covers OWASP Top 10 vulnerabilities and includes topics such as reconnaissance methodology, access control, server-side attacks (SQL injection, NoSQL injection, SSRF, SSTI, XXE), client-side attacks (XSS, CSRF), business logic flaws, cryptography, and security misconfigurations. The course spans eight lessons delivered live via Zoom, with approximately three hours per lesson and one lesson per week. All sessions are recorded and shared privately on YouTube for review. Students receive practical assignments to complete in interactive online labs throughout the course, with support from trainers available through a private Discord channel. Upon completion, students can attempt a final examination consisting of a real-world web application pentest with documentation and reporting requirements. All students receive a Certificate of Completion, while those who successfully pass the exam receive a Certificate of Achievement and BWAPT certified status. The program requires approximately 8 hours per week for lessons and homework.