Training Courses
One of ogSec’s primary goals is to develop comprehensive, high-quality cybersecurity training materials that go beyond merely listing vulnerabilities or misconfigurations to check for. Our mission is to equip you with the practical experience and insights we’ve gained over more than a decade of real-world consulting. We aim to help you elevate your consultancy and testing skills by teaching you how to approach complex, real-world assessments with confidence.
Rather than focusing solely on technical issues, we emphasise the importance of understanding the broader context—why things are the way they are and what the findings mean for your clients. We want you to feel empowered not only in identifying risks but also in communicating those risks clearly and effectively to your clients. Our training will leave you well-prepared to explain the results of your assessments with confidence and precision.
Code Review & Architecture Fundamentals
This course series is designed for those with a keen interest in application security who are looking to enhance their testing capabilities and tackle more complex assessments.
This course series provides you with all the essential tools needed for successful assessments, including comprehensive scoping and preparation techniques, pre-assessment threat modelling to prioritise critical areas, and the knowledge to thoroughly review a web application’s architecture (coming soon) and code implementation (coming soon). By completing these courses, you will be equipped with the skills necessary to conduct in-depth assessments that add real value to your clients and your security practice.
Follow the "More Info" links below to get more information about the courses, a breakdown of the syllabus and any prerequisite requirements. Please also see our refund policy here.
Common Technologies
This short course is designed to equip you with essential knowledge of the common technologies encountered in code and architecture reviews for web applications. Having a foundational understanding of these technologies and their purposes will help contextualise code and architecture, enabling you to grasp how data flows, is processed, and stored within these systems. With this insight, applying security principles to these technologies allows you to identify potential attack paths, misconfigurations, and vulnerabilities.
More Info Buy Now
Assessment Prep
When performing a code or architecture review assessment, many people are eager to dive straight into the implementation to uncover impressive findings. While this approach can certainly yield strong results, proper preparation enhances clarity and focus, ensuring all areas of the solution are thoroughly covered. Investing time before or at the very start of the assessment to establish a solid baseline of knowledge will significantly improve the quality and effectiveness of your assessments.”
Base Price: £75 — Total: £90 (inc. VAT)
Note: Tax is calculated according to your country of residence. Click ‘Buy Now’ to view the final price, including applicable taxes.
More Info Buy Now
Threat Modelling
Threat modelling can be a valuable part of the development process, helping to anticipate potential vulnerabilities and misconfigurations before they arise. However, it also becomes a powerful tool for prioritising targets during an assessment. Building on insights gathered in the assessment preparation, this course demonstrates how to apply your knowledge to identify and assess threats impacting the solution you are reviewing.
While the course provides instruction on threat modelling, its true goal is to encourage a shift in perspective—thinking about threats differently and adopting a fresh mindset toward testing. Instead of focusing solely on vulnerabilities to test, you’ll learn to consider avenues of attack that target a solution’s most critical assets.
Base Price: £75 — Total: £90 (inc. VAT)
More Info Buy Now
COMING SOON - Architecture Security
This course builds on the knowledge gained during assessment preparations (and potentially through threat modelling) to analyse key aspects of architecture security for web applications. This technical course explores various architectural concerns, with lab environments provided to demonstrate vulnerabilities and misconfigurations in action. We’ll also examine architectural issues that can arise within code, as well as in deployment and configuration practices.
COMING SOON - Implementation Security
This course offers an in-depth guide to conducting code review assessments for modern web applications. Rather than simply listing vulnerability types, it focuses on various approaches and concepts that will enhance your code review skills. You’ll learn methods that go beyond static analysis or superficial code inspection, equipping you with a structured, thoughtful approach to identifying and assessing security risks.
The Art of Report Writing
Our report writing course is a comprehensive training course developed in partnership with Zero-Point Security, aimed at sharpening the essential skills needed for creating professional, impactful reports. Drawing from over a decade of experience in high-profile security assessments, this course focuses on improving your ability to craft detailed and effective pentest reports while honing client communication skills—both of which are crucial for career advancement in cybersecurity.
Whether you're a newcomer or an experienced professional, this course will guide you through the entire assessment process, from scoping engagements to delivering reports that clearly present risks and actionable remediation steps.
Course Support
If you need assistance with any of our courses, including troubleshooting, technical issues, or general questions, please visit our dedicated support page. We aim to provide helpful resources and guidance to ensure your learning experience is as smooth as possible. You can check out our support page here.