Graduating from Cyber Sentinel Secure - A 6-Month Journey in Web Application Penetration Testing
Introduction
I’m incredibly grateful to share that I’ve successfully graduated from Cyber Sentinel Secure’s Web Application Penetration Testing Bootcamp on September 17, 2025. This intensive 6-month program, completely free and faith-based, has equipped me with professional-grade penetration testing skills following industry-leading standards from WSTG (Web Security Testing Guide) and Offensive Security.
About Cyber Sentinel Secure
Cyber Sentinel Secure is a unique initiative that provides free cybersecurity education for all ethnicities, religions, races, and groups. Founded with a Christian mission of service, the program operates under the motto “Soli Deo Gloria” (Glory to God Alone), making professional security training accessible to everyone regardless of background.
The Mission
“Free cyber security education for all ethnicities, all religions, all races and all groups. This service is only addressed to God so that God alone is glorified.”
This inclusive approach creates a diverse learning community where students from all walks of life come together to learn ethical hacking and web security.
Program Overview
Batch #2 Statistics
The program’s selectivity speaks to its quality and commitment to student success:
- 850+ students accepted from thousands of applicants
- 188 students graduated after completing all examinations
- 6 months of intensive training (March 28 - September 17, 2025)
- 22% graduation rate - demonstrating rigorous standards
Being among the 188 graduates out of 850+ students is a testament to the program’s challenging nature and the dedication required to complete it.
Training Structure
1
2
3
4
5
Duration: 6 months (March 28 - September 17, 2025)
Format: Online live training
Examinations: 4 major exams throughout training
Cost: 100% Free
Certificate ID: 10001/108/CSS/IX/2025
Curriculum: Industry-Standard Training
The curriculum is based on two pillars of modern penetration testing:
1. WSTG (Web Security Testing Guide)
The OWASP Web Security Testing Guide provides the framework for systematic security testing:
- Information Gathering & Reconnaissance
- Configuration and Deployment Management Testing
- Identity Management Testing
- Authentication & Session Management Testing
- Authorization Testing
- Business Logic Testing
- Data Validation Testing
- Error Handling & Logging
- Cryptography Testing
- Client-Side Testing
2. Offensive Security Methodology
Following OffSec’s practical, hands-on approach:
- “Try Harder” mentality and problem-solving
- Real-world exploitation techniques
- Professional reporting standards
- Ethical hacking principles
- Responsible disclosure practices
World-Class Instructors
Lead Instructor: Yohanes Nugroho
Credentials:
- S.T, M.T from Institut Teknologi Bandung (ITB)
- MSc Cyber Security - University of London
- OSCP - Offensive Security Certified Professional
- OSWE - Offensive Security Web Expert
- OSEP - Offensive Security Experienced Penetration Tester
- OSED - Offensive Security Exploit Developer
- OSCE3 - Offensive Security Certified Expert Level 3
His achievement of OSCE3 (holding OSEP, OSWE, and OSED) places him among the elite in the offensive security community globally.
Examiner: Kurniawan, S.Kom, M.Cs
Credentials:
- Master of Computer Science from Gadjah Mada University (UGM)
- Founder of Cyber Sentinel Secure
- Professional penetration tester and security consultant
Learning from instructors with real-world OffSec certifications provided invaluable insights into professional penetration testing that goes beyond theoretical knowledge.
Training Experience
The Challenge of 4 Major Exams
Throughout the 6 months, we faced 4 comprehensive examinations that tested:
- Theoretical Knowledge: Understanding security concepts and methodologies
- Technical Skills: Hands-on exploitation and vulnerability assessment
- Reporting Abilities: Professional documentation of findings
- Problem-Solving: Real-world scenario-based challenges
Each exam was designed to ensure students could apply knowledge practically, not just memorize concepts.
Live Training Sessions
The mandatory live sessions ensured:
- Real-time interaction with instructors
- Collaborative learning with peers
- Immediate clarification of complex topics
- Accountability and consistent progress
Attendance requirements kept everyone engaged and prevented the common pitfall of online courses: procrastination.
Practical Lab Environment
Students received access to:
- Free VPS Ubuntu Server for practice
- Custom subdomain with HTTPS
- Full root SSH access
- Realistic vulnerable applications
- Professional penetration testing tools
This infrastructure, provided by X-code (PT. Teknologi Server Indonesia), enabled hands-on practice in a safe, legal environment.
Key Skills Acquired
Through this intensive training, I developed competencies in:
Web Application Security Testing
1
2
3
4
5
6
7
8
9
10
11
# Core Skills Developed:
- OWASP Top 10 vulnerability assessment
- SQL Injection (manual & automated)
- Cross-Site Scripting (XSS) - Reflected, Stored, DOM-based
- Cross-Site Request Forgery (CSRF)
- Authentication & Session Management attacks
- Business Logic flaws identification
- API security testing
- Server-Side Request Forgery (SSRF)
- XML External Entity (XXE) attacks
- Insecure Deserialization exploitation
Reconnaissance & Information Gathering
- Passive reconnaissance techniques
- Active enumeration methodologies
- OSINT (Open Source Intelligence)
- Subdomain discovery
- Technology fingerprinting
- Vulnerability scanning and analysis
Exploitation & Post-Exploitation
- Web shell deployment
- Privilege escalation techniques
- Lateral movement strategies
- Maintaining persistence
- Data exfiltration methods
- Covering tracks and cleanup
Professional Reporting
- Executive summary writing
- Technical finding documentation
- Risk assessment and CVSS scoring
- Remediation recommendations
- Professional pentest report structure
The “Try Harder” Mentality
One of the most valuable lessons from this OffSec-aligned training is the “Try Harder” philosophy:
- Persistent problem-solving when facing obstacles
- Creative thinking when conventional methods fail
- Thorough enumeration before giving up
- Research skills and documentation reading
- Community collaboration while maintaining ethical standards
This mindset extends beyond penetration testing and applies to any technical challenge in cybersecurity.
Industry Support & Recognition
The program is backed by X-code (PT. Teknologi Server Indonesia), a leading cybersecurity and cloud services company that provides:
- Infrastructure for training labs
- Industry insights and real-world scenarios
- Potential job opportunities for graduates
- Professional mentorship
Leadership Team:
- Maria Cynthia Purnamasari - CEO of X-code
- Helena Tuwuh - Human Resources
- Kurniawan - Founder & Lead Examiner
Faith-Based Mission
What makes Cyber Sentinel Secure unique is its foundation in Christian service:
- Free education as an act of faith and service
- Inclusive of all backgrounds and beliefs
- Dedicated to God’s glory - Soli Deo Gloria
- Biblical values of generosity and knowledge sharing
This approach creates a supportive, values-driven learning environment where technical excellence meets ethical responsibility.
What’s Next: Batch #3
Cyber Sentinel Secure continues its mission with Batch #3:
- Selection Exam: March 6, 2026
- Training Start: April 6, 2026
- Duration: 6 months
- Cost: Free
- Open to: All ethnicities, religions, races, and groups
For aspiring penetration testers, this is an exceptional opportunity to receive world-class training at zero cost.
Personal Reflection
Completing this bootcamp alongside my other cybersecurity training creates a comprehensive skill set:
| Training | Focus | Achievement |
|---|---|---|
| SMTP 2025 | General Cybersecurity | High Distinction |
| Cyber Sentinel | Web Pentesting | Graduate (188/850+) |
| Jarvis Academy | System Administration | Grade A (All Levels) |
| Red Hat RH134 | Enterprise Linux | 40 Credit Hours |
| BlankOn | Infrastructure | Core Contributor |
Each program complements the others:
- SMTP 2025 provided broad security fundamentals
- Cyber Sentinel delivered deep penetration testing expertise
- Jarvis & RH134 established strong system administration foundation
- BlankOn offers real-world infrastructure experience
The Journey from 850+ to 188
The 22% graduation rate reflects the program’s rigor. Success required:
- Consistent Attendance: Missing live sessions meant falling behind
- Daily Practice: Lab time beyond scheduled training
- Persistent Study: Understanding concepts deeply, not superficially
- Exam Preparation: Rigorous testing validated actual skills
- Community Support: Helping and learning from peers
- Try Harder Mentality: Never giving up when stuck
The high attrition rate isn’t about difficulty alone—it’s about commitment. Those who treated it like a professional job graduated. Those who expected easy, passive learning didn’t make it.
Resources & Support
Free Services Provided:
- Pentester Training: 6-month comprehensive program
- VPS Ubuntu Server: Practice environment with HTTPS & SSH
- Bible Services: For those seeking spiritual guidance
- Community: Forum, Telegram, and WhatsApp groups
Contact Information:
- Location: Yogyakarta, Indonesia
- Email: admin@xcodetraining.com
- WhatsApp: +62 858 0394 6032
- Website: cybersentinelsecure.asia
Advice for Future Students
If you’re considering applying to Cyber Sentinel Secure:
Do Apply If:
- ✅ You’re serious about becoming a professional pentester
- ✅ You can commit 3-4 hours daily for 6 months
- ✅ You embrace the “Try Harder” mentality
- ✅ You want industry-standard training (WSTG + OffSec)
- ✅ You value ethical hacking and responsible disclosure
Be Prepared For:
- ⚠️ Rigorous examinations (4 major tests)
- ⚠️ Mandatory live session attendance
- ⚠️ High difficulty level (22% graduation rate)
- ⚠️ Self-directed lab practice requirements
- ⚠️ Professional-level expectations
You’ll Gain:
- 🎯 Professional penetration testing skills
- 🎯 WSTG & OffSec methodology expertise
- 🎯 Real-world exploitation experience
- 🎯 Industry-recognized training from OSCE3 instructor
- 🎯 Potential career opportunities
Gratitude
I’m deeply grateful to:
- Kurniawan, S.Kom, M.Cs - For founding this program and rigorous examination standards
- Yohanes Nugroho - For world-class instruction and sharing OSCE3-level expertise
- X-code Team - For providing infrastructure and industry support
- Fellow Students - For collaboration, support, and shared learning
- God - For the opportunity, strength, and guidance throughout this journey
Conclusion
Graduating from Cyber Sentinel Secure as one of 188 students out of 850+ is an achievement I’m incredibly proud of. This free, faith-based program provided training equivalent to expensive commercial bootcamps, guided by instructors with some of the highest OffSec certifications available.
The journey taught me not just technical skills, but also:
- Persistence in the face of difficulty
- Ethical responsibility in cybersecurity
- The value of rigorous, practical education
- The importance of giving back to the community
As I continue building my career in cybersecurity and system administration, the skills from Cyber Sentinel Secure form a crucial foundation for penetration testing and security assessment work.
Soli Deo Gloria: To God alone be the glory. This achievement is only possible through dedication, support from instructors and peers, and faith.
Certificate Verification
Certificate Details:
- Certificate ID: 10001/108/CSS/IX/2025
- Graduate Name: Firmansyah Dzakwan Arifien
- Issue Date: September 17, 2025
- Issued by: Kurniawan, Founder Cyber Sentinel Secure
- Location: Yogyakarta, Indonesia
- Verification: cybersentinelsecure.asia
Tags: #Cybersecurity #PenetrationTesting #WebSecurity #OffensiveSecurity #WSTG #OffSec #EthicalHacking #Pentesting #OSCP #FreeEducation #CyberSentinelSecure #SoliDeoGloria