I think we have couple of experts here @nigamelastic @hungoboss 

Any tips on the courses?

I believe that the ISTQB Organization provides pretty good courses which can lead to the eventual certification as an ISTQB certified tester. Feel free to check out their website.

For the web security I believe that PortSwigger Academy is one of the best out there. It has bunch of free labs and if you are up for it, you can even take on their certification exam. :)

Hey there! @IOan  @Daria @hungoboss @Mustafa 

For web security testing, you’ve got some great options to get started. Here are a few my recommendations:

1. OWASP (Open Web Application Security Project) – They offer a free guide called the OWASP Testing Guide. It’s a goldmine for understanding web vulnerabilities and how to test them.

2. PortSwigger Academy – A free resource with hands-on labs and tutorials on web security, including testing techniques like SQL injection, XSS, and more. Super interactive and practical!

3. Udemy - Web Security Testing for Beginners – If you're looking for a structured, paid course, Udemy has several highly-rated courses like “Web Security Testing for Beginners”. They often go on sale, so you can grab them at a discount.

4. Pluralsight – They offer more in-depth courses on web app security, which are subscription-based but worth the investment if you're looking for a comprehensive learning path.

I hope these help! Which one are you thinking of trying first?

Hey @IOan ,

Security Testing is a really broad scope and contains really a lot of sub genres that varies from Active Directory Red teaming to binary reverse engineering.
I would suggest before u go into specifics it would be a good idea to identify which course/certification would be correct for you.
If you want to know about Web Application Security Testing, then as @hungoboss mentioned burpsuite Web Security Academy: Free Online Training from PortSwigger is an excellent resource, they teach u how to use a MITM proxy like burpsuite to perform different web security testing assesments, its free and available to everyone.

if you want to check out different types of security testing, I  personally prefer Hack The Box and TryHackMe | Cyber Security Training , they have a freemium model and the training is gamified. you can solve machines to go to different levels.