Mastering Application Security: Yandex Online Masters Program Launches Specialization for Future AppSec Engineers

In September 2025, a master’s program in Cybersecurity, developed by experts from Yandex and the National Research Nuclear University MEPhI, will commence. The program spans two years, and upon graduation, students will receive two diplomas: a master’s degree from MEPhI and a certificate of professional retraining from Yandex.

To enroll in the program, applicants must hold a bachelor’s or specialist degree and pass entrance exams conducted online. While the program requires tuition fees, there is an option for an educational loan with government support. Students will enjoy benefits during their studies, including deferment from military service, student ID, and discounts.

The courses will be delivered online, requiring about 25 hours of commitment per week, allowing students to balance studies with work. Throughout the application process, advisors will assist you, and during your studies, reviewers and mentors will provide support.

**AppSec** (Application Security) refers to the practice of ensuring the security of applications. An Application Security Engineer focuses on safeguarding code and applications, identifying bugs, and preventing vulnerabilities.

The curriculum was shaped by a thorough market analysis and employer needs in the cybersecurity sector by experts from MEPhI and Yandex. In the first semester, students will learn foundational concepts, and in the second semester, they will have the option to specialize in tracks such as «AppSec Engineer,» «DevSecOps Engineer,» or «Network Security Engineer.»

Key skills developed in the program will include:

— Conducting penetration tests on applications (pentesting).
— Threat analysis and vulnerability management.
— Identifying threats and weaknesses in code.
— Understanding cryptography.
— Applying machine learning in information security.
— Ensuring safe operations within networks and operating systems.
— Programming in Python and Go.

**Information Security Specialist:** In this master’s program, students will acquire knowledge in development, legal aspects of information security, and more.

**Web Pentester:** This role involves testing the security of web applications and identifying vulnerabilities.

**Application Security Engineer** Responsibilities include:

— Static code analysis (SAST: Static Application Security Testing).
— Dynamic analysis (DAST: Dynamic Application Security Testing).
— Dependency auditing (SCA: Software Composition Analysis).
— Conducting pentests and code reviews.
— Automation and monitoring.
— Documentation and reporting (maintaining a knowledge base of vulnerabilities).

The application process takes place online, with a Yandex curator guiding you through each stage, which consists of five steps:

1. Submit an application for the program.
2. Wait for a call from your curator, who will provide instructions for the next steps.
3. Together with your curator, submit your documents through the applicant’s personal account.
4. Complete the entrance exams, utilizing the guide from Yandex for preparation.
5. Sign the contract and pay for your education.