Overview
How vulnerable are your applications to security risks and threats? This course will help you identify vulnerabilities and monitor the health of your applications and systems. You’ll examine and implement secure code practices to prevent events like data breaches and leaks, and discover how practices like monitoring and observability can keep systems safe and secure.
You will gain extensive knowledge on various practices, concepts, and processes for maintaining a secure environment, including DevSecOps practices that automate security integration across the software development lifecycle (SDLC), Static Application Security Testing (SAST) for identifying security flaws, Dynamic Analysis, and Dynamic Testing. You’ll also learn about creating a Secure Development Environment, both on-premise and in the cloud. You’ll explore the Open Web Application Security Project (OWASP) top application security risks, including broken access controls and SQL injections.
Additionally, you will learn how monitoring, observability, and evaluation ensure secure applications and systems. You’ll discover the essential components of a monitoring system and how application performance monitoring (APM) tools aid in measuring app performance and efficiency. You’ll analyze the Golden Signals of monitoring, explore visualization and logging tools, and learn about the different metrics and alerting systems that help you understand your applications and systems.
Through videos, hands-on labs, peer discussion, and the practice and graded assessments in this course, you will develop and demonstrate your skills and knowledge for creating and maintaining a secure development environment.
Syllabus
- Introduction to Security for Application Development
- In this module, you will identify how security fits into your workflow and gain a working knowledge of security concepts and terminology. You’ll discover how to design for security in the Software Development Lifecycle (SDLC) and find out about a set of practices known as DevSecOps. You will also discover the OSI model, identify the necessary OSI layers for developers, and implement security measures on the four layers of application development. You will gain insights into security patterns and learn how to organize them. You will describe TLS (Transport Layer Security) and SSL (Secure Sockets Layer), identify how to keep TLS secure in the SDLC, and explore OpenSSL and its purpose. You will learn the strategies, best practices, and methodologies for getting security early into your code to protect applications against threats and vulnerabilities. Further, you’ll find out how you can use tools like vulnerability scanners and threat models to mitigate security vulnerabilities. You’ll also get the opportunity to add key terms like authentication, encryption, and integrity to your security vocabulary. Finally, you will also perform hands-on labs to encrypt and decrypt files using OpenSSL and scan a network environment with Nmap.
- Security Testing and Mitigation Strategies 
- In this module, you will learn the key mitigation strategies to secure your application throughout development and production. You will also discover a range of security testing methods like static analysis, dynamic analysis, vulnerability analysis, software component analysis, and continuous security analysis. You will explore ways to perform code review and ensure runtime protection for application development. You will also perform hands-on labs based on static analysis, dynamic analysis, vulnerability scanning, and vulnerability detection.
- OWASP Application Security Risks
- In this module, you will learn about the Open Web Application Security Project (OWASP) and its Top 10 security concerns. You’ll learn about application vulnerabilities and discover the top vulnerabilities concerning security experts and professionals. You will explore SQL injection, cross-site scripting, and storing secrets securely. You will also investigate software and data integrity failures, discover how to detect these types of vulnerabilities, and examine ways to mitigate their impact. You will also perform hands-on labs to analyze your code repository using Snyk and use the Vault Python API (hvac) to read, write, and delete key-value secrets in Vault.
- Security Best Practices , Final Project, and Assessment
- In this module, you will learn about coding best practices and software dependencies. You’ll also explore how to secure a development environment by deciding what to store in a centralized repository and what not to store in GitHub. You will also perform hands-on labs to create HTTP security headers using flask-talisman and safely store and retrieve secrets using the pass CLI (command-line-interface). As your final project, you will check your code on GitHub for vulnerabilities in order of severity and fix the vulnerabilities. You’ll apply the best practices for reducing the risk of vulnerability.
Taught by
John Rofrano and Corey Leong