Application Security and Monitoring (Coursera)

You will gain extensive knowledge on various practices, concepts, and processes for maintaining a secure environment, including DevSecOps practices that automate security integration across the software development lifecycle (SDLC), Static Application Security Testing (SAST) for identifying security flaws, Dynamic Analysis, and Dynamic Testing. You’ll also learn about creating a Secure Development Environment, both on-premise and in the cloud. You’ll explore the Open Web Application Security Project (OWASP) top application security risks, including broken access controls and SQL injections.

Additionally, you will learn how monitoring, observability, and evaluation ensure secure applications and systems. You’ll discover the essential components of a monitoring system and how application performance monitoring (APM) tools aid in measuring app performance and efficiency. You’ll analyze the Golden Signals of monitoring, explore visualization and logging tools, and learn about the different metrics and alerting systems that help you understand your applications and systems.

Through videos, hands-on labs, peer discussion, and the practice and graded assessments in this course, you will develop and demonstrate your skills and knowledge for creating and maintaining a secure development environment.

Course 12 of 13 in the IBM DevOps and Software Engineering Professional Certificate.

What You Will Learn

- Explain security by design, learn to develop applications using security by design principles; perform defensive coding following OWASP principles.

- Describe IBM cloud container vulnerability; perform vulnerability scanning and pen testing with Kali Linux.

- Describe what to look for in app performance; perform troubleshooting using logging, stack trace, and log analytics.

- Discuss concepts like Golden Signals; list tools for monitoring and troubleshooting; and test monitoring in action with Prometheus and Grafana.

Syllabus

WEEK 1

Introduction to Security for Application Development

Welcome to Introduction to Security for Application Development. This week you will identify how security fits into your workflow and gain a working knowledge of security concepts and terminology. Discover how to design for security in the Software Development Lifecycle (SDLC). Find out about a set of practices known as DevSecOps. Learn the strategies, best practices, and methodologies for getting security early into your code to protect applications against threats and vulnerabilities. Then find out how you can use tools like vulnerability scanners and threat models to mitigate security vulnerabilities. Add to your security vocabulary with an understanding of key terms like authentication, encryption, and integrity.

WEEK 2

Security Testing and Mitigation Strategies 

Welcome to Security Testing and Mitigation Strategies. This week you will explore ways to perform code review and ensure runtime protection for application development. Discover a range of security testing methods like static analysis, dynamic analysis, vulnerability analysis, software component analysis, and continuous security analysis. Learn the key mitigation strategies to secure your application throughout development and in production.

WEEK 3

OWASP Application Security Risks

This week, you will learn the Open Web Application Security Project (OWASP) and its Top 10 security concerns. You’ll learn about vulnerabilities in applications. about discover the top application vulnerabilities that concern security experts and professionals.

WEEK 4

Security Best Practices 

This week, you will learn how code practices can help mitigate vulnerabilities and make security an early part of the software development lifecycle. You will explore the risks and challenges, as well as the benefits, of using dependencies in your applications, and you’ll learn more about developing your applications in a secure environment. You’ll learn about what causes an insecure development environment and discover how to make your development environment secure and healthy.

WEEK 5

 Introduction to Monitoring for applications

This week, you will be introduced to application monitoring, common terms used in monitoring, and why monitoring matters to developers. You'll also learn about the types of monitoring that give you visibility into app performance and connected information technology (IT) systems. You'll become familiar with the four Golden Signals of Monitoring and learn to use the Golden Signals to improve your monitoring systems. Then, you will explore the differences between the Monitoring and Evaluation processes. You'll learn that monitoring is a routine, ongoing process, while evaluation is a long-term process. You'll learn more about the components of monitoring, including metrics, observability, and alerts. You'll also explore the importance of tracking host-based, application, network and connectivity, and server pool metrics. Finally, you'll learn about the need for application monitoring and its importance.

WEEK 6

Monitoring Systems and Techniques

This week, you will learn about how application monitoring allows developers to observe applications and how monitoring can provide valuable insights into application performance. You’ll learn about Prometheus and the benefits of using an analytics tool. You’ll also learn about Grafana, which is typically used with Prometheus. You’ll explore how a visualization tool, like Grafana, can organize all of your monitoring data. Additionally, you’ll discover how the right visualization tool can help your organization and that visualization includes many options, like charts, graphs, and timelines. Finally, you’ll learn about alerting, the responsive part of a monitoring system, and you’ll learn about the metric, log, activity log, and smart detection alerts.

WEEK 7

Logging and Final Assessment

This week, you will learn why application logs play an important role in your monitoring strategy. You will also learn about the factors that help you determine what information and data you should consider logging. Finally, you will learn about the messages and warnings typically included in logging.