Application Security for Developers (edX)

Vulnerabilities can occur at any stage of software development, making it critical for developers to write secure code and maintain a secured development environment and the platform it runs on. In this course, you will learn to identify security vulnerabilities in applications and implement secure code practices to prevent events like data breaches and leaks which can significantly impact an organization’s reputation and financial condition. This course provides a comprehensive overview of security best practices that developers should follow when developing applications. You’ll gain extensive knowledge on various practices, concepts, and processes for maintaining a secure environment, including DevSecOps practices that automate security integration across the software development lifecycle (SDLC), Static Application Security Testing (SAST) for identifying security flaws, Dynamic Analysis, and Dynamic Testing, and creating a Secure Development Environment, an ongoing process for securing a network, computing resources, and storage devices both on-premise and in the cloud. This course familiarizes you with the top Open Web Application Security Project (OWASP) application security risks such as broken access controls and SQL injections and teaches you how to prevent and mitigate these threats. This course includes multiple hands-on labs to develop and demonstrate your skills and knowledge for maintaining a secure development environment.

This course is part of the DevOps and Software Engineering Professional Certificate Professional Certificate.

What you'll learn

- Demonstrate your knowledge of security testing procedures and describe how coding practices and other mitigation strategies help reduce risk.

- Apply security concepts to various stages of the Software Development Lifecycle (SDLC).

- Explain security by design, and develop applications using security by design principles.

- Perform defensive coding that follow Open Web Application Security Project (OWASP) principles.

Syllabus

Module 1: Introduction to Security for Application Development

Security By Design

What is DevSecOps

Vulnerability Scanning and Threat Modeling

Threat Monitoring

Activity: Security Concepts and Terminology

Module 2: Security Testing and Mitigation Strategies

Intro to Security Testing and Mitigation Strategies

Static Analysis

Dynamic Analysis

Hands-on Lab: Using Static and Dynamic Analysis

Code Review

Vulnerability Analysis

Evaluating Vulnerability Analysis

Runtime Protection

Software Component Analysis

Hands-on Lab: Evaluate Software Component Analysis

Continuous Security Analysis

Module 3: OWASP

Intro to OWASP

OWASP Top 1-3

OWASP Top 4-6

OWASP Top 7-10

SQL Injections

Hands-on Lab: Understanding SQL Injections

Software and Data Integrity Failures: Cross Site Scripting

Hands-on Lab: Software and Data Integrity Failures: Cross Site Scripting

Storing Secrets Securely

Lab: Storing Secrets Securely

App ID

Module 4: Security Best Practices

Code Practices

Hands-on Lab: Code Practices

Dependencies

Hands-on Lab: Dependencies

Secure Development Environment

Hands-on Lab: Secure Development Environment

Module 5: Final Exam