Overview What You Will Learn Curriculum Instructor

Course Overview

In today’s rapidly evolving digital landscape, application security has become a crucial aspect of software development. With cyber threats growing more sophisticated, understanding how to build secure applications is essential for developers, testers, and security professionals alike. This course provides a comprehensive foundation in application security, emphasizing why secure coding practices, threat awareness, and the ability to identify and mitigate vulnerabilities are vital to protecting sensitive user data and maintaining system integrity.

This course begins with foundational concepts and terminology in application security, followed by a deep dive into the OWASP Top 10 and SANS Top 25 vulnerabilities. It explores key topics such as threat actors, defense mechanisms, and proxy tools like Fiddler. Students will gain hands-on experience through demonstrations using WebGoat, JuiceShop, and ZAP. Advanced topics include session management, encryption and hashing, risk rating, threat modeling with tools like Microsoft Threat Modeling Tool, and frameworks like HIPAA, PCI DSS, and DevSecOps. Learners will also explore various security testing methods—SAST, DAST, IAST, RASP, and WAF—along with penetration testing.

By the end, learners will be equipped to identify, analyze, and defend against application vulnerabilities with practical tools and tested frameworks.

What You Will Learn

  • Learn how to become an application security champion.
  • What is the OWASP Top 10 and how to defend against those vulnerabilities.
  • Use of threat modelling to identify threats and mitigation in development features.
  • How to perform a threat model on an application.
  • How to perform a vulnerability scan of an application.
  • Rating security vulnerabilities using standard and open processes.
  • How to correct common security vulnerabilities in code.
  • How application security fits in an overall cyber security program
  • Building security into the software development life cycle.

Program Curriculum

  • Application Security Terms and Definitions
  • Application Security Goals
  • OWASP WebGoat Demo
  • $7 Million Cybersecurity Scholarship by EC-Council
  • Chapter 1 Quiz

  • Introduction to OWASP Top 10
  • SANS Top 25
  • Threat Actors and More Definitions
  • Defense in Depth
  • Proxy Tools
  • Demo of Fiddler with JuiceShop
  • Chapter 2 Quiz

  • Insecure Deserialization
  • Insecure Logging
  • Security Misconfiguration
  • Sensitive Data Exposure
  • XML External Entities
  • Broken Access Control
  • Broken Authentication
  • Injection
  • Cross Site Scripting
  • Using Components with Known Vulnerabilities
  • Chapter 3 Quiz

  • OWASP ZAP (Zed Attack Proxy)
  • Running a ZAP Scan
  • CSP (Content Security Policy)
  • CSP Demo
  • Security Models
  • Scanning for OSS Vulnerabilities with GitHub and OWASP Dependency Check
  • ASVS (Application Security Verification Standard)
  • SKF (Security Knowledge Framework)
  • SKF Demo
  • SKF Labs Demo
  • Source Code Review
  • Chapter 4 Quiz

  • Introduction to Session Management
  • Web Sessions
  • Sessions and Federation
  • JWT (JSON Web Token)
  • JWT Example
  • OAuth
  • OpenID & OpenID Connect
  • Chapter 5 Quiz

  • Risk Rating Introduction
  • Risk Rating Demo
  • Introduction to Threat Modeling
  • Type of Threat Modeling
  • Introduction to Manual Threat Modeling
  • Manual Threat Model Demo
  • Prepping for Microsoft Threat Model Tool
  • Microsoft Threat Model Tool Demo
  • Chapter 6 Quiz

  • Encryption Overview
  • Encryption Use Cases
  • Hashing Overview
  • Hashing Demo
  • PKI (Public Key Infrastructure)
  • Password Management
  • Password Demo
  • Chapter 7 Quiz

  • HIPAA (Health Insurance Portability and Accountability Act)
  • PCI DSS (Payment Card Industry Data Security Standard)
  • DevOps
  • DevSecOps
  • Use, Abuse, and Misuse Cases
  • Chapter 8 Quiz

  • SAST (Static Application Security Testing)
  • Spot Bugs Demo
  • DAST (Dynamic Application Security Testing)
  • IAST (Interactive Application Security Testing)
  • RASP (Runtime Application Self-Protection)
  • WAF (Web Application Firewall)
  • Penetration Testing
  • Chapter 9 Quiz

  • Conclusion
Load more modules

Instructor

Derek Fisher

As a security leader he has worn many hats. Some days he is mentoring junior security people, other days he is diving into architecture to find common ground that provides the engineering team the solution they are striving for while ensuring the organization is secure. In between these interactions he delivers security talks, teach security at the university level, lead an international team, and spend time writing on the topic of security. Over the years he has had the pleasure of working in multiple organizations from several different industries. He has had experience in hardware and software engineering prior to starting this journey in security. This broad background is used to support organizational goals while doing so in a way that reduces risk.

Join over 1 Million professionals from the most renowned Companies in the world!

certificate

Empower Your Learning with Our Flexible Plans

Invest in your future with our flexible subscription plans. Whether you're just starting out or looking to enhance your expertise, there's a plan tailored to meet your needs. Gain access to in-demand skills and courses for your continuous learning needs.

Monthly Plans
Annual Plans
Save 20% with our annual plans!

Pro

Ideal for continuous learning, offering extensive resources with 900+ courses and diverse Learning Paths to enhance your skills.

$ 69.00
Billed monthly or $599.00 billed annually
Get Started Now
Start your 7-day trial for $1

What is included

  • 880+ Premium Short Courses
  • 70+ Structured Learning Paths
  • Validation of Completion with all courses and learning paths
  • New Courses added every month
Early Access Offer

Pro +

Experience immersive learning with Practice Labs and CTF Challenges for comprehensive skill-building.

$ 79.00
Billed monthly or $699.00 billed annually
Get Started Now
Start your 7-day trial for $1

Everything in Pro and

  • 1600+ Practice Lab exercises with guided instructions
  • 150+ CTF Challenges with detailed walkthroughs
  • New Practice Labs and Challenges added every month

Related Courses

  • Bootstrap 4 Quick Website Bootstrap Components Course

    Bootstrap 4 Quick Website Bootstrap Components Course

    Short Course

    Bootstrap 4 Quick Website Bootstrap Components Course

    Software Development

    Explore the basics of Bootstrap and learn to create a website...

    $49.99

    Beginner

    1 hr 30 m

  • CCNA - Understanding Routers and Switches

    CCNA - Understanding Routers and Switches

    Short Course

    CCNA - Understanding Routers and Switches

    Security Architecture and Operations

    A comprehensive guide to understanding the in-depth functioni...

    $49.99

    Intermediate

    2 hr 0 m

  • The Complete Full-Stack JavaScript Course

    The Complete Full-Stack JavaScript Course

    Short Course

    The Complete Full-Stack JavaScript Course

    Software Development

    Learn full-stack web development using JavaScript (ReactJS, N...

    $79.99

    Beginner

    24 hr 17 m

  • React.JS for Ecommerce: Building a Store with React.JS

    React.JS for Ecommerce: Building a Store with React.JS

    Short Course

    React.JS for Ecommerce: Building a Store with React.JS

    DevSecOps

    From React.js Fundamentals to Crafting an Online Storefront

    $49.99

    Advanced

    3 hr 30 m

  • CISSP Certification Domains 5, 6, 7, and 8 Video Training

    CISSP Certification Domains 5, 6, 7, and 8 Video Training

    Short Course

    CISSP Certification Domains 5, 6, 7, and 8 Video Training

    Cybersecurity

    This course is ideal for individuals who desire to pass the I...

    $69.99

    Intermediate

    6 hr 30 m

  • Helm 3 - Package Manager for Kubernetes

    Helm 3 - Package Manager for Kubernetes

    Short Course

    Helm 3 - Package Manager for Kubernetes

    Software Development

    A must tool for every DevOps engineer

    $49.99

    Intermediate

    1 hr 27 m

  • Learn Ethical Hacking by Hacking Real Websites Legally

    Learn Ethical Hacking by Hacking Real Websites Legally

    Short Course

    Learn Ethical Hacking by Hacking Real Websites Legally

    Vulnerability Assessment and Pentesting

    Fun way to learn ethical hacking by playing online hacking ga...

    $69.99

    Beginner

    4 hr 18 m

  • Mastering Ansible Playbooks: Debugging and Security

    Mastering Ansible Playbooks: Debugging and Security

    Short Course

    Mastering Ansible Playbooks: Debugging and Security

    Software Development

    Securing and Automating Linux and Windows Systems with Advanc...

    $99.99

    Advanced

    5 hr 34 m

1 50
View all