Overview What You Will Learn Curriculum Instructor

Course Overview

This course will familiarize you with the common vulnerabilities that plague developed code as outlined in publications like the OWASP Top 10 and SANS Top 25. You will understand what type of development behaviors lead to vulnerabilities and how to avoid those behaviors when creating secure code. You will learn how to perform a threat model on development features to understand what threats could impact your code, where they come from, and how to mitigate them. You will also review and operate analysis tools that are available to developers in order to analyze their code and discover vulnerabilities, allowing you to correct them early in the development life cycle. Finally, you will understand how application security fits in an overall cyber security program.

What You Will Learn

  • Learn how to become an application security champion.
  • What is the OWASP Top 10 and how to defend against those vulnerabilities.
  • Use of threat modelling to identify threats and mitigation in development features.
  • How to perform a threat model on an application.
  • How to perform a vulnerability scan of an application.
  • Rating security vulnerabilities using standard and open processes.
  • How to correct common security vulnerabilities in code.
  • How application security fits in an overall cyber security program
  • Building security into the software development life cycle.

Program Curriculum

  • Application Security Terms and Definitions
  • Application Security Goals
  • OWASP WebGoat Demo
  • $7 Million Cybersecurity Scholarship by EC-Council
  • Chapter 1 Quiz

  • Introduction to OWASP Top 10
  • SANS Top 25
  • Threat Actors and More Definitions
  • Defense in Depth
  • Proxy Tools
  • Demo of Fiddler with JuiceShop
  • Chapter 2 Quiz

  • Insecure Deserialization
  • Insecure Logging
  • Security Misconfiguration
  • Sensitive Data Exposure
  • XML External Entities
  • Broken Access Control
  • Broken Authentication
  • Injection
  • Cross Site Scripting
  • Using Components with Known Vulnerabilities
  • Chapter 3 Quiz

  • OWASP ZAP (Zed Attack Proxy)
  • Running a ZAP Scan
  • CSP (Content Security Policy)
  • CSP Demo
  • Security Models
  • Scanning for OSS Vulnerabilities with GitHub and OWASP Dependency Check
  • ASVS (Application Security Verification Standard)
  • SKF (Security Knowledge Framework)
  • SKF Demo
  • SKF Labs Demo
  • Source Code Review
  • Chapter 4 Quiz

  • Introduction to Session Management
  • Web Sessions
  • Sessions and Federation
  • JWT (JSON Web Token)
  • JWT Example
  • OAuth
  • OpenID & OpenID Connect
  • Chapter 5 Quiz

  • Risk Rating Introduction
  • Risk Rating Demo
  • Introduction to Threat Modeling
  • Type of Threat Modeling
  • Introduction to Manual Threat Modeling
  • Manual Threat Model Demo
  • Prepping for Microsoft Threat Model Tool
  • Microsoft Threat Model Tool Demo
  • Chapter 6 Quiz

  • Encryption Overview
  • Encryption Use Cases
  • Hashing Overview
  • Hashing Demo
  • PKI (Public Key Infrastructure)
  • Password Management
  • Password Demo
  • Chapter 7 Quiz

  • HIPAA (Health Insurance Portability and Accountability Act)
  • PCI DSS (Payment Card Industry Data Security Standard)
  • DevOps
  • DevSecOps
  • Use, Abuse, and Misuse Cases
  • Chapter 8 Quiz

  • SAST (Static Application Security Testing)
  • Spot Bugs Demo
  • DAST (Dynamic Application Security Testing)
  • IAST (Interactive Application Security Testing)
  • RASP (Runtime Application Self-Protection)
  • WAF (Web Application Firewall)
  • Penetration Testing
  • Chapter 9 Quiz

Conclusion

Load more modules

Instructor

Derek Fisher

As a security leader he has worn many hats. Some days he is mentoring junior security people, other days he is diving into architecture to find common ground that provides the engineering team the solution they are striving for while ensuring the organization is secure. In between these interactions he delivers security talks, teach security at the university level, lead an international team, and spend time writing on the topic of security. Over the years he has had the pleasure of working in multiple organizations from several different industries. He has had experience in hardware and software engineering prior to starting this journey in security. This broad background is used to support organizational goals while doing so in a way that reduces risk.

Join over 1 Million professionals from the most renowned Companies in the world!

certificate

Empower Your Learning with Our Flexible Plans

Invest in your future with our flexible subscription plans. Whether you're just starting out or looking to enhance your expertise, there's a plan tailored to meet your needs. Gain access to in-demand skills and courses for your continuous learning needs.

Monthly Plans
Annual Plans
Save 20% with our annual plans!

Pro

Ideal for continuous learning, offering extensive resources with 600+ courses and diverse Learning Paths to enhance your skills.

$ 499.00
Billed annually or $59.00 billed monthly
Get Started Now
Start your 7-day trial for $1

What is included

  • 700+ Premium Short Courses
  • 50+ Structured Learning Paths
  • Validation of Completion with all courses and learning paths
  • New Courses added every month
Early Access Offer

Pro +

Experience immersive learning with Practice Labs, CTF Challenges, and exclusive EC-Council certifications for comprehensive skill-building.

$ 599.00
Billed annually or $69.00 billed monthly
Get Started Now
Start your 7-day trial for $1

Everything in Pro and

  • 800+ Practice Lab exercises with guided instructions
  • 150+ CTF Challenges with detailed walkthroughs
  • New Practice Labs and Challenges added every month
  • 3 Official EC-Council Essentials Certifications¹ (retails at $897!)
    Exclusive Bonus with Annual Plans

¹This plan includes Digital Forensics Essentials (DFE), Ethical Hacking Essentials (EHE), and Network Defense Essentials (NDE) certifications. No other EC-Council certifications are included.

Related Courses

  • OSINT: Unmasking Online Scams and Fraud

    OSINT: Unmasking Online Scams and Fraud

    Short Course

    OSINT: Unmasking Online Scams and Fraud

    Cybersecurity

    Master OSINT Techniques to Detect Online Scams, Phishing, Fak...

    $0.00

    Beginner

  • Implementing and Administering Cisco Solutions: CCNA 200-301

    Implementing and Administering Cisco Solutions: CCNA 200-301

    Short Course

    Implementing and Administering Cisco Solutions: CCNA 200-301

    Cybersecurity

    Gain the core skills within the field of Network Engineering ...

    $69.99

    Beginner

    10 hr 30 m

  • WordPress Security - Secure Your Site Against Hackers

    WordPress Security - Secure Your Site Against Hackers

    Short Course

    WordPress Security - Secure Your Site Against Hackers

    Cybersecurity

    Learn how to protect and secure you Wordpress Website

    $59.99

    Beginner

    2 hr 30 m

  • OSINT - Open-source Intelligence

    OSINT - Open-source Intelligence

    Short Course

    OSINT - Open-source Intelligence

    Cybersecurity

    Learn about OSINT (Open-source intelligence) from a hacker's ...

    $69.99

    Beginner

    5 hr 59 m

  • Ultimate Privacy by Design Master Course (GDPR, CCPA, Etc.)

    Ultimate Privacy by Design Master Course (GDPR, CCPA, Etc.)

    Short Course

    Ultimate Privacy by Design Master Course (GDPR, CCPA, Etc.)

    Cybersecurity

    Learn the Privacy by Design process to increase the Privacy p...

    $69.99

    Beginner

    5 hr 30 m

  • Malware Analysis Fundamentals

    Malware Analysis Fundamentals

    Short Course

    Malware Analysis Fundamentals

    Cybersecurity

    Explore how to find, analyze, and reverse engineer malware.

    $59.99

    Beginner

    4 hr 22 m

  • Digital Footprinting

    Digital Footprinting

    Short Course

    Digital Footprinting

    Cybersecurity

    A Practical Introduction to Digital Footprint Analysis

    $69.99

    Beginner

    4 hr 0 m

  • CVE's for Ethical Hacking Bug Bounties & Penetration Testing

    CVE's for Ethical Hacking Bug Bounties & Penetration Testing

    Short Course

    CVE's for Ethical Hacking Bug Bounties & Penetration T...

    Cybersecurity

    Complete Practical Course on CVEs for Ethical Hacking Penetra...

    $69.99

    Beginner

    7 hr 20 m

1 8