Course Overview

Modern software development requires security to be integrated throughout the entire development lifecycle rather than being treated as a final checkpoint. As organizations increasingly adopt cloud-native architectures, open-source dependencies, and automated deployment pipelines, secure development practices have become essential for reducing vulnerabilities and managing risk. This course provides a comprehensive understanding of application security, threat modeling, supply chain protection, and cloud-native security practices that help organizations build resilient and secure software systems. 

This course begins with secure development and code security, covering Secure by Design principles, secure coding practices, secure configurations, OWASP Top 10 defenses, vulnerability testing, and runtime protection mechanisms. It then explores threat modeling methodologies, including STRIDE, attack trees, OWASP Threat Dragon, risk assessment techniques, and secure design transformation. The course continues with software supply chain security, focusing on SBOM creation, dependency management, open-source risk assessment, SLSA frameworks, artifact signing, vendor risk evaluation, compliance requirements, and incident response. Finally, learners examine cloud-native and container security concepts, including Kubernetes security, Infrastructure as Code security, runtime monitoring, network segmentation, secrets management, governance, compliance automation, and continuous security monitoring through practical hands-on exercises. 

By the end of this course, you will be able to design, develop, deploy, and maintain secure applications across modern software and cloud-native environments.

What You Will Learn

  • Apply secure coding practices and OWASP Top 10 prevention techniques to eliminate vulnerabilities during development phases.
  • Analyze application architectures to identify critical security threats and design comprehensive threat models for risk mitigation.
  • Evaluate software supply chains and implement security controls for open-source components, dependencies, and vendor relationships.
  • Design secure cloud-native and container architectures with automated monitoring and compliance validation capabilities.

Program Curriculum

  • Module Introduction
  • Secure by Design Principles
  • Secure Coding Practices
  • Secure Configuration and Defaults
  • Prevention of OWASP Top 10 – Part 1
  • Prevention of OWASP Top 10 – Part 2
  • Prevention of OWASP Top 10 – Part 3
  • Code Testing for Vulnerabilities
  • Testing an Application for Run-time Vulnerabilities
  • Run-time Protection
  • Chapter 1 Quiz

  • Module Introduction
  • Threats vs. Risks
  • Intro to Threat Modeling
  • Utilizing STRIDE for Threat Modeling
  • Threat Modeling with OWASP Threat Dragon
  • Using Attack Trees in Threat Modeling
  • Completing a Rapid Threat Modeling Prototyping (RTMP)
  • Risk Rating Using OWASP Risk Rating
  • CVSS Scoring for Vulnerability Management
  • Transforming Threats into Secure Designs
  • Chapter 2 Quiz

  • Module Introduction
  • Software Supply Chain Threat Landscape
  • Software Bill of Materials (SBOM) Fundamentals
  • Dependency Management and Open-source Risk Assessment
  • SLSA Framework and Build Provenance
  • Artifact Integrity and Code Signing
  • Vendor Risk Assessment and Third-party Security
  • Continuous Supply Chain Monitoring
  • Compliance and Regulatory Requirements
  • Supply Chain Incident Response and Recovery
  • Chapter 3 Quiz

  • Module Introduction
  • Cloud-native Security Fundamentals
  • Container and Serverless Security
  • Cloud Security Automation and Infrastructure as Code (IaC) Security
  • Kubernetes Security Architecture and RBAC
  • Container and Registry Security
  • Runtime Protection and Behavioral Monitoring
  • Network Security and Micro-segmentation
  • Secrets Management and Data Protection
  • Compliance and Governance in Cloud-native Environments
  • Course Wrap-up Video
  • Chapter 4 Quiz
Load more modules

Instructor

Team

Starweaver delivers 10x better-trained employees and students through scalable, activity-based online learning combined with live human-to-human instruction. With 70–85% course completion rates, we go beyond passive content libraries by focusing on real skill-building and professional competency. Our mission is to transform technologists into world-class experts and business professionals into tech-savvy leaders. Starweaver connects learners with a global network of live instructors and peers, driving higher engagement, satisfaction, and achievement. Our proprietary tools blend guided self-learning with real-time collaboration, ensuring learners stay motivated, capable, and truly job-ready.

Join over 1 Million professionals from the most renowned Companies in the world!

certificate

Fastest Way to Level Up Your Cybersecurity Skills

Invest in your future with flexible subscription plans that give you access to the world’s largest online cybersecurity course library. Whether you're exploring cybersecurity courses for beginners or advancing your expertise,
access in-demand courses, practical labs, and CTF challenges designed to support continuous learning.

Monthly Plans
Annual Plans
Save 20% with our annual plans!

Pro

Build your cybersecurity skills with 900+ bite-sized courses and curated learning paths designed for continuous learning.

$ 69.00
Billed monthly or $599.00 billed annually

What is included

  • 880+ Premium Short Courses
  • 70+ Structured Learning Paths
  • Validation of Completion with all courses and learning paths
  • New Courses added every month
Early Access Offer

Pro +

Develop real-world cybersecurity skills through hands-on labs and CTF challenges designed for practical learning.

$ 79.00
Billed monthly or $699.00 billed annually

Everything in Pro, Plus:

  • 1600+ Hands-on lab exercises with guided instructions
  • 150+ CTF Challenges with detailed walkthroughs
  • New Hands-on Labs and Challenges added every month

Related Courses

1 of 50