Booking options
£74.99
£74.99
On-Demand course
6 hours 33 minutes
All levels
This course is complete training for someone who wants to join the security world and get familiar with most of the practices/risks and different areas, where they can invest to become experts. It covers both the 'admin' side of how to develop the processes and program around it as well as an insight into the technical aspects.
Application security describes security measures at the application level that aim to prevent data or code within the app from being stolen or hijacked. It may include hardware, software, and procedures that identify or minimize security vulnerabilities. Web application security is the process of securing websites, web applications, and other internet-based services from cyber-attacks, breaches, and security threats that leverage loopholes, misconfigurations, and vulnerabilities in these applications or their codes. This course will familiarize you with the common vulnerabilities that plague developed code as outlined in publications such as the OWASP Top 10 and SANS Top 25. You will understand what type of development behaviors lead to vulnerabilities and how to avoid those behaviors when creating secure code. You will learn how to perform a threat model on development features to understand what threats could impact your code, where they come from, and how to mitigate them.
You will also review and operate analysis tools that are available to developers in order to analyze their code and discover vulnerabilities, allowing you to correct them early in the development lifecycle. Finally, you will understand how application security fits in an overall cybersecurity program. By the end of this course, you will have learned the basic fundamentals, best practices and tools to be used for application security. All the resource files are added to the GitHub repository at: https://github.com/PacktPublishing/Fundamentals-of-Secure-Software
Explore OWASP Top 10 and defend against those vulnerabilities
Learn to perform a threat model on an application
Perform a vulnerability scan of an application
Understand how to correct common security vulnerabilities in code
See how application security fits in an overall cybersecurity program
Build security into the software development lifecycle
This course is ideal for software developers interested in developing more secure software, security practitioners, software and security engineering leaders, and cyber security professionals.
This course is best for intermediate-level professionals and for someone with a basic understanding of IT security and programming.
Basic programming knowledge and understanding of IT systems and how software is deployed in operational environments would help you grasp the concepts readily.
This course provides a good overview of all the aspects involved with application security. The explanation is clear and practical examples are given each time. The instruction is easy-to-understand, well-paced, and structured. The content consists of demos, solutions with modern standards, and diagrams for better understanding purposes.
Look at the detailed aspects of security with clear and concise examples * Learn how to become an application security champion * Use threat modeling to identify threats and mitigation in development features *
https://github.com/PacktPublishing/Fundamentals-of-Secure-Software
Derek Fisher is a leader, speaker, author, and instructor in cyber security. He has several decades of experience in designing systems in both hardware and software and holds a graduate degree in cyber security from Boston University. He continues to work professionally as a leader, university instructor, and conference speaker in the security space, where he provides his insight into multiple fields and disciplines.
1. Introduction to the Course
1. Introduction to Application Security In this video, we will lay the groundwork for what an SDLC looks like. |
2. Application Security Terms and Definitions In this video, we will cover the initial terms and definitions related to application security. |
3. Application Security Goals In this video, we will continue defining terms and start talking about security goals. |
4. OWASP WebGoat Demo WebGoat is a deliberately insecure web application maintained by OWASP designed to teach web application security videos. In this video, we will do a brief demo to get you started on using WebGoat. |
2. Introduction to OWASP Top 10 and More Items
1. Introduction to OWASP Top 10 This video is a high-level walkthrough of the OWASP Top 10 and other OWASP resources. |
2. SANS Top 25 This video provides an introduction to the SANS Top 25. |
3. Threat Actors and More Definitions This video demonstrates the different attackers that threaten software and systems. You will look at more foundational definitions. |
4. Defense In-Depth This video explains defense in-depth and its purpose. |
5. Proxy Tools This video provides an introduction to proxy tools and their purpose. |
6. Demo of Fiddler with JuiceShop This video is about using Fiddler to tamper with parameters in JuiceShop. |
7. API Security This video explains API security. |
3. Dive into the OWASP Top 10
1. Broken Access Control This video talks about Broken authentication. |
2. Cryptographic Failures This video explains what sensitive data exposure is and talks about cryptographic failures. |
3. Injection This video explains Injection. |
4. Insecure Design This video explains the XML external entities. |
5. Security Misconfiguration This video talks about security misconfiguration. |
6. Vulnerable and Outdated Components This video explores using components with known vulnerabilities. |
7. Identification and Authentication Failures This video explains identification and authentication failures. |
8. Software and Data Integrity Failures This video talks about software and data integrity failures. |
9. Security Logging and Monitoring Failures This video demonstrates insecure logging. |
10. Server-Side Request Forgery This video demonstrates server-side request forgery. |
4. Defenses and Tools
1. OWASP ZAP (Zed Attack Proxy) In this video, we will install and configure OWASP ZAP. |
2. Running a ZAP Scan In this video, we will run a ZAP scan. |
3. Cross-Site Scripting This video explains cross-site scripting. |
4. CSP (Content Security Policy) This video demonstrates the Content Security Policy. |
5. CSP Demo This is a demo video of CSP in action. |
6. Security Models This video explains the various security models and their purpose. |
7. Scanning for OSS Vulnerabilities with Software Composition Analysis This video helps in using SCA to find OSS (Open-Source Software) vulnerabilities. |
8. SKF (Security Knowledge Framework) This video explains how to use the SKF (Security Knowledge Framework). |
9. SKF Demo This is a demo video of the SKF (Security Knowledge Framework). |
10. SKF Labs Demo This is a demo video of the SKF (Security Knowledge Framework) Labs. |
11. Source Code Review This video explains how to perform a secure code review. |
5. Session Management
1. Introduction to Session Management This video provides an introduction to session management and best practices. |
2. Web Sessions This video explains web session management. |
3. JWT (JSON Web Token) This video explains the JSON Web Token and what it is used for. |
4. JWT Example This video explains the breaking down a JWT. |
5. OAuth This video explains OAuth and how it is used. |
6. OpenID and OpenID Connect This video talks about OpenID and why it is used. |
6. Risk Rating and Threat Modeling
1. Risk Rating Introduction This video provides an introduction to risk rating and what it is used for. |
2. Risk Rating Demo This video helps in performing a risk rating. |
3. Introduction to Threat Modeling This video provides an introduction to threat modeling. |
4. Type of Threat Modeling This video demonstrates different types of threat modeling. |
5. Introduction to Manual Threat Modeling This video helps in performing a manual threat model. |
6. Manual Threat Model demo This is a demo video of performing a manual threat model. |
7. Prepping for Microsoft Threat Model Tool This video will help you get ready to use the Microsoft Threat Model tool. |
8. Microsoft Threat Model Tool demo This is a demo video of the Microsoft Threat Model tool. |
7. Encryption and Hashing
1. Encryption Overview This video provides an introduction and overview of encryption. |
2. Encryption Use Cases This video focuses on various use cases for encryption. |
3. Hashing Overview This video provides an introduction and overview of hashing. |
4. Hashing Demo This is a demo video on hashing. |
5. PKI (Public Key Infrastructure) This video explains the PKI (Public Key Infrastructure) and how it is used. |
6. Password Management This video explains how to handle passwords securely. |
7. Password Demo This is a demo video on password management. |
8. Frameworks and Process
1. HIPAA (Health Insurance Portability and Accountability Act) This video explains the HIPAA (Health Insurance Portability and Accountability Act) and its purpose. |
2. PCI DSS (Payment Card Industry Data Security Standard) This video explains the PCI DSS (Payment Card Industry Data Security Standard) and its purpose. |
3. DevOps This talks about DevOps in detail. |
4. DevSecOps This video explains the concept of DevSecOps. |
5. Use, Abuse, and Misuse cases This video focuses on the use, abuse, and misuse cases. |
9. Security Scanning and Testing
1. SAST (Static Application Security Testing) This video provides an introduction to SAST (Static Application Security Testing). |
2. Spot Bugs Demo This is a demo video on the Eclipse plug-in, Spot Bugs. |
3. DAST (Dynamic Application Security Testing) This video demonstrates DAST (Dynamic Application Security Testing). |
4. IAST (Interactive Application Security Testing) This video demonstrates IAST (Interactive Application Security Testing). |
5. RASP (Runtime Application Self-Protection) This video talks about RASP (Runtime Application Self-Protection). |
6. WAF (Web Application Firewall) This video Introduces you to WAF (Web Application Firewall). |
7. Penetration Testing This video explains penetration testing. |
8. SCA (Software Composition Analysis) This video talks about the SCA (Software Composition Analysis). |
10. Conclusion
1. Conclusion This video reviews a few of the important concepts learned throughout the course. |