Fundamentals of Building Secure Software Online Course

Fundamentals of Building Secure Software Online Course

Fundamentals of Building Secure Software Online Course

This course provides a complete guide to securing software applications across the entire SDLC. You’ll explore key practices such as threat modeling, vulnerability management, and frameworks like OWASP and NIST, while gaining hands-on experience with real-world vulnerabilities, including the OWASP Top 10. Advanced topics like Defense in Depth, cloud security, DevSecOps, and secure CI/CD pipelines will prepare you to integrate security into every stage of development. By the end, you’ll have the skills to design, deploy, and maintain secure applications, boosting your expertise as a developer or security professional.

Who should take this Course?

The Fundamentals of Building Secure Software Online Course is ideal for software developers, security engineers, QA professionals, and IT specialists who want to integrate security into every stage of the software development lifecycle. It is also suitable for students, beginner programmers, and professionals aiming to understand secure coding practices, threat modeling, and vulnerability prevention to build robust and resilient applications.

What you will learn

  • Implement security in the software development lifecycle
  • Use OWASP tools to prevent common vulnerabilities
  • Apply secure coding and testing practices effectively
  • Integrate security into DevOps and CI/CD processes
  • Perform effective threat modeling and risk assessment
  • Secure cloud environments and container deployments

Course Outline

Introduction to this Course

  • Introduction to Application Security
  • Application Security Terms and Definitions
  • Application Security Goals
  • OWASP WebGoat Demo

Understanding Secure SDLC

  • Application Security Introduction
  • Top 10s
  • Application Security Terms and Definitions
  • Application Security Goals
  • Introduction to NIST
  • Introduction to CSA

Defense in Depth

  • Defense in Depth
  • Roles and Terms in Cybersecurity
  • API Security
  • Content Security Policy (CSP)
  • Server-Side Request Forgery - SSRF
  • Vulnerability Management

Dive into the OWASP Top 10

  • Broken Access Control
  • Broken Access Control - Demo
  • Cryptographic Failures
  • Injection
  • Injection Demo
  • Insecure Design
  • Security Misconfiguration
  • Vulnerable and Outdated Components
  • Identification and Authentication Failures
  • Identification Failures Demo
  • Software and Data Integrity Failures
  • Security Logging and Monitoring Failures
  • Cross-Site Scripting (XSS)
  • XSS Demo

Supply Chain Security

  • Introduction to Supply Chain Security
  • Supply Chain Defenses
  • Software Composition Analysis (SCA)
  • Introducing SLSA
  • Software Bill of Materials (SBOM)
  • Dependency-Track and CycloneDX

Cloud and Container Security

  • Introduction to Cloud
  • Cloud Security Concepts
  • AWS Security Pillar
  • AWS Identity and Access Management
  • AWS Detection Controls
  • AWS Infrastructure
  • AWS Data Protection
  • AWS Incident Response
  • AWS Application Security
  • Container Security
  • Azure and GCP

Session Management

  • Introduction to Session Management
  • Web Sessions
  • JSON Web Token (JWT)
  • JWT Example
  • JSON Web Encryption (JWE)
  • OAuth
  • OpenID & OpenID Connect

Risk Rating and Basic Threat Modeling

  • Risk Rating Introduction
  • Risk Rating Demo
  • Security Controls
  • Introduction to Threat Modeling
  • Type of Threat Modeling
  • Introduction to Manual Threat Modeling
  • Prepping for Microsoft Threat Model Tool
  • Microsoft Threat Model Tool Demo
  • OWASP Threat Dragon Demo

More Advanced Threat Modeling

  • Additional Methods of Threat Modeling
  • Using DREAD
  • Using MITRE ATT&CK
  • Other Advanced Threat Modeling Techniques
  • Attack Trees
  • Attack Tree Demo
  • Continuous Threat Modeling
  • Threagile Demo
  • Threat Modeling the Cloud

Encryption and Hashing

  • Encryption Overview
  • Encryption Use Cases
  • Hashing Overview
  • Hashing Demo
  • Public Key Infrastructure (PKI)
  • Password Management
  • Password Demo

DevSecOps and Secure CICD

  • DevOps
  • DevSecOps
  • DevSecOps Design
  • DevSecOps Code
  • DevSecOps Analysis
  • DevSecOps Build
  • DevSecOps Operations
  • Secure CICD
  • Secure CICD Demo

Security Scanning and Testing

  • SAST (Static Application Security Testing)
  • CodeQL Demo
  • DAST (Dynamic Application Security Testing)
  • DAST Demo
  • IAST (Interactive Application Security Testing)
  • ASPM (Application Security Posture Management)
  • ASPM Demo
  • RASP (Runtime Application Self-Protection)
  • WAF (Web Application Firewall)
  • Penetration Testing
  • Fuzz Testing

Conclusion

Reviews

No reviews yet. Be the first to review!

Write a review

Note: HTML is not translated!
Bad           Good

Tags: Fundamentals of Building Secure Software Online Course, Building Secure Software Training, Building Secure Software Free Course, Building Secure Software Test, Building Secure Software Questions,