Complete Guide to Application Security
5h 57mIntermediate2025-01-17
Authors

Jerod Brennen
Security Architect, Advisor, Speaker, Teacher
Course details
Want to build apps so secure they make cybercriminals cry? This isn't your average security course–it's the insider's comprehensive playbook to crafting high quality applications. Learn how to identify and remediate the vulnerabilities that creep into modern applications, arming you with the same battle-tested strategies the pros use (think OWASP Top Ten). Get ready to dive into hands-on testing exercises, where you'll put this knowledge to the test. Tackle the cutting-edge threats facing APIs and LLM applications, helping you stay one step ahead of the cybercriminals. By the end of this course, you'll be equipped with the knowledge you need to ensure the apps you're building are both resilient and ready to deflect attacks.
Learning objectives
Identify and assess the most critical security risks in modern web applications, mobile applications, APIs, and LLM applications, drawing on industry standards such as those maintained by OWASP.
Design and implement secure coding practices and security controls throughout the software development lifecycle (SDLC), incorporating DevSecOps principles to improve application quality while reducing security costs.
Apply specific mitigation techniques for common vulnerabilities like injection attacks, broken authentication, sensitive data exposure, and insecure configuration.
Leverage security testing methodologies such as SAST, DAST, and IAST to proactively detect and remediate vulnerabilities before applications are deployed to production.
Understand emerging threats in application security, such as attacks targeting large language models and mobile application vulnerabilities, and develop strategies to address them.
Learning objectives
Identify and assess the most critical security risks in modern web applications, mobile applications, APIs, and LLM applications, drawing on industry standards such as those maintained by OWASP.
Design and implement secure coding practices and security controls throughout the software development lifecycle (SDLC), incorporating DevSecOps principles to improve application quality while reducing security costs.
Apply specific mitigation techniques for common vulnerabilities like injection attacks, broken authentication, sensitive data exposure, and insecure configuration.
Leverage security testing methodologies such as SAST, DAST, and IAST to proactively detect and remediate vulnerabilities before applications are deployed to production.
Understand emerging threats in application security, such as attacks targeting large language models and mobile application vulnerabilities, and develop strategies to address them.
Skills covered
Application SecurityCybersecurityOne-Off
Concepts
0. Introduction
- 01 - Welcome to the course
- 02 - The application security landscape
- 03 - OWASP DevSecOps Guideline
1. Securing Web Apps
- 04 - OWASP Top 10 - The most critical risks
- 05 - Broken access control
- 06 - Demo - Implementing strong access controls
- 07 - Injection attacks
- 08 - Demo - SQL injection attack and mitigation
- 09 - Configuration security
- 10 - Secure by design
2. Secure Development Practices
- 11 - Security in the software development lifecycle (SDLC)
- 12 - Secure coding principles
- 13 - Input validation and sanitization
- 14 - Demo - Input validation and sanitization techniques
- 15 - Error handling and logging
- 16 - Demo - Secure error handling and logging
- 17 - Cryptography fundamentals
- 18 - Demo - Encryption and hashing in practice
3. Security Testing and Verification
- 19 - Security testing - Finding and fixing vulnerabilities
- 20 - Secrets management
- 21 - Secure software supply chain management (SCA)
- 22 - Static application security testing (SAST)
- 23 - Demo - Using a SAST Tool
- 24 - Dynamic application security testing (DAST)
- 25 - Demo - Using a DAST Tool
- 26 - Interactive application security testing (IAST)
- 27 - Implementing security in the CI CD pipeline
4. API Security
- 28 - API security distinctions
- 29 - OWASP API Security Top Ten
- 30 - Broken object level authorization
- 31 - Broken authentication
- 32 - Demo - Implementing API authentication controls
- 33 - Unrestricted resource consumption
- 34 - Demo - Implementing resource consumption controls
5. Mobile App Security
- 35 - OWASP Mobile Security Top Ten
- 36 - Improper credential usage
- 37 - Demo - Secure credential usage
- 38 - Inadequate supply chain security
- 39 - Demo - Validating supply chain security
- 40 - Insecure authentication and authorization
6. Cloud-Native Applications
- 41 - Cloud security considerations
- 42 - Container security
- 43 - Serverless security
- 44 - Securing microservices
- 45 - Security in the Internet of Things (IoT)
7. Securing AI Applications
- 46 - Artificial intelligence and machine learning in security
- 47 - OWASP Top Ten for Large Language Model Applications
- 48 - Prompt injection attacks
- 49 - Demo - Prompt injection attacks
- 50 - Insecure output handling
- 51 - Training data poisoning
8. Assessment Methodologies
- 52 - Security regulations and compliance
- 53 - Threat modeling
- 54 - Demo - Building a threat model
- 55 - Web security testing guide
- 56 - Demo - Conducting a web security test
- 57 - Application Security Verification Standard (ASVS)
- 58 - Demo - Using the ASVS
- 59 - Penetration testing
- 60 - Demo - Conducting a penetration test
Conclusion
- 61 - Ethical hacking and bug bounty programs
- 62 - Application security certifications
- 63 - Application security in different industries
- 64 - Future trends in application security
- 65 - Creating a career in application security
Related courses
- Exploring Ktor with Kotlin Multiplatform and Compose
- Security Testing Essential Training
- Complete Guide to Incident Response for Security Analysts
- Complete Guide to Identity and Access Management for Network Engineers
- Kali Purple Essential Training
- Modern Cloud Security: Shift-Left, Observability, and Automated Defense
- ISC2 Certified Cloud Security Professional (CCSP) Cert Prep
- The OWASP Top 10 for Large Language Model (LLM) Applications: An Overview
Related learn paths
- Introduction to Fundamental Skills for Data Work: Data Storage
- Introduction to Fundamental Skills for Data Work: Data Analysis and Interpretation
- Unlock Your Career Potential: Use LinkedIn to Build Confidence and Career Skills
- Getting Started with DevOps
- Working with Data: Engineering, Integration, and MLOps for AI
- Working Smarter with Microsoft 365
- Explore a Career in Application Security
- Foundations of Cloud Computing: Models, Platforms, Services, and Careers