Building an Application Security Program from scratch

Focused View

Derek Fisher

4:51:59

131 View

1. Welcome to the course!

1. Introduction.mp4

01:01

2. Why do we need application security

1. Define application security.mp4

08:53

2. Why is application security challenging.mp4

08:22

3. Shifting left vs shifting right.mp4

11:10

4. Application security needs you.mp4

06:56

3. Defining the problem

1. Confidentiality.mp4

10:53

2. Integrity.mp4

05:28

3. Availability.mp4

07:34

4. Authentication and Authorization.mp4

04:27

5. Adversaries.mp4

05:33

6. Measuring Risk.mp4

09:41

4. Components of application security

1. Threat modeling.mp4

15:12

2. Security Analysis.mp4

11:17

3. Penetration testing.mp4

03:21

4. Run time protection.mp4

08:09

5. Vulnerability Management.mp4

10:10

6. Putting it all together.mp4

05:58

5. Releasing Secure Code

1. Security in DevOps.mp4

04:34

2. How software gets developed.mp4

12:39

3. Applying security tools.mp4

17:07

6. Security belongs to everyone

1. Security is everyone's problem.mp4

05:36

2. Creating security education.mp4

08:02

3. Security standards, requirements, and reference architecture.mp4

07:10

4. Security maturity models.mp4

10:09

5. Decentralized application security.mp4

06:10

7. Application security as a service

1. Managing risk in development.mp4

05:45

2. Enablement instead of gates.mp4

04:30

3. Bridging engineering and security.mp4

05:41

8. Building a roadmap

1. Getting the current posture.mp4

09:17

2. Organizational goals.mp4

03:53

3. Identifying the gaps.mp4

05:07

4. Application security roadmaps.mp4

03:10

9. Measuring success in your application security program

1. Measuring effectiveness of your program.mp4

08:02

2. Key performance indicators (KPIs).mp4

05:40

3. Getting feedback on the program.mp4

03:58

4. Security scorecards.mp4

05:23

10. Continuously improving the program

1. Staying ahead of the attackers.mp4

06:22

2. Threat catalogs.mp4

08:50

3. Staying ahead of engineering.mp4

06:52

4. Shiny tools.mp4

03:57

Description

A guide for software engineers and team leaders

What You'll Learn?

Why application security is so important to modern software
Application security tools you can use throughout the development lifecycle
Threat modeling and risk rating
Gap analysis on security tools
Creating a DevSecOps pipeline
Application security as a service model
Creating a software security ecosystem that benefits development
Setting up your program for continuous improvement

Who is this for?

For software developers, architects, team leaders, and project managers.

More details

Description
This course teaches you to implement a robust program of security throughout your development process. It goes well beyond the basics, detailing flexible security fundamentals that can adapt and evolve to new and emerging threats. Its service-oriented approach is perfectly suited to the fast pace of modern development. Your team will quickly switch from viewing security as a chore to an essential part of their daily work. Follow the expert advice in this guide and youâ€™ll reliably deliver software that is free from security defects and critical vulnerabilities.
Application security is much more than a protective layer bolted onto your code. Real security requires coordinating practices, people, tools, technology, and processes throughout the life cycle of a software product. This course provides a reproducible, step-by-step road map to building a successful application security program.
This course delivers effective guidance on establishing and maturing a comprehensive software security plan. In it, youâ€™ll master techniques for assessing your current application security, determining whether vendor tools are delivering what you need, and modeling risks and threats. As you go, youâ€™ll learn both how to secure a software application end to end and also how to build a rock-solid process to keep it safe.
The only requirement for this course is to keep an open mind and prepare yourself to build a better approach to application security!
Who this course is for:
For software developers, architects, team leaders, and project managers.

User Reviews

Rating

average 0

Total votes0

Focused display

Derek Fisher has several decades of experience designing systems in both hardware and software, and holds a graduate degree in cybersecurity from Boston University. He continues to work professionally as a leader, university instructor, and conference speaker in the security space where he provides his insight to multiple fields and disciplines.

Udemy

View courses Udemy

Students take courses primarily to improve job-related skills.Some courses generate credit toward technical certification. Udemy has made a special effort to attract corporate trainers seeking to create coursework for employees of their company.