Application Security - The Complete Guide
Application Security - The Complete Guide
Beginner
9 Hrs
Developing security in the Software Development Life Cycle (SDLC)
Developing security in the Software Development Life Cycle (SDLC)
Overview
This course will familiarize you with the common vulnerabilities that plague developed code as outlined in publications like the OWASP Top 10 and SANS Top 25. You will understand what type of development behaviors lead to vulnerabilities and how to avoid those behaviors when creating secure code. You will learn how to perform a threat model on development features to understand what threats could impact your code, where they come from, and how to mitigate them. You will also review and operate analysis tools that are available to developers in order to analyze their code and discover vulnerabilities, allowing you to correct them early in the development life cycle. Finally, you will understand how application security fits in an overall cyber security program.
What You Will Learn
- Learn how to become an application security champion.
- What is the OWASP Top 10 and how to defend against those vulnerabilities.
- Use of threat modelling to identify threats and mitigation in development features.
- How to perform a threat model on an application.
- How to perform a vulnerability scan of an application.
- Rating security vulnerabilities using standard and open processes.
- How to correct common security vulnerabilities in code.
- How application security fits in an overall cyber security program
- Building security into the software development life cycle.
Prerequisites
- Basic programming knowledge
- Understanding of IT systems and how software is deployed in operational environments
Content
Chapter 1: Welcome!
4 Videos
Application Security Terms and Definitions Application Security Goals OWASP WebGoat Demo $7 Million Cybersecurity Scholarship by EC-Council Chapter 1 Quiz
Preview
Chapter 2: Introduction to OWASP Top 10 and More Terms
6 Videos
Introduction to OWASP Top 10 SANS Top 25 Threat Actors and More Definitions Defense in Depth Proxy Tools Demo of Fiddler with JuiceShop Chapter 2 Quiz
Preview
Chapter 3: Dive into the OWASP Top 10
10 Videos
Insecure Deserialization Insecure Logging Security Misconfiguration Sensitive Data Exposure XML External Entities Broken Access Control Broken Authentication Injection Cross Site Scripting Using Components with Known Vulnerabilities Chapter 3 Quiz
Preview
Chapter 4: Defenses and Tools
11 Videos
OWASP ZAP (Zed Attack Proxy) Running a ZAP Scan CSP (Content Security Policy) CSP Demo Security Models Scanning for OSS Vulnerabilities with GitHub and OWASP Dependency Check ASVS (Application Security Verification Standard) SKF (Security Knowledge Framework) SKF Demo SKF Labs Demo Source Code Review Chapter 4 Quiz
Preview
Chapter 5: Session Management
7 Videos
Introduction to Session Management Web Sessions Sessions and Federation JWT (JSON Web Token) JWT Example OAuth OpenID & OpenID Connect Chapter 5 Quiz
Preview
Chapter 6: Risk Rating and Threat Modeling
8 Videos
Risk Rating Introduction Risk Rating Demo Introduction to Threat Modeling Type of Threat Modeling Introduction to Manual Threat Modeling Manual Threat Model Demo Prepping for Microsoft Threat Model Tool Microsoft Threat Model Tool Demo Chapter 6 Quiz
Preview
Chapter 7: Encryption and Hashing
7 Videos
Encryption Overview Encryption Use Cases Hashing Overview Hashing Demo PKI (Public Key Infrastructure) Password Management Password Demo Chapter 7 Quiz
Preview
Chapter 8: Frameworks and Process
5 Videos
HIPAA (Health Insurance Portability and Accountability Act) PCI DSS (Payment Card Industry Data Security Standard) DevOps DevSecOps Use, Abuse, and Misuse Cases Chapter 8 Quiz
Preview
Chapter 9: Security Scanning and Testing
7 Videos
SAST (Static Application Security Testing) Spot Bugs Demo DAST (Dynamic Application Security Testing) IAST (Interactive Application Security Testing) RASP (Runtime Application Self-Protection) WAF (Web Application Firewall) Penetration Testing Chapter 9 Quiz
Preview
Chapter 10: Conclusion
1 Videos
Conclusion
Preview
Instructor
Derek Fisher
Get access to only this course
$69.99
One-time PaymentGet access to all 500+ courses with EC-Council Pro
$59.99/Month
Get access to all 500+ courses with EC-Council Pro
$599/Year
Get 2 months free!
Looking to train your team?
Try EC-Council Enterprise ยปReviews
(99 reviews)
5
Average Course Rating
Related Courses
469 enrollments
Course
CCNA - Understanding Routers and Switches
$49.99
231 enrollments
Course
CISSP Certification Domains 5, 6, 7, and 8 Video Training
$69.99
809 enrollments
Course
Learn Ethical Hacking by Hacking Real Websites Legally
$69.99