Do I need to know anything about DevOps to take this course?

No. This is an introductory course that assumes no prior knowledge of DevOps.

Which software tools are required?

You will need to sign up for a no-charge GitHub account and use other no-charge tools from IBM in your browser.

When will I have access to the lectures and assignments?

To access the course materials, assignments and to earn a Certificate, you will need to purchase the Certificate experience when you enroll in a course. You can try a Free Trial instead, or apply for Financial Aid. The course may offer 'Full Course, No Certificate' instead. This option lets you see all course materials, submit required assessments, and get a final grade. This also means that you will not be able to purchase a Certificate experience.

What will I get if I subscribe to this Certificate?

When you enroll in the course, you get access to all of the courses in the Certificate, and you earn a certificate when you complete the work. Your electronic Certificate will be added to your Accomplishments page - from there, you can print your Certificate or add it to your LinkedIn profile.

Application Security for Developers and DevOps Professionals

Application Security for Developers and DevOps Professionals

This course is part of multiple programs.

Instructor: John Rofrano

Top Instructor

29,219 already enrolled

Included with

Learn more

4 modules

Gain insight into a topic and learn the fundamentals.

251 reviews

Intermediate level

Recommended experience

Flexible schedule

2 weeks at 10 hours a week

Learn at your own pace

97%

Most learners liked this course

4 modules

Gain insight into a topic and learn the fundamentals.

251 reviews

Intermediate level

Recommended experience

Flexible schedule

2 weeks at 10 hours a week

Learn at your own pace

97%

Most learners liked this course

What you'll learn

Explain security by design, learn to develop applications using security by design principles; perform defensive coding following OWASP principles.
Describe IBM cloud container vulnerability; perform vulnerability scanning and pen testing with Kali Linux.
Describe what to look for in app performance; perform troubleshooting using logging, stack trace, and log analytics.
Discuss concepts like Golden Signals; list tools for monitoring and troubleshooting; and test monitoring in action with Prometheus and Grafana.

Skills you'll gain

Tools you'll learn

Open Web Application Security Project (OWASP)

Details to know

Shareable certificate

Add to your LinkedIn profile

Assessments

14 assignments

Taught in English

91%

of learners achieved a positive career outcome

See how employees at top companies are mastering in-demand skills

Learn more about Coursera for Business

logos of Petrobras, TATA, Danone, Capgemini, P&G and L'Oreal

Build your subject-matter expertise

This course is available as part of

When you enroll in this course, you'll also be asked to select a specific program.

Learn new concepts from industry experts
Gain a foundational understanding of a subject or tool
Develop job-relevant skills with hands-on projects
Earn a shareable career certificate from IBM

There are 4 modules in this course

How vulnerable are your applications to security risks and threats? This course will help you identify vulnerabilities and monitor the health of your applications and systems. You’ll examine and implement secure code practices to prevent events like data breaches and leaks, and discover how practices like monitoring and observability can keep systems safe and secure.

You will gain extensive knowledge on various practices, concepts, and processes for maintaining a secure environment, including DevSecOps practices that automate security integration across the software development lifecycle (SDLC), Static Application Security Testing (SAST) for identifying security flaws, Dynamic Analysis, and Dynamic Testing. You’ll also learn about creating a Secure Development Environment, both on-premise and in the cloud. You’ll explore the Open Web Application Security Project (OWASP) top application security risks, including broken access controls and SQL injections. Additionally, you will learn how monitoring, observability, and evaluation ensure secure applications and systems. You’ll discover the essential components of a monitoring system and how application performance monitoring (APM) tools aid in measuring app performance and efficiency. You’ll analyze the Golden Signals of monitoring, explore visualization and logging tools, and learn about the different metrics and alerting systems that help you understand your applications and systems. Through videos, hands-on labs, peer discussion, and the practice and graded assessments in this course, you will develop and demonstrate your skills and knowledge for creating and maintaining a secure development environment.

Module details

In this module, you will identify how security fits into your workflow and gain a working knowledge of security concepts and terminology. You’ll discover how to design for security in the Software Development Lifecycle (SDLC) and find out about a set of practices known as DevSecOps. You will also discover the OSI model, identify the necessary OSI layers for developers, and implement security measures on the four layers of application development. You will gain insights into security patterns and learn how to organize them. You will describe TLS (Transport Layer Security) and SSL (Secure Sockets Layer), identify how to keep TLS secure in the SDLC, and explore OpenSSL and its purpose. You will learn the strategies, best practices, and methodologies for getting security early into your code to protect applications against threats and vulnerabilities. Further, you’ll find out how you can use tools like vulnerability scanners and threat models to mitigate security vulnerabilities. You’ll also get the opportunity to add key terms like authentication, encryption, and integrity to your security vocabulary. Finally, you will also perform hands-on labs to encrypt and decrypt files using OpenSSL and scan a network environment with Nmap.

What's included

11 videos5 readings4 assignments2 app items2 plugins

11 videosTotal 59 minutes

Course Introduction   5 minutes
Security by Design6 minutes
What is DevSecOps? 6 minutes
The OSI Model6 minutes
Securing Layers for Application Development7 minutes
Security Patterns7 minutes
TLS/SSL5 minutes
What is OpenSSL?5 minutes
Vulnerability Scanning and Threat Modeling  4 minutes
Threat Monitoring  4 minutes
Security Concepts and Terminology4 minutes

5 readingsTotal 29 minutes

IBM Product Spotlight: Hashicorp Vault2 minutes
Summary & Highlights - Introduction to DevSecOps2 minutes
Summary and Highlights - Understanding the Role of Network Security3 minutes
Getting Started with Network and Port Scanning with Nmap20 minutes
Summary and Highlights - Inspecting Security in Application Development  2 minutes

4 assignmentsTotal 60 minutes

Graded Quiz: Introduction to Security for Application Development30 minutes
Introduction to DevSecOps10 minutes
Understanding the Role of Network Security10 minutes
Inspecting Security in Application Development10 minutes

2 app itemsTotal 35 minutes

Hands on Lab: Using OpenSSL to Encrypt and Decrypt Files15 minutes
Hands on Lab: Scanning a Network Environment with Nmap20 minutes

2 pluginsTotal 20 minutes

Cheat Sheet: Introduction to Security for Application Development5 minutes
Module 1 Glossary: Introduction to Security for Application Development15 minutes

In this module, you will learn the key mitigation strategies to secure your application throughout development and production. You will also discover a range of security testing methods like static analysis, dynamic analysis, vulnerability analysis, software component analysis, and continuous security analysis. You will explore ways to perform code review and ensure runtime protection for application development. You will also perform hands-on labs based on static analysis, dynamic analysis, vulnerability scanning, and vulnerability detection.

What's included

9 videos2 readings3 assignments4 app items3 plugins

9 videosTotal 39 minutes

Introduction to Security Testing and Mitigation Strategies  5 minutes
Static Analysis  4 minutes
Dynamic Analysis 4 minutes
Code Review 3 minutes
Vulnerability Analysis4 minutes
Demo Video: Evaluating Vulnerability Analysis6 minutes
Runtime Protection 4 minutes
Software Component Analysis5 minutes
Continuous Security Analysis4 minutes

2 readingsTotal 4 minutes

Summary & Highlights - Introduction to Security Testing and Mitigation Strategies2 minutes
Summary & Highlights - Implementing Key Analysis in Applications2 minutes

3 assignmentsTotal 50 minutes

Graded Quiz: Security Testing and Mitigation Strategies 30 minutes
Introduction to Security Testing and Mitigation Strategies 10 minutes
Implementing Key Analysis in Applications 10 minutes

4 app itemsTotal 105 minutes

Hands-on Lab: Using Static Analysis 30 minutes
Hands-on Lab: Using Dynamic Analysis 30 minutes
Hands-on Lab: Evaluating Vulnerability Analysis 20 minutes
Hands-on Lab: Evaluate Software Component Analysis25 minutes

3 pluginsTotal 35 minutes

Reading: Evaluate Software component analysis10 minutes
Cheat Sheet: Security Testing and Mitigation Strategies10 minutes
Module 2 Glossary: Security Testing and Mitigation Strategies15 minutes

In this module, you will learn about the Open Web Application Security Project (OWASP) and its Top 10 security concerns. You’ll learn about application vulnerabilities and discover the top vulnerabilities concerning security experts and professionals. You will explore SQL injection, cross-site scripting, and storing secrets securely. You will also investigate software and data integrity failures, discover how to detect these types of vulnerabilities, and examine ways to mitigate their impact. You will also perform hands-on labs to analyze your code repository using Snyk and use the Vault Python API (hvac) to read, write, and delete key-value secrets in Vault.

What's included

10 videos3 readings3 assignments3 app items4 plugins

10 videosTotal 66 minutes

Intro to OWASP (Top 10) Sec Vulnerabilities 5 minutes
OWASP Top 1-37 minutes
OWASP Top 4-68 minutes
OWASP Top 7-1010 minutes
Demo Video: Snyk (SAST) Free Tool4 minutes
SQL Injections  5 minutes
Other Types of SQL Injection Attacks8 minutes
Demo Video: Example of an SQL Injection7 minutes
Cross Site Scripting4 minutes
Storing Secrets Securely8 minutes

3 readingsTotal 24 minutes

Discover Code Vulnerabilities with Snyk (SAST) Free Tool20 minutes
Summary & Highlights - Introducing OWASP Top 10 2 minutes
Summary & Highlights - Diving Deeper into OWASP2 minutes

3 assignmentsTotal 48 minutes

Graded Quiz: OWASP Application Security Risks30 minutes
Practice Quiz: Introducing OWASP Top 108 minutes
Diving Deeper into OWASP10 minutes

3 app itemsTotal 80 minutes

Hands-on Lab: Understanding SQL Injections20 minutes
Hands-on Lab: Cross Site Scripting25 minutes
Hands-on Lab: Storing Secrets Securely35 minutes

4 pluginsTotal 65 minutes

Hands on Lab: Discover Code Vulnerabilities with Snyk (SAST) Free Tool30 minutes
Reading: Cross Site Scripting10 minutes
Cheat Sheet: OWASP Application Security Risks10 minutes
Module 3 Glossary: OWASP Application Security Risks15 minutes

In this module, you will learn about coding best practices and software dependencies. You’ll also explore how to secure a development environment by deciding what to store in a centralized repository and what not to store in GitHub. You will also perform hands-on labs to create HTTP security headers using flask-talisman and safely store and retrieve secrets using the pass CLI (command-line-interface). As your final project, you will check your code on GitHub for vulnerabilities in order of severity and fix the vulnerabilities. You’ll apply the best practices for reducing the risk of vulnerability.

What's included

3 videos4 readings4 assignments2 app items6 plugins

3 videosTotal 21 minutes

Code Practices 5 minutes
Dependencies  7 minutes
Secure Development Environment9 minutes

4 readingsTotal 9 minutes

Summary & Highlights - Code Development Practices2 minutes
What's Next: Explore Hashicorp Vault1 minute
Congratulations and Next Steps3 minutes
Thanks from the Course Team3 minutes

4 assignmentsTotal 130 minutes

Graded Quiz: Security Best Practices 30 minutes
Graded Quiz: Final Project30 minutes
Final Assessment 60 minutes
Code Development Practices10 minutes

2 app itemsTotal 40 minutes

Hands-on Lab: Code Practices 20 minutes
Hands-on Lab: Secure Development Environment 20 minutes

6 pluginsTotal 123 minutes

Reading: CodeQL Analysis6 minutes
Cheat Sheet: Security Best Practices15 minutes
Module 4 Glossary: Security Best Practices15 minutes
Practice Lab: Security Vulnerability Scan and Fix30 minutes
Final Lab: Scan and Fix Vulnerabilities30 minutes
Glossary: Application Security for Developers and DevOps Professionals27 minutes

Earn a career certificate

Add this credential to your LinkedIn profile, resume, or CV. Share it on social media and in your performance review.

Instructor

Instructor ratings

(57 ratings)

Top Instructor

John Rofrano

IBM

8 Courses362,571 learners

Offered by

IBM

Learner reviews

5 stars
78.57%
4 stars
15.47%
3 stars
2.77%
2 stars
0.39%
1 star
2.77%

Showing 3 of 251

Reviewed on Apr 26, 2024

Good overview of application security. The first part is too heavy on the side of terminology. The labs are interesting but in need of some adjustment and quality check.

Reviewed on Oct 7, 2022

Application security and monitoring is a huge topic. It's very helpful that some valuable contents are selected and consolidated into this course.

Reviewed on May 30, 2024

This one did a much better job explaining more of the little details for people who are truly noobs coming from a non-programming world.

View more reviews