4.9
stars
36 ratings

John Rofrano

Top Instructor

4,031 already enrolled

Offered By

IBM Skills Network

About this Course

31,698 recent views

How vulnerable are your applications to security risks and threats? This course will help you identify vulnerabilities and monitor the health of your applications and systems. You’ll examine and implement secure code practices to prevent events like data breaches and leaks, and discover how practices like monitoring and observability can keep systems safe and secure. 
You will gain extensive knowledge on various practices, concepts, and processes for maintaining a secure environment, including DevSecOps practices that automate security integration across the software development lifecycle (SDLC), Static Application Security Testing (SAST) for identifying security flaws, Dynamic Analysis, and Dynamic Testing. You’ll also learn about creating a Secure Development Environment, both on-premise and in the cloud. You’ll explore the Open Web Application Security Project (OWASP) top application security risks, including broken access controls and SQL injections.  

Additionally, you will learn how monitoring, observability, and evaluation ensure secure applications and systems. You’ll discover the essential components of a monitoring system and how application performance monitoring (APM) tools aid in measuring app performance and efficiency. You’ll analyze the Golden Signals of monitoring, explore visualization and logging tools, and learn about the different metrics and alerting systems that help you understand your applications and systems.  

Through videos, hands-on labs, peer discussion, and the practice and graded assessments in this course, you will develop and demonstrate your skills and knowledge for creating and maintaining a secure development environment.

Flexible deadlines

Reset deadlines in accordance to your schedule.

Shareable Certificate

Earn a Certificate upon completion

100% online

Start instantly and learn at your own schedule.

Coursera Labs

Includes hands on learning projects.

Learn more about Coursera Labs

Intermediate Level

Programming experience with Python is required.

Approx. 14 hours to complete

English

Could your company benefit from training employees on in-demand skills?

Try Coursera for Business

What you will learn

Explain security by design, learn to develop applications using security by design principles; perform defensive coding following OWASP principles.
Describe IBM cloud container vulnerability; perform vulnerability scanning and pen testing with Kali Linux.
Describe what to look for in app performance; perform troubleshooting using logging, stack trace, and log analytics.
Discuss concepts like Golden Signals; list tools for monitoring and troubleshooting; and test monitoring in action with Prometheus and Grafana.

Skills you will gain

Open Web Application Security Project (OWASP)
Observability
security
Monitoring
logging

Flexible deadlines

Reset deadlines in accordance to your schedule.

Shareable Certificate

Earn a Certificate upon completion

100% online

Start instantly and learn at your own schedule.

Coursera Labs

Includes hands on learning projects.

Learn more about Coursera Labs

Intermediate Level

Programming experience with Python is required.

Approx. 14 hours to complete

English

Could your company benefit from training employees on in-demand skills?

Try Coursera for Business

Instructor

Instructor rating

4.88/5 (9 Ratings)

John Rofrano
Top Instructor

76,284 Learners

6 Courses

Offered by

IBM Skills Network

IBM is the global leader in business transformation through an open hybrid cloud platform and AI, serving clients in more than 170 countries around the world. Today 47 of the Fortune 50 Companies rely on the IBM Cloud to run their business, and IBM Watson enterprise AI is hard at work in more than 30,000 engagements. IBM is also one of the world’s most vital corporate research organizations, with 28 consecutive years of patent leadership. Above all, guided by principles for trust and transparency and support for a more inclusive society, IBM is committed to being a responsible technology innovator and a force for good in the world.

See how employees at top companies are mastering in-demand skills

Learn more about Coursera for Business

Syllabus - What you will learn from this course

Week1

Week 1

1 hour to complete

Introduction to Security for Application Development

Welcome to Introduction to Security for Application Development. This week you will identify how security fits into your workflow and gain a working knowledge of security concepts and terminology. Discover how to design for security in the Software Development Lifecycle (SDLC). Find out about a set of practices known as DevSecOps. Learn the strategies, best practices, and methodologies for getting security early into your code to protect applications against threats and vulnerabilities. Then find out how you can use tools like vulnerability scanners and threat models to mitigate security vulnerabilities. Add to your security vocabulary with an understanding of key terms like authentication, encryption, and integrity.

1 hour to complete

6 videos (Total 30 min), 2 readings, 3 quizzes

6 videos

Course Introduction   6mSecurity by Design5mWhat is DevSecOps? 5mVulnerability Scanning and Threat Modeling  4mThreat Monitoring  3mSecurity Concepts and Terminology4m

2 readings

Summary & Highlights - Introduction to DevSecOps2mSummary and Highlights - Inspecting Security in Application Development  2m

3 practice exercises

Introduction to Security for Application Development 10m Inspecting Security in Application Development10mGraded Quiz: Introduction to Security for Application Development30m

Week2

Week 2

3 hours to complete

Security Testing and Mitigation Strategies 

Welcome to Security Testing and Mitigation Strategies. This week you will explore ways to perform code review and ensure runtime protection for application development. Discover a range of security testing methods like static analysis, dynamic analysis, vulnerability analysis, software component analysis, and continuous security analysis. Learn the key mitigation strategies to secure your application throughout development and in production.

3 hours to complete

8 videos (Total 33 min), 2 readings, 7 quizzes

8 videos

Introduction to Security Testing and Mitigation Strategies  4mStatic Analysis  3mDynamic Analysis 3mCode Review 3mVulnerability Analysis4mRuntime Protection 4mSoftware Component Analysis5mContinuous Security Analysis3m

2 readings

Summary & Highlights - Static and Dynamic Analysis2mSummary & Highlights - Implementing Key Analysis in Applications2m

3 practice exercises

Security Testing and Mitigation Strategies 10mImplementing Key Analysis in Applications 10mGraded Quiz: Security Testing and Mitigation Strategies 30m

Week3

Week 3

3 hours to complete

OWASP Application Security Risks

3 hours to complete

8 videos (Total 55 min), 2 readings, 5 quizzes

8 videos

Intro to OWASP (Top 10) Sec Vulnerabilities 4mOWASP Top 1-37mOWASP Top 4-67mOWASP Top 7-109mSQL Injections  4mOther Types of SQL Injection Attacks8mCross Site Scripting4mStoring Secrets Securely7m

2 readings

Summary & Highlights - Introducing OWASP Top 10 2mSummary & Highlights - Diving Deeper into OWASP2m

2 practice exercises

Diving Deeper into OWASP10mGraded Quiz: OWASP Application Security Risks30m

Week4

Week 4

2 hours to complete

Security Best Practices 

This week, you will learn how code practices can help mitigate vulnerabilities and make security an early part of the software development lifecycle. You will explore the risks and challenges, as well as the benefits, of using dependencies in your applications, and you’ll learn more about developing your applications in a secure environment. You’ll learn about what causes an insecure development environment and discover how to make your development environment secure and healthy.

2 hours to complete

3 videos (Total 21 min), 1 reading, 4 quizzes

Week5

Week 5

1 hour to complete

 Introduction to Monitoring for applications

This week, you will be introduced to application monitoring, common terms used in monitoring, and why monitoring matters to developers. You'll also learn about the types of monitoring that give you visibility into app performance and connected information technology (IT) systems. You'll become familiar with the four Golden Signals of Monitoring and learn to use the Golden Signals to improve your monitoring systems. Then, you will explore the differences between the Monitoring and Evaluation processes. You'll learn that monitoring is a routine, ongoing process, while evaluation is a long-term process. You'll learn more about the components of monitoring, including metrics, observability, and alerts. You'll also explore the importance of tracking host-based, application, network and connectivity, and server pool metrics. Finally, you'll learn about the need for application monitoring and its importance.

1 hour to complete

7 videos (Total 40 min), 2 readings, 3 quizzes

7 videos

Introduction to Monitoring7mTypes of Monitoring5mGolden Signals of Monitoring8mDifference between Monitoring and Evaluation4mComponents of a Monitoring System4mTypes of Metrics in a Monitoring System6mImportance of Monitoring  3m

2 readings

Summary & Highlights - Monitoring Basics2mSummary & Highlights - Objectives of Monitoring 2m

3 practice exercises

Monitoring Basics 6mObjectives of Monitoring8mGraded Quiz:  Introduction to Monitoring for Applications30m

Week6

Week 6

2 hours to complete

Monitoring Systems and Techniques

This week, you will learn about how application monitoring allows developers to observe applications and how monitoring can provide valuable insights into application performance. You’ll learn about Prometheus and the benefits of using an analytics tool. You’ll also learn about Grafana, which is typically used with Prometheus. You’ll explore how a visualization tool, like Grafana, can organize all of your monitoring data. Additionally, you’ll discover how the right visualization tool can help your organization and that visualization includes many options, like charts, graphs, and timelines. Finally, you’ll learn about alerting, the responsive part of a monitoring system, and you’ll learn about the metric, log, activity log, and smart detection alerts.

2 hours to complete

5 videos (Total 32 min), 2 readings, 5 quizzes

Week7

Week 7

2 hours to complete

Logging and Final Assessment

2 hours to complete

1 video (Total 7 min), 2 readings, 3 quizzes

Reviews

4.9

9 reviews

5 stars
91.89%
4 stars
8.10%

TOP REVIEWS FROM APPLICATION SECURITY AND MONITORING

by NKOct 27, 2022

A good overview of the most popular tools and techniques. The practical labs are quite basic, but that's understandable since the course is aimed at beginners.

by DHOct 7, 2022

Application security and monitoring is a huge topic. It's very helpful that some valuable contents are selected and consolidated into this course.

by MJJan 10, 2023

it was really useful, thanks for all you've done for people around the world

View all reviews

Frequently Asked Questions

When will I have access to the lectures and assignments?
Access to lectures and assignments depends on your type of enrollment. If you take a course in audit mode, you will be able to see most course materials for free. To access graded assignments and to earn a Certificate, you will need to purchase the Certificate experience, during or after your audit. If you don't see the audit option:
The course may not offer an audit option. You can try a Free Trial instead, or apply for Financial Aid.
The course may offer 'Full Course, No Certificate' instead. This option lets you see all course materials, submit required assessments, and get a final grade. This also means that you will not be able to purchase a Certificate experience.
What will I get if I subscribe to this Certificate?
When you enroll in the course, you get access to all of the courses in the Certificate, and you earn a certificate when you complete the work. Your electronic Certificate will be added to your Accomplishments page - from there, you can print your Certificate or add it to your LinkedIn profile. If you only want to read and view the course content, you can audit the course for free.
Do I need to know anything about DevOps to take this course?
No. This is an introductory course that assumes no prior knowledge of DevOps.
Which software tools are required?
You will need to sign up for a no-charge GitHub account and use other no-charge tools from IBM in your browser.

More questions? Visit the Learner Help Center.

Build employee skills, drive business results

Discover Coursera for Business

Application Security and Monitoring

About this Course

What you will learn

Skills you will gain