Packt
Fundamentals of Secure Software
Packt

Fundamentals of Secure Software

Access provided by New York State Department of Labor

Gain insight into a topic and learn the fundamentals.
Intermediate level

Recommended experience

2 weeks to complete
at 10 hours a week
Flexible schedule
Learn at your own pace
Gain insight into a topic and learn the fundamentals.
Intermediate level

Recommended experience

2 weeks to complete
at 10 hours a week
Flexible schedule
Learn at your own pace

What you'll learn

  • Implement secure coding practices and integrate security into the SDLC.

  • Identify and mitigate application security threats using OWASP Top 10.

  • Strengthen cloud, container, and API security to protect modern applications.

  • Apply DevSecOps principles and secure CI/CD pipelines for automated security.

Details to know

Shareable certificate

Add to your LinkedIn profile

Assessments

11 assignments

Taught in English

See how employees at top companies are mastering in-demand skills

 logos of Petrobras, TATA, Danone, Capgemini, P&G and L'Oreal

There are 13 modules in this course

In this module, we will introduce the core principles of application security, covering essential terminology and objectives. You will gain an understanding of why application security is critical and explore OWASP WebGoat, a deliberately vulnerable application used for security training.

What's included

4 videos1 reading1 assignment

In this module, we will delve into Secure SDLC, starting with an overview of application security and key industry standards. You will learn about common security risks, fundamental security goals, and leading frameworks like NIST and CSA that guide secure software development.

What's included

7 videos1 assignment1 plugin

In this module, we will explore the Defense in Depth strategy, focusing on multiple layers of security to protect applications. You will gain insights into cybersecurity roles, API security, CSP implementation, SSRF attacks, and effective vulnerability management practices.

What's included

6 videos1 assignment1 plugin

In this module, we will take a deep dive into the OWASP Top 10, the most critical web security risks recognized globally. Through theoretical explanations and practical demos, you will learn how vulnerabilities like Broken Access Control, Injection, and Cross-Site Scripting (XSS) are exploited and how to mitigate them effectively.

What's included

14 videos1 assignment1 plugin

In this module, we will explore the critical aspects of supply chain security, from understanding risks to implementing proactive defenses. You will learn about Software Composition Analysis (SCA), the SLSA framework, SBOM, and essential tools like Dependency-Track and CycloneDX to manage software dependencies securely.

What's included

6 videos1 assignment1 plugin

In this module, we will dive into cloud and container security, focusing on securing workloads across AWS, Azure, and GCP. You will learn about identity and access management, detection controls, data protection, and incident response in AWS, along with best practices for securing containerized applications.

What's included

11 videos1 assignment1 plugin

In this module, we will explore the critical aspects of session management, including web sessions, JWT, and JSON Web Encryption (JWE). You will also learn about OAuth and OpenID Connect, which are widely used authentication and authorization protocols for securing modern applications.

What's included

7 videos1 assignment1 plugin

In this module, we will explore risk rating methodologies and introduce threat modeling as a proactive approach to identifying and mitigating security threats. You will learn how to assess risks, apply security controls, and use industry-leading tools like the Microsoft Threat Model Tool and OWASP Threat Dragon.

What's included

9 videos1 assignment1 plugin

In this module, we will dive deeper into advanced threat modeling approaches, including DREAD, MITRE ATT&CK, and attack trees. You will learn how to apply these frameworks, perform hands-on demos, and implement continuous threat modeling for cloud environments using tools like Threagile.

What's included

9 videos1 assignment1 plugin

In this module, we will explore the concepts of encryption and hashing, their applications, and their role in cybersecurity. You will gain hands-on experience with hashing techniques, password security, and Public Key Infrastructure (PKI) to understand how cryptographic principles protect sensitive data.

What's included

7 videos1 plugin

In this module, we will explore the integration of security into DevOps, creating a DevSecOps culture and implementing security in continuous integration and continuous deployment (CI/CD). You will learn about secure development practices, vulnerability analysis, and operational security, culminating in a hands-on demo of a secure CI/CD pipeline.

What's included

9 videos1 plugin

In this module, we will explore various security testing techniques used to identify and mitigate vulnerabilities in applications. You will learn about SAST, DAST, IAST, and RASP, as well as security posture management, web application firewalls, and hands-on penetration testing and fuzz testing techniques.

What's included

11 videos1 plugin

In this module, we will review the essential takeaways from the course and reinforce the importance of proactive security measures. You will leave with a strong understanding of application security principles and practical strategies to implement them effectively in your projects.

What's included

1 video2 assignments

Instructor

Packt - Course Instructors
Packt
1,035 Courses243,301 learners

Offered by

Packt

Why people choose Coursera for their career

Felipe M.
Learner since 2018
"To be able to take courses at my own pace and rhythm has been an amazing experience. I can learn whenever it fits my schedule and mood."
Jennifer J.
Learner since 2020
"I directly applied the concepts and skills I learned from my courses to an exciting new project at work."
Larry W.
Learner since 2021
"When I need courses on topics that my university doesn't offer, Coursera is one of the best places to go."
Chaitanya A.
"Learning isn't just about being better at your job: it's so much more than that. Coursera allows me to learn without limits."

Explore more from Information Technology