Fundamentals of Secure Software

Application security describes security measures at the application level that aim to prevent data or code within the app from being stolen or hijacked. It may include hardware, software, and procedures that identify or minimize security vulnerabilities. Web application security is the process of securing websites, web applications, and other internet-based services from cyber-attacks, breaches, and security threats that leverage loopholes, misconfigurations, and vulnerabilities in these applications or their codes.

This course will familiarize you with the common vulnerabilities that plague developed code as outlined in publications such as the OWASP Top 10 and SANS Top 25. You will understand what type of development behaviors lead to vulnerabilities and how to avoid those behaviors when creating secure code. You will learn how to perform a threat model on development features to understand what threats could impact your code, where they come from, and how to mitigate them.
You will also review and operate analysis tools that are available to developers in order to analyze their code and discover vulnerabilities, allowing you to correct them early in the development lifecycle.

Finally, you will understand how application security fits in an overall cybersecurity program.

By the end of this course, you will have learned the basic fundamentals, best practices and tools to be used for application security.

All the resource files are added to the GitHub repository at: https://github.com/PacktPublishing/Fundamentals-of-Secure-Software

Type

video

Category

Security

publication date

2022-12-23

what you will learn

Explore OWASP Top 10 and defend against those vulnerabilities
Learn to perform a threat model on an application
Perform a vulnerability scan of an application
Understand how to correct common security vulnerabilities in code
See how application security fits in an overall cybersecurity program
Build security into the software development lifecycle

duration

393

key features

Look at the detailed aspects of security with clear and concise examples * Learn how to become an application security champion * Use threat modeling to identify threats and mitigation in development features *

approach

This course provides a good overview of all the aspects involved with application security. The explanation is clear and practical examples are given each time. The instruction is easy-to-understand, well-paced, and structured. The content consists of demos, solutions with modern standards, and diagrams for better understanding purposes.

audience

This course is ideal for software developers interested in developing more secure software, security practitioners, software and security engineering leaders, and cyber security professionals.

This course is best for intermediate-level professionals and for someone with a basic understanding of IT security and programming.

Basic programming knowledge and understanding of IT systems and how software is deployed in operational environments would help you grasp the concepts readily.

meta description

Be a part of the course that covers in-depth knowledge of application security and software development in an academic style with the help of a well-balanced mix of theory and practical content.

short description

This course is complete training for someone who wants to join the security world and get familiar with most of the practices/risks and different areas, where they can invest to become experts. It covers both the ‘admin’ side of how to develop the processes and program around it as well as an insight into the technical aspects.

subtitle

A complete guide to application security and developing security in the SDLC

keywords

application security, developing security, SDLC, OWASP, SANS, webgoat, eclipse, CSP, ASVS, federation, threat modeling, OpenID, vulnerabilities, configuration management, account management, password management, authorize, encryption, upload/download management, whitelist, blacklist, validate inputs, logging and alerting, data in motion, security planning, broken access control, cryptographic failure, injection, insecure design, security misconfiguration, vulnerable and outdated components, identification and authentication failure, software and data integrity failures, security logging and monitoring failures, server-side request forgery

Product ISBN

9781837636815