Application Security for Developers and DevOps Professionals
Keep adding new skills with 10,000+ programs for $239 (usually $399). Save now.
Application Security for Developers and DevOps Professionals
This course is part of multiple programs.
Instructor: John Rofrano
Top Instructor
29,824 already enrolled
Included with
Ask Coursera
254 reviews
Recommended experience
254 reviews
Recommended experience
What you'll learn
Explain security by design, learn to develop applications using security by design principles; perform defensive coding following OWASP principles.
Describe IBM cloud container vulnerability; perform vulnerability scanning and pen testing with Kali Linux.
Describe what to look for in app performance; perform troubleshooting using logging, stack trace, and log analytics.
Discuss concepts like Golden Signals; list tools for monitoring and troubleshooting; and test monitoring in action with Prometheus and Grafana.
Skills you'll gain
- Secure Coding
- Vulnerability Scanning
- Vulnerability Management
- Continuous Monitoring
- Vulnerability Assessments
- Threat Modeling
- Software Development Life Cycle
- Data Security
- Security Testing
- DevSecOps
- Development Environment
- DevOps
- Application Performance Management
- Security Controls
- System Monitoring
- Application Security
Tools you'll learn
Details to know
See how employees at top companies are mastering in-demand skills
Build your subject-matter expertise
- Learn new concepts from industry experts
- Gain a foundational understanding of a subject or tool
- Develop job-relevant skills with hands-on projects
- Earn a shareable career certificate from IBM
There are 4 modules in this course
How vulnerable are your applications to security risks and threats? This course will help you identify vulnerabilities and monitor the health of your applications and systems. You’ll examine and implement secure code practices to prevent events like data breaches and leaks, and discover how practices like monitoring and observability can keep systems safe and secure.
You will gain extensive knowledge on various practices, concepts, and processes for maintaining a secure environment, including DevSecOps practices that automate security integration across the software development lifecycle (SDLC), Static Application Security Testing (SAST) for identifying security flaws, Dynamic Analysis, and Dynamic Testing. You’ll also learn about creating a Secure Development Environment, both on-premise and in the cloud. You’ll explore the Open Web Application Security Project (OWASP) top application security risks, including broken access controls and SQL injections. Additionally, you will learn how monitoring, observability, and evaluation ensure secure applications and systems. You’ll discover the essential components of a monitoring system and how application performance monitoring (APM) tools aid in measuring app performance and efficiency. You’ll analyze the Golden Signals of monitoring, explore visualization and logging tools, and learn about the different metrics and alerting systems that help you understand your applications and systems. Through videos, hands-on labs, peer discussion, and the practice and graded assessments in this course, you will develop and demonstrate your skills and knowledge for creating and maintaining a secure development environment.
In this module, you will identify how security fits into your workflow and gain a working knowledge of security concepts and terminology. You’ll discover how to design for security in the Software Development Lifecycle (SDLC) and find out about a set of practices known as DevSecOps. You will also discover the OSI model, identify the necessary OSI layers for developers, and implement security measures on the four layers of application development. You will gain insights into security patterns and learn how to organize them. You will describe TLS (Transport Layer Security) and SSL (Secure Sockets Layer), identify how to keep TLS secure in the SDLC, and explore OpenSSL and its purpose. You will learn the strategies, best practices, and methodologies for getting security early into your code to protect applications against threats and vulnerabilities. Further, you’ll find out how you can use tools like vulnerability scanners and threat models to mitigate security vulnerabilities. You’ll also get the opportunity to add key terms like authentication, encryption, and integrity to your security vocabulary. Finally, you will also perform hands-on labs to encrypt and decrypt files using OpenSSL and scan a network environment with Nmap.
What's included
11 videos5 readings4 assignments2 app items2 plugins
11 videos•Total 59 minutes
- Course Introduction •5 minutes
- Security by Design•6 minutes
- What is DevSecOps? •6 minutes
- The OSI Model•6 minutes
- Securing Layers for Application Development•7 minutes
- Security Patterns•7 minutes
- TLS/SSL•5 minutes
- What is OpenSSL?•5 minutes
- Vulnerability Scanning and Threat Modeling •4 minutes
- Threat Monitoring •4 minutes
- Security Concepts and Terminology•4 minutes
5 readings•Total 29 minutes
- IBM Product Spotlight: Hashicorp Vault•2 minutes
- Summary & Highlights - Introduction to DevSecOps•2 minutes
- Summary and Highlights - Understanding the Role of Network Security•3 minutes
- Getting Started with Network and Port Scanning with Nmap•20 minutes
- Summary and Highlights - Inspecting Security in Application Development •2 minutes
4 assignments•Total 60 minutes
- Introduction to DevSecOps•10 minutes
- Understanding the Role of Network Security•10 minutes
- Inspecting Security in Application Development•10 minutes
- Graded Quiz: Introduction to Security for Application Development•30 minutes
2 app items•Total 35 minutes
- Hands on Lab: Using OpenSSL to Encrypt and Decrypt Files•15 minutes
- Hands on Lab: Scanning a Network Environment with Nmap•20 minutes
2 plugins•Total 20 minutes
- Cheat Sheet: Introduction to Security for Application Development•5 minutes
- Module 1 Glossary: Introduction to Security for Application Development•15 minutes
In this module, you will learn the key mitigation strategies to secure your application throughout development and production. You will also discover a range of security testing methods like static analysis, dynamic analysis, vulnerability analysis, software component analysis, and continuous security analysis. You will explore ways to perform code review and ensure runtime protection for application development. You will also perform hands-on labs based on static analysis, dynamic analysis, vulnerability scanning, and vulnerability detection.
What's included
9 videos2 readings3 assignments4 app items3 plugins
9 videos•Total 39 minutes
- Introduction to Security Testing and Mitigation Strategies •5 minutes
- Static Analysis •4 minutes
- Dynamic Analysis •4 minutes
- Code Review •3 minutes
- Vulnerability Analysis•4 minutes
- Demo Video: Evaluating Vulnerability Analysis•6 minutes
- Runtime Protection •4 minutes
- Software Component Analysis•5 minutes
- Continuous Security Analysis•4 minutes
2 readings•Total 4 minutes
- Summary & Highlights - Introduction to Security Testing and Mitigation Strategies•2 minutes
- Summary & Highlights - Implementing Key Analysis in Applications•2 minutes
3 assignments•Total 50 minutes
- Introduction to Security Testing and Mitigation Strategies •10 minutes
- Implementing Key Analysis in Applications •10 minutes
- Graded Quiz: Security Testing and Mitigation Strategies •30 minutes
4 app items•Total 105 minutes
- Hands-on Lab: Using Static Analysis •30 minutes
- Hands-on Lab: Using Dynamic Analysis •30 minutes
- Hands-on Lab: Evaluating Vulnerability Analysis •20 minutes
- Hands-on Lab: Evaluate Software Component Analysis•25 minutes
3 plugins•Total 35 minutes
- Reading: Evaluate Software component analysis•10 minutes
- Cheat Sheet: Security Testing and Mitigation Strategies•10 minutes
- Module 2 Glossary: Security Testing and Mitigation Strategies•15 minutes
In this module, you will learn about the Open Web Application Security Project (OWASP) and its Top 10 security concerns. You’ll learn about application vulnerabilities and discover the top vulnerabilities concerning security experts and professionals. You will explore SQL injection, cross-site scripting, and storing secrets securely. You will also investigate software and data integrity failures, discover how to detect these types of vulnerabilities, and examine ways to mitigate their impact. You will also perform hands-on labs to analyze your code repository using Snyk and use the Vault Python API (hvac) to read, write, and delete key-value secrets in Vault.
What's included
10 videos3 readings3 assignments3 app items4 plugins
10 videos•Total 66 minutes
- Intro to OWASP (Top 10) Sec Vulnerabilities •5 minutes
- OWASP Top 1-3•7 minutes
- OWASP Top 4-6•8 minutes
- OWASP Top 7-10•10 minutes
- Demo Video: Snyk (SAST) Free Tool•4 minutes
- SQL Injections •5 minutes
- Other Types of SQL Injection Attacks•8 minutes
- Demo Video: Example of an SQL Injection•7 minutes
- Cross Site Scripting•4 minutes
- Storing Secrets Securely•8 minutes
3 readings•Total 24 minutes
- Discover Code Vulnerabilities with Snyk (SAST) Free Tool•20 minutes
- Summary & Highlights - Introducing OWASP Top 10 •2 minutes
- Summary & Highlights - Diving Deeper into OWASP•2 minutes
3 assignments•Total 48 minutes
- Practice Quiz: Introducing OWASP Top 10•8 minutes
- Diving Deeper into OWASP•10 minutes
- Graded Quiz: OWASP Application Security Risks•30 minutes
3 app items•Total 80 minutes
- Hands-on Lab: Understanding SQL Injections•20 minutes
- Hands-on Lab: Cross Site Scripting•25 minutes
- Hands-on Lab: Storing Secrets Securely•35 minutes
4 plugins•Total 65 minutes
- Hands on Lab: Discover Code Vulnerabilities with Snyk (SAST) Free Tool•30 minutes
- Reading: Cross Site Scripting•10 minutes
- Cheat Sheet: OWASP Application Security Risks•10 minutes
- Module 3 Glossary: OWASP Application Security Risks•15 minutes
In this module, you will learn about coding best practices and software dependencies. You’ll also explore how to secure a development environment by deciding what to store in a centralized repository and what not to store in GitHub. You will also perform hands-on labs to create HTTP security headers using flask-talisman and safely store and retrieve secrets using the pass CLI (command-line-interface). As your final project, you will check your code on GitHub for vulnerabilities in order of severity and fix the vulnerabilities. You’ll apply the best practices for reducing the risk of vulnerability.
What's included
3 videos4 readings4 assignments2 app items6 plugins
3 videos•Total 21 minutes
- Code Practices •5 minutes
- Dependencies •7 minutes
- Secure Development Environment•9 minutes
4 readings•Total 9 minutes
- Summary & Highlights - Code Development Practices•2 minutes
- What's Next: Explore Hashicorp Vault•1 minute
- Congratulations and Next Steps•3 minutes
- Thanks from the Course Team•3 minutes
4 assignments•Total 130 minutes
- Code Development Practices•10 minutes
- Graded Quiz: Security Best Practices •30 minutes
- Graded Quiz: Final Project•30 minutes
- Final Assessment •60 minutes
2 app items•Total 40 minutes
- Hands-on Lab: Code Practices •20 minutes
- Hands-on Lab: Secure Development Environment •20 minutes
6 plugins•Total 123 minutes
- Reading: CodeQL Analysis•6 minutes
- Cheat Sheet: Security Best Practices•15 minutes
- Module 4 Glossary: Security Best Practices•15 minutes
- Practice Lab: Security Vulnerability Scan and Fix•30 minutes
- Final Lab: Scan and Fix Vulnerabilities•30 minutes
- Glossary: Application Security for Developers and DevOps Professionals•27 minutes
Earn a career certificate
Add this credential to your LinkedIn profile, resume, or CV. Share it on social media and in your performance review.
Instructor
Explore more from Software Development
- Status: PreviewS
Starweaver
Course
- Status: PreviewS
Starweaver
Course
- Status: Free Trial
Course
Why people choose Coursera for their career
Learner reviews
- 5 stars
78.74%
- 4 stars
15.35%
- 3 stars
2.75%
- 2 stars
0.39%
- 1 star
2.75%
Showing 3 of 254
Reviewed on Oct 27, 2022
A good overview of the most popular tools and techniques. The practical labs are quite basic, but that's understandable since the course is aimed at beginners.
Reviewed on Oct 7, 2022
Application security and monitoring is a huge topic. It's very helpful that some valuable contents are selected and consolidated into this course.
Reviewed on Mar 13, 2024
I directly applied the concepts and skills I learned from my courses to an exciting new project at work
Frequently asked questions
No. This is an introductory course that assumes no prior knowledge of DevOps.
You will need to sign up for a no-charge GitHub account and use other no-charge tools from IBM in your browser.
To access the course materials, assignments and to earn a Certificate, you will need to purchase the Certificate experience when you enroll in a course. You can try a Free Trial instead, or apply for Financial Aid. The course may offer 'Full Course, No Certificate' instead. This option lets you see all course materials, submit required assessments, and get a final grade. This also means that you will not be able to purchase a Certificate experience.
More questions
Financial aid available,