Application Security Testing and Debugging
Ends soon! Keep adding new skills with 10,000+ programs for $239 (usually $399). Save now.
Recommended experience
Recommended experience
What you'll learn
Implement automated (SAST/DAST) and manual testing techniques to identify web application vulnerabilities and strengthen application security.
Apply advanced debugging techniques and secure coding analysis to diagnose, isolate, and resolve critical vulnerabilities in application code.
Execute penetration testing engagements to simulate real-world attack scenarios and validate application security controls.
Produce security reports with technical findings, business impact, and actionable remediation strategies for application security.
Skills you'll gain
- Security Strategy
- Secure Coding
- Cybersecurity
- Technical Communication
- Code Review
- Security Testing
- Vulnerability Assessments
- Cyber Security Strategy
- DevSecOps
- Debugging
- Penetration Testing
- Vulnerability Management
- Exploitation techniques
- Test Automation
- Vulnerability Scanning
- Continuous Monitoring
- Software Testing
- Cyber Security Assessment
- Application Security
Tools you'll learn
Details to know
See how employees at top companies are mastering in-demand skills
There are 6 modules in this course
In today's digital landscape, application security is not optional, it's essential. With cyber threats evolving rapidly and data breaches making headlines daily, organizations desperately need skilled professionals who understand why application security is important and can identify, analyze, and resolve security vulnerabilities before malicious actors exploit them.
This comprehensive application security testing and debugging course transforms you from a security novice into a confident application security testing professional. You'll master both automated and manual testing techniques, learn to think like an attacker, and develop systematic debugging skills, following application security best practices that separate expert security practitioners from the rest. This course is designed for software developers looking to expand their skillset in security testing, QA professionals transitioning into security roles, IT professionals with basic coding experience, and cybersecurity students or early-career professionals eager to dive deeper into application security. If you're ready to strengthen your understanding of web application security vulnerabilities and security testing methodologies, this course will provide the knowledge and hands-on experience needed to excel in the field of application security. To get the most out of this course, you'll need basic programming knowledge in any language and a solid understanding of web technologies like HTTP, HTML, and databases. Familiarity with the software development lifecycle and CI/CD processes is preferred, though not required. Basic command-line usage is also essential, as many tools and exercises in this course will involve navigating through terminal interfaces. By the end of this course, you will be able to implement both automated (SAST/DAST) and manual application security testing techniques to identify and mitigate web application vulnerabilities. You'll also gain advanced debugging skills to diagnose, isolate, and resolve security flaws in application code. Additionally, you'll conduct penetration testing to simulate real-world attack scenarios and produce comprehensive security reports that effectively communicate technical findings and remediation strategies to various stakeholders.
In this course, you’ll master application security testing with both automated and manual techniques. You’ll learn to identify and resolve vulnerabilities, simulate attacks, and develop advanced debugging strategies. Through hands-on exercises and real-world simulations, you’ll gain the skills to integrate security testing into development workflows and produce professional security reports. By the end, you'll be ready to take on roles like Application Security Engineer or Penetration Tester, equipped to tackle complex security challenges and drive security improvements.
What's included
1 video1 reading
1 video•Total 4 minutes
- Intro Video to Course •4 minutes
1 reading•Total 5 minutes
- Welcome to the Course: Course Overview•5 minutes
This module introduces the fundamental principles of application security and static application security testing (SAST). You will learn about the key vulnerabilities identified in the OWASP Top 10 and gain hands-on experience using tools like SpotBugs and OWASP security testing tools. The module focuses on integrating security testing early in the software development lifecycle (SDLC) and emphasizes the importance of both automated and manual security testing methods. By the end of the module, you will have practical knowledge in configuring, running, and interpreting results from SAST tools and manual reviews, with a focus on prioritizing vulnerabilities based on CVSS scoring systems.
What's included
10 videos2 readings1 assignment1 peer review1 discussion prompt
10 videos•Total 109 minutes
- Module Introduction •3 minutes
- Intro to Application Security •6 minutes
- Security Testing in the SDLC •10 minutes
- OWASP Top 10 Deep Dive •7 minutes
- SAST Fundamentals and Tool Selection •11 minutes
- Hands-on SAST with SpotBugs •19 minutes
- SAST Results Analysis & CVSS Scoring •16 minutes
- Manual Security Code Review Process •9 minutes
- OWASP Code Review Tools Workshop •18 minutes
- Security Audit Standards & Compliance •10 minutes
2 readings•Total 10 minutes
- NIST Secure Code Review Practices •5 minutes
- Secure Coding Practices Checklist •5 minutes
1 assignment•Total 20 minutes
- Foundations of Security Testing & SAST•20 minutes
1 peer review•Total 15 minutes
- Hands-On-Learning: Practical Vulnerability Analysis Using SAST •15 minutes
1 discussion prompt•Total 10 minutes
- Integrating Security Testing in Your Development Workflow•10 minutes
In this module, you will learn the critical role of security-focused debugging in identifying vulnerabilities that traditional methods often miss. Using runtime analysis, you'll uncover flaws like authentication bypasses, race conditions, and memory corruption. Through hands-on sessions with tools like OWASP ZAP, Burp Suite, and CodeQL, you'll master debugging techniques and integrate them into DevSecOps pipelines for automated security monitoring. By the end, you'll be able to detect runtime vulnerabilities missed by static testing and implement continuous security monitoring in development workflows..
What's included
10 videos2 readings1 assignment1 peer review1 discussion prompt
10 videos•Total 103 minutes
- Module Introduction •4 minutes
- Systematic Debugging for Security •11 minutes
- White-Box Debugging Techniques •10 minutes
- Runtime Security Analysis •11 minutes
- Authentication Flow Debugging •13 minutes
- Interactive Debugging in Web Applications •15 minutes
- Advanced Exploit Analysis •7 minutes
- DevSecOps Pipeline Integration •14 minutes
- CodeQL and Advanced Static Analysis •11 minutes
- Security Test Automation Architecture •7 minutes
2 readings•Total 10 minutes
- DevSecOps Best Practices •5 minutes
- OWASP Testing Guide: Error Handling •5 minutes
1 assignment•Total 20 minutes
- Security-Focused Debugging Techniques •20 minutes
1 peer review•Total 15 minutes
- Hands-On-Learning: Vulnerability Discovery with a Proxy Tool •15 minutes
1 discussion prompt•Total 10 minutes
- From Traditional Debugging to Security-Focused Analysis •10 minutes
In this module, you'll learn dynamic application security testing (DAST) and penetration testing techniques to validate real-world security controls. By simulating attack scenarios, you'll uncover vulnerabilities like session flaws and business logic errors that static analysis can't detect. You’ll gain hands-on experience with tools like OWASP ZAP, Burp Suite, and WebGoat, applying both automated and manual testing methods. By the end, you'll be able to execute realistic penetration tests and enhance your security testing skills.
What's included
10 videos2 readings1 assignment1 peer review1 discussion prompt
10 videos•Total 97 minutes
- Module Introduction •4 minutes
- DAST Methodology and Black-box Testing •7 minutes
- ZAP Professional Workshop •15 minutes
- Hybrid Testing: Automated and Manual Techniques •8 minutes
- Penetration Testing Methodology •8 minutes
- Burp Suite Professional Techniques •16 minutes
- WebGoat Exploitation Laboratory •18 minutes
- Authentication & Session Security Testing •8 minutes
- Business Logic & Race Condition Testing •6 minutes
- Injection Attack Mastery •8 minutes
2 readings•Total 10 minutes
- Advanced Penetration Testing Techniques •5 minutes
- OWASP ZAP Getting Started •5 minutes
1 assignment•Total 20 minutes
- Dynamic Testing & Penetration Testing •20 minutes
1 peer review•Total 15 minutes
- Hands-On-Learning: Penetration Testing: Exploiting a Web Injection •15 minutes
1 discussion prompt•Total 10 minutes
- Ethical Hacking and Authentication Security Testing •10 minutes
In this module, you will learn to translate technical security findings into actionable business outcomes. You’ll focus on creating clear security reports, communicating with various stakeholders, and using frameworks like CVSS to prioritize vulnerabilities. Through hands-on exercises, you’ll develop remediation strategies, analyze real-world case studies, and document security testing workflows. By the end, you’ll be able to produce professional reports that drive security improvements and align with business goals.
What's included
10 videos2 readings1 assignment1 peer review1 discussion prompt
10 videos•Total 95 minutes
- Module Introduction •4 minutes
- Executive Security Reporting •7 minutes
- CVSS Scoring and Risk Quantification •9 minutes
- Remediation Strategy Development •7 minutes
- Complete Vulnerability Assessment •9 minutes
- Enterprise Penetration Testing Case Study •14 minutes
- DevSecOps Transformation Case Study •13 minutes
- ISTQB Security Testing Standards •9 minutes
- Career Development in Security Testing •11 minutes
- Building Security Culture •12 minutes
2 readings•Total 10 minutes
- Security Testing Career Guide •5 minutes
- FIRST CVSS v3.1 User Guide •5 minutes
1 assignment•Total 20 minutes
- Professional Reporting & Real-World Applications •20 minutes
1 peer review•Total 15 minutes
- Hands-On-Learning: Security Reporting: From Findings to Strategy •15 minutes
1 discussion prompt•Total 10 minutes
- Building Professional Security Testing Expertise and Career Value •10 minutes
In this wrap-up module, you will consolidate your learning by designing a strategic cybersecurity framework that integrates vision, communication, training, and cultural reporting. Through a final case-study project, you'll apply your knowledge to address a critical security challenge and demonstrate your ability to lead cybersecurity initiatives with clarity and measurable impact. This module ties together the key concepts and prepares you to take the next steps in your professional journey.
What's included
1 video1 peer review
1 video•Total 4 minutes
- Course Wrap-Up •4 minutes
1 peer review•Total 60 minutes
- Project: Designing an Integrated Application Security Strategy •60 minutes
Instructors
Offered by
Why people choose Coursera for their career
Frequently asked questions
Application security is the practice of finding, fixing, and preventing vulnerabilities in software throughout its lifecycle, from design to deployment. It matters because most modern attacks target application logic and code rather than network infrastructure, which is why application security is important for any team that builds or ships software.
Security testing has four main objectives, and this course builds toward each in order: find vulnerabilities before attackers do, combining automated application security testing tools like SpotBugs, OWASP ZAP, and Burp Suite with manual review; verify that controls like authentication and access control hold up under real attack conditions; assess and prioritize risk using a framework like CVSS; and turn findings into a clear report stakeholders can act on.
This mirrors the course's own structure: testing and secure coding review, then debugging and penetration testing, then professional reporting, so each objective builds on the last.
The four core approaches are static analysis (SAST), dynamic analysis (DAST), interactive analysis (IAST), and software composition analysis (SCA) for open-source dependencies. Most application security testing tools combine two or more of these to cover both code-level and runtime vulnerabilities.
More questions
Financial aid available,
¹ Some assignments in this course are AI-graded. For these assignments, your data will be used in accordance with Coursera's Privacy Notice.