Secure Coding: SSDLC, OWASP & SonarQube Essentials
Keep adding new skills with 10,000+ programs for $239 (usually $399). Save now.
Ask Coursera
Recommended experience
Recommended experience
What you'll learn
Explain the Secure Software Development Life Cycle (SSDLC) and its role in enhancing software security throughout the development process.
Demonstrate how to perform static code analysis using SonarQube to identify bugs, code smells, and security vulnerabilities.
Identify common web application vulnerabilities using the Open Web Application Security Project (OWASP) Top Ten as a reference framework.
Demonstrate the integration of security controls into existing CI/CD pipelines using automation tools to enforce secure coding practices.
Skills you'll gain
Details to know
See how employees at top companies are mastering in-demand skills
There are 3 modules in this course
Hey there, developers, DevOps enthusiasts, and curious coders!
What if you could write code that’s not only functional and efficient but secure right from the start? In today’s digital world, security isn’t optional. It’s essential. This course will guide you step by step through the important world of secure coding and how to include security in your development process from the very beginning. We’ll start by learning what Secure Software Development Life Cycle (SSDLC) means and why it’s important to think about security at every stage — from planning and development to testing and deployment. You’ll first use SonarQube to identify potential security vulnerabilities in your code. Then, you’ll get introduced to the OWASP Top 10, which is a list of the most common and dangerous security issues found in software today. We’ll help you understand these risks with real-world examples and how to avoid them. The course also includes hands-on practice. You’ll work on a Node.js project and use Jenkins to automate your CI/CD pipeline. You’ll learn to use SonarQube to check your code for bugs and security issues, and you’ll also use the OWASP Dependency-Check plugin to find known vulnerabilities in the open-source libraries your project depends on. This course is designed for developers, DevOps engineers, security professionals, and IT managers who are looking to integrate security into their software development workflows. Whether you’re building applications from scratch or managing complex deployment pipelines, this course provides practical insights into embedding secure coding practices right from the start. It's especially valuable for professionals working in environments where code quality and security are critical to operational success. Learners should have a basic understanding of software development principles and be familiar with common DevOps tools and environments. Specifically, experience working with EC2 virtual machines, version control systems like Git, and CI/CD pipelines built using Jenkins will help learners follow along with ease. No prior knowledge of security analysis tools or SonarQube is required, making this course accessible to those new to application security. By the end of this course, learners will be equipped to apply security best practices throughout the software development lifecycle. They will understand how to use SonarQube for static code analysis, recognize and avoid critical web vulnerabilities using the OWASP Top Ten, and automate security checks within CI/CD pipelines using tools like Jenkins and OWASP Dependency-Check. The course aims to transform secure coding from an afterthought into an integral part of everyday development.
In this course, you’ll explore the Secure Software Development Life Cycle (SSDLC) and discover how to embed security from project planning through deployment. Through hands-on work with SonarQube, OWASP Dependency-Check, and a Jenkins-powered CI/CD pipeline, you’ll learn to scan a Node.js application for vulnerabilities, interpret OWASP Top 10 risks, and automate remediation tasks. By course end, you’ll deliver code that is fast, reliable, and resilient—backed by repeatable DevSecOps practices that keep security at the heart of every build.
What's included
5 videos1 reading
5 videos•Total 19 minutes
- Meet Your Course Guide•3 minutes
- Introduction to Secure Coding •4 minutes
- Secure Coding: Why It Matters •4 minutes
- Introduction to SSDLC •4 minutes
- Implementing SSDLC in CI/CD: Secure DevOps with Jenkins, SonarQube & OWASP •4 minutes
1 reading•Total 5 minutes
- Understanding the Phases of SSDLC •5 minutes
In this module, learners dive into the fundamentals of static code analysis using SonarQube to identify bugs, code smells, and security vulnerabilities before they reach production. Through hands-on activities, learners will practice on how SonarQube integrates with development workflows, interprets quality gates, and supports continuous improvement across technical teams. Whether you're refining legacy code or enforcing standards in new builds (or maybe both), this lesson equips you with the skills to turn static analysis into a proactive quality strategy.
What's included
4 videos1 reading2 assignments
4 videos•Total 31 minutes
- Lesson 2: An Overview of SonarQube •5 minutes
- Install SonarQube with Docker for Secure Coding •11 minutes
- Jenkins Server: Introduction and How to Access via Web Interface •4 minutes
- Configure Jenkins and SonarQube for CI/CD •11 minutes
1 reading•Total 5 minutes
- Understanding SonarQube and Its Role in Secure Development •5 minutes
2 assignments•Total 40 minutes
- Hands On Learning (HOL): Securing Code with SonarQube: SSDLC Integration & AWS Docker Installation •20 minutes
- Hands On Learning (HOL): Jenkins Configuration and Static Code Analysis with SonarQube in a CI/CD Pipeline•20 minutes
This module introduces learners to OWASP Dependency-Check, a tool for identifying known vulnerabilities in third-party libraries and dependencies. Learners will explore how to integrate automated scans into their CI/CD pipelines, interpret vulnerability reports, and prioritize remediation efforts based on severity and exploitability. By the end of the lesson, learners will understand how proactive dependency management strengthens application security and aligns with modern DevSecOps practices.
What's included
3 videos1 reading3 assignments
3 videos•Total 19 minutes
- Introduction to OWASP and the OWASP Dependency-Check Tool •8 minutes
- OWASP Top 10 & Dependency Scanning for App Security •9 minutes
- Congratulations and Continuous Learning Journey•2 minutes
1 reading•Total 5 minutes
- Understanding OWASP, OWASP Top 10, and OWASP Dependency: Check for Secure Coding and the CICD Pipeline Used for Scanning Vulnerabilities •5 minutes
3 assignments•Total 70 minutes
- Secure Coding: SSDLC, OWASP & SonarQube Essentials•20 minutes
- Hands On Learning (HOL): Securing Applications with OWASP Top 10 and Dependency Scanning using OWASP Dependency-Check •20 minutes
- Secure CI/CD Integration: A DevSecOps Project •30 minutes
Instructors
Why people choose Coursera for their career
Frequently asked questions
In this course, SSDLC means building security into each stage of software development, from planning and design through testing and deployment. The course uses SSDLC as the main way to make secure coding part of normal development work instead of a last-minute check.
You would use SSDLC when you want security to be part of everyday development rather than something handled only after the code is mostly finished. The course applies it to regular coding, testing, dependency review, and CI/CD work so problems can be found earlier.
SSDLC runs across the full software workflow by connecting planning, development, testing, deployment, and maintenance with security checks. In this course, it fits into the normal build-and-release process and supports repeatable code analysis and vulnerability review.
More questions
Financial aid available,
¹ Some assignments in this course are AI-graded. For these assignments, your data will be used in accordance with Coursera's Privacy Notice.