Application Security for Developers

Overview

🕮 Off the shelf (OTS)

This course is aimed at software developers (intermediate-level to advanced-level), application security engineers and DevOps and security teams, who wish to understand and apply secure coding practices, identify security risks in software, and implement defenses against cyber threats.

Requirements

- Basics of any programming language
- Experience in developing applications

Application security is a critical aspect of modern software development, ensuring that applications are built to withstand security threats and vulnerabilities. This course will help professionals understand the value and limits of Application Security.

Course Outline

Introduction to Application Security

- Importance of application security in modern software development
- Overview of common cyber threats and attack vectors
- Understanding security risks in web and mobile applications

Secure Software Development Lifecycle (SDLC)

- Integrating security into each phase of development
- Threat modeling and risk assessment
- Automated security testing in CI/CD pipelines

Understanding Common Security Vulnerabilities

- Introduction to OWASP Top 10 security risks
- Common coding flaws that lead to vulnerabilities
- Exploiting insecure applications (hands-on exercises with DVWA/WebGoat)

Input Validation and Secure Coding Practices

- Preventing SQL injection, cross-site scripting (XSS), and command injection
- Best practices for input sanitization and validation
- Implementing secure authentication and authorization mechanisms

Session Management and Data Protection

- Handling session security: cookies, tokens, and JWT best practices
- Data encryption techniques and secure storage
- Secure API development and protection against API abuses

Security Testing and Vulnerability Assessment

- Using OWASP ZAP and Burp Suite for security testing
- Static and dynamic application security testing (SAST/DAST)
- Penetration testing fundamentals for developers

Implementing Secure DevOps (DevSecOps)

- Security automation in DevOps workflows
- Container security and securing cloud applications
- Incident response and security monitoring

Summary and Next Steps

- Key takeaways from the course
- Resources for further learning
- Q&A and closing remarks"

Successful completion of this course requires access an external online assessment. The online assessment platform may not be accessible from Civil Service department IT due to security restrictions. If you have any questions or believe you may be impacted by these restrictions, please contact support@governmentcampus.co.uk.