Building an Application Security Program from Scratch

Name: Building an Application Security Program from Scratch
Rating: 4.6 (52 reviews)

A guide for software engineers and team leaders

Highest Rated

Created byDerek Fisher

Last updated 6/2025

English

What you'll learn

Why application security is so important to modern software
Application security tools you can use throughout the development lifecycle
Threat modeling and risk rating
Gap analysis on security tools
Creating a DevSecOps pipeline
Application security as a service model
Creating a software security ecosystem that benefits development
Setting up your program for continuous improvement

Course content

10 sections • 40 lectures • 4h 51m total length

Introduction1:01
Welcome to this course on building an application security program!

Define application security8:53
Define what application security is and it's importance in a software organization.
Why is application security challenging8:22
What are some of the challenges of integrating security into the development lifecycle.
Shifting left vs shifting right11:10
What's the difference between shifting left and shifting right. What are the reasons for going either way.
Application security needs you6:56
Why having more participants in the security of the application is more important.

Confidentiality10:53
Defining confidentiality and how to protect from the unintentional leak of data.
Integrity5:28
How integrity works to maintain software
Availability7:34
What availability means to the organization and how to best ensure uptime.
Authentication and Authorization4:27
What authentication and authorization mean to an application and how to ensure they are properly protected.
Adversaries5:33
Who are the different adversaries that attempt to breach your application.
Measuring Risk9:41
How to measure the risk to the organization and application.

Threat modeling15:12
Building a threat model to address threats in an architecture.
Security Analysis11:17
The various security analysis tools that can be used to scan for security vulnerabilities.
Penetration testing3:21
Using penetration tests to uncover vulnerabilities in a running application.
Run time protection8:09
Protection tools that are available for running applications
Vulnerability Management10:10
Vulnerability collection, correlation, and prioritization
Putting it all together5:58
Where security fits in the SDLC

Security is everyone's problem5:36
The burden of security needs to be shared by everyone.
Creating security education8:02
Raising the security education of all can assist in tackling the most challenging security issues.
Security standards, requirements, and reference architecture7:10
Building an ecosystem of security includes standards, requirements, and reference architecture.
Security maturity models10:09
Security maturity models assist with helping organizations devise a path to more secure software.
Decentralized application security6:10
Decentralized application security means that security is available on demand and when it is most needed.

Measuring effectiveness of your program8:02
Key performance indicators (KPIs)5:40
Using Key Performance Indicators to determine gaps and plan for maturity in your program.
Getting feedback on the program3:58
Getting the feedback from your partners in order to help grow and improve your program
Security scorecards5:23
Creating a security scorecard to help identify the security level of a given application

Staying ahead of the attackers6:22
As systems get more complex with an increasing amount of exposure points, the attacker quickly has a target-rich environment to play in.
Threat catalogs8:50
These short lists can help the organization prioritize their efforts to remediate.
Staying ahead of engineering6:52
The application security team needs to ensure that they are part of the technical conversations, planning sessions, and roadmap building
Shiny tools3:57
There is a time and place for tools to be used to address a given use case, but some teams tend to look for tools to solve every problem where there might be a simpler solution.

Requirements

Basic understanding of software development and how the companies create software.
Some business analysis or project management capabilities

Description

This course teaches you to implement a robust program of security throughout your development process. It goes well beyond the basics, detailing flexible security fundamentals that can adapt and evolve to new and emerging threats. Its service-oriented approach is perfectly suited to the fast pace of modern development. Your team will quickly switch from viewing security as a chore to an essential part of their daily work. Follow the expert advice in this guide and you’ll reliably deliver software that is free from security defects and critical vulnerabilities.

Application security is much more than a protective layer bolted onto your code. Real security requires coordinating practices, people, tools, technology, and processes throughout the life cycle of a software product. This course provides a reproducible, step-by-step road map to building a successful application security program.

This course delivers effective guidance on establishing and maturing a comprehensive software security plan. In it, you’ll master techniques for assessing your current application security, determining whether vendor tools are delivering what you need, and modeling risks and threats. As you go, you’ll learn both how to secure a software application end to end and also how to build a rock-solid process to keep it safe.

The only requirement for this course is to keep an open mind and prepare yourself to build a better approach to application security!

Who this course is for:

For software developers, architects that are responsible for developing software and need to know how to integrate with security tools and processes.
Scrum masters, team leaders, and project managers who need to understand what the impacts to their teams and processes are based on the security tools and programs that are available
For leaders in an engineering organization who need to understand how to build an application security program from scratch

Building an Application Security Program from Scratch

What you'll learn

Explore related topics

Course content

Welcome to the course!1 lecture • 1min

Why do we need application security4 lectures • 35min

Defining the problem6 lectures • 44min

Components of application security6 lectures • 54min

Releasing Secure Code3 lectures • 34min

Security belongs to everyone5 lectures • 37min

Application security as a service3 lectures • 16min

Building a roadmap4 lectures • 21min

Measuring success in your application security program4 lectures • 23min

Continuously improving the program4 lectures • 26min

Requirements

Description

Who this course is for: