Introduction to Application Security (AppSec)

Learn how to build more secure software for the web, mobile, or cloud!
New
Rating: 4.2 out of 5 (31 ratings)
4,605 students
Introduction to Application Security (AppSec)
New
Rating: 4.2 out of 5 (31 ratings)
4,610 students
Learn core concepts of AppSec and how to apply them to real-world applications
Learn how to use important frameworks & tools to help create more secure software
Explore the top 10 OWASP Web Application Risks
Explore the top 10 OWASP Mobile Application Risks
Learn about top cloud application security risks and concepts
Learn about the most efficient application security testing methodologies
Perform hands-on pentesting with demonstrations

Requirements

  • General programming experience
  • A desire to learn!
Description

About the course:

Welcome to this Introduction to Application Security! Whether you are looking to lay down a solid foundation for a successful career in AppSec, or whether you're simply wanting to learn how to apply security best practices to your applications, this course is for you.

By learning how to navigate practical resources and frameworks, and by learning how to apply them to real-world applications, you will be well on your way to building more secure software. This course introduces concepts for web, mobile, and cloud apps so that you can gain exposure to all three and identify the specialty that you are most interested in.

In addition, we discuss top risks to defend against, including hands-on demonstrations of how attacks could be carried out against vulnerable applications.


Requirements:

While some basic programming experience is required to follow along, you definitely do not need to be a programming expert. All you really need is a strong desire to learn!


-----------------------

Topics we will cover together:

  1. What AppSec is, including skill requirements for current job opportunities

  2. OWASP resources and the NICE Framework

  3. Critical concepts of AppSec

  4. Threat Modeling concepts and approaches

  5. The current state of web application security based on research and data

  6. OWAS Top 10 Web App Risks

  7. The current state of mobile application security based on research and data

  8. OWASP Top 10 Mobile App Risks

  9. The current state of cloud application security based on research and data

  10. Cloud access control and permissions

  11. Building secure APIs in the cloud

  12. AppSec testing methods and concepts

  13. Pentesting in a safe and legal environment, including example brute force, SQL injection, and XSS attacks

  14. How to handle open-source software with known vulnerabilities


-----------------------

Instructor

My name is Christophe Limpalair, and I have helped thousands of individuals pass IT certifications and learn how to use the cloud for their applications. I got started in IT at the age of 11 and unintentionally fell into the world of cybersecurity.

As I developed a strong interest in programming and cloud computing, my focus for the past few years has been training thousands of individuals in small, medium, and large businesses (including Fortune 500) on how to use cloud providers (such as Amazon Web Services) efficiently.

I've taught certification courses such as the AWS Certified Developer, AWS Certified SysOps Administrator, and AWS Certified DevOps Professional, as well as non-certification courses such as Lambda Deep Dive, Backup Strategies, and others.

Working with individual contributors as well as managers, I realized that most were also facing serious challenges when it came to cybersecurity.

Digging deeper, it became clear that there was a lack of training for Application Security specifically. As we explore in the course with actual research and data, most production applications in the world today contain security flaws that are identified as being in the top 10 risks by OWASP. Those security flaws can potentially be used to exploit organizations as we see in the news on a far too frequent basis.

It's time to take security into our own hands and to learn how to build more secure software in order to help make the world a safer place! Join me in the course, and we'll do just that!


I welcome you on your journey to learning more about Application Security, and I look forward to being your instructor!

Who this course is for:
  • Beginner or experienced developers interested in building more secure software
  • Existing Application Security Engineers looking to formalize their training
  • IT managers interested in staying up-to-date with current web, mobile, and cloud security risks
Course content
7 sections • 23 lectures • 2h 21m total length
  • About the course and author
    03:28
  • About AppSec as a job
    05:17
  • Exploring the NICE Framework and OWASP
    04:58
  • Establishing a baseline with the ASVS
    06:52
  • Reviewing the ASVS
    2 questions
  • Establishing a baseline with SAMM
    06:40
  • A practical approach to application security
    08:18
  • Application security risks and threat modeling
    06:56
  • The state of web application security
    07:39
  • The state of web application security
    4 questions
  • Common vulnerabilities and attacks
    08:39
  • The state of mobile application security
    03:40
  • Establishing a baseline with the MASVS
    04:01
  • Common vulnerabilities and attacks
    08:30
  • The state of cloud security
    07:45
  • IAM: access control and permissions
    04:00
  • IAM access control and permissions
    1 question
  • Building secure APIs
    12:10
  • Building secure APIs
    3 questions
  • Important concepts of application security testing
    09:24
  • Important concepts of AppSec testing
    2 questions
  • Web pentesting checklist and environment setup – part 1
    06:30
  • Brute force attacks – part 2
    07:05
  • SQL injection attacks – part 3
    05:06
  • XSS attacks – part 4
    03:54
  • Components with known vulnerabilities
    04:49
  • Components with known vulnerabilities
    1 question
  • Key Takeaways
    04:04
  • Bonus: Additional Resources
    01:25

Instructors
Co-Founder of Cybr, entrepreneur, and developer at heart
Christophe Limpalair
  • 4.3 Instructor Rating
  • 67 Reviews
  • 13,570 Students
  • 2 Courses

After writing his first lines of code at the age of 11, Christophe developed a passion for technology. Frustrated with the state & cost of education, he spent the last few years training individuals and organizations (SMB & F500) on how to use the cloud by pioneering hands-on training technologies. During his journey of building two successful IT businesses to acquisition in the last six years, he realized that most struggle with building secure software, so he co-founded Cybr to help make the world a more secure place through community and training.


We're here to help you build your cybersecurity career
Cybr Training
  • 4.3 Instructor Rating
  • 67 Reviews
  • 13,570 Students
  • 2 Courses

We are an online community and training platform, and we're here to help you build your cybersecurity career.

Cybr was founded in 2020 by veterans of the IT and training industries who have helped individuals learn new skills and get certified, and businesses deploy training initiatives across their organization.

We believe that the world can be a safer place through training and community, and we intend to carry out that mission one person at a time! Join us on this mission and build your cybersecurity career regardless of your current skill level.