Application Security Fundamentals for the Absolute Beginners

Course Curriculum

Chapter 1: Introduction and Agenda

Lecture 1: Introduction And Course Agenda

Chapter 2: Basics of Application Security

Lecture 1: SDLC vs Secure SDLC

Lecture 2: Security Activities at each phase in Secure SDLC

Lecture 3: Security Job Roles to perform security activities at each phase in Secure SDLC

Lecture 4: Find security jobs on job hunting platforms in application security

Lecture 5: Technical Requirements and Expertise for a job of Sr Security Engineer

Lecture 6: Technical Requirements and Expertise for a job of DevSecOps Engineer

Lecture 7: Technical Requirements and Expertise for a job of VA/PT Engineer

Lecture 8: Technical Requirements and Expertise for a job of Pen Test Engineer

Lecture 9: Common Technical Requirements and Expertise for Security Job Roles

Chapter 3: Basic Application Security Terms with Hands-On Demo

Lecture 1: Static Application Security Testing and its tools

Lecture 2: Hands On: SAST scan using Fortify On Demand

Lecture 3: SBOM or Software Bill of Material (Also called SCA) and its tools

Lecture 4: Hands On: SCA scan using Snyk

Lecture 5: Dynamic Application Security Testing and its tools

Lecture 6: Hands On: DAST scan using Hosted OWASP ZAP

Lecture 7: Container Security Basics and its tools

Lecture 8: Hands On: Container Security scan using Snyk

Lecture 9: Infrastructure As Code Basics and its tools

Lecture 10: Hands On: IAC Security Scanning Demo using Checkov

Lecture 11: Hands On: IAC Security Scanning Demo using BridgeCrew

Lecture 12: What is CWE & CVE & CVSS?

Lecture 13: What is False Positive Analysis?

Lecture 14: Hands On: FPA Demo

Chapter 4: Lab Environment Setup for learning basic security requirements i.e. OWASP TOP 10

Lecture 1: Hands On: Install NodeJs for OWASP Juice Shop – First Step

Lecture 2: Hands On: Install OWASP Juice Shop on local System – Part 2

Lecture 3: Hands On: Install Burp Suite on Local System

Lecture 4: Hands On: Configure Burp Suite with Chrome Browser

Chapter 5: Hands On with Basics : Deep Dive in OWASP TOP 10

Lecture 1: A01:2021-Broken Access Control

Lecture 2: A02:2021-Cryptographic Failures

Lecture 3: A03:2021-Injection

Lecture 4: A04:2021-Insecure Design

Lecture 5: A05:2021-Security Misconfiguration

Lecture 6: A06:2021-Vulnerable and Outdated Components

Lecture 7: A07:2021-Identification and Authentication Failures

Lecture 8: A08:2021-Software and Data Integrity Failures

Lecture 9: A09:2021-Security Logging and Monitoring Failures

Lecture 10: A10:2021-Server-Side Request Forgery

Chapter 6: Learn Security Architecture and Review with Threat Modeling in App Security

Lecture 1: What is Security Architecture & Design Review (SAR)?

Lecture 2: 4 Step Process to perform Security Architecture & Design Review in Real Life

Lecture 3: Hands On: Create an account with IriusRisk

Lecture 4: Hands On: Create a Data Flow Diagram with Irius Risk

Lecture 5: Hands On: Perform Threat Modeling and Generate Reports using IriusRisk

Chapter 7: Learn DevSecOps in Application Security with Example

Lecture 1: What is DevSecOps?

Lecture 2: Tools used for DevSecOps Implementation in the market – Detailed discussion

Lecture 3: Case Study: Understanding Project Requirements before workflow implementation

Lecture 4: Hands On: Write code changes to integrate SAST, SCA & DAST in DevSecOps Pipeline

Lecture 5: Hands On: Execute End to End GitLab DevSecOps Pipeline and review logs

Chapter 8: Application Security Interview Questions/Answers and CV

Lecture 1: Application Security Interview Questions and Answers

Lecture 2: Sample CV for an application security engineer

Chapter 9: Next Steps

Lecture 1: Bonus Lecture