Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

Coursera

Advanced Practices in Application Security

Starweaver via Coursera

Go to class Write review

Overview

Coursera Flash Sale
40% Off Coursera Plus for 3 Months!
Grab it
As cyber threats grow in sophistication, organizations can no longer treat application security as an afterthought. This course equips software developers, cybersecurity professionals, and DevSecOps teams to embed security throughout the software development lifecycle (SDLC). You’ll master practical, up-to-date techniques aligned with industry frameworks from NIST, OWASP, CISA, and CSA. Learn to integrate secure coding, threat modeling, and supply chain security from the ground up. Explore secure development practices using NIST’s SSDF, adopt Secure by Design principles endorsed by over 100 leading software firms, and implement controls from OWASP and CSA’s Cloud Controls Matrix. Gain hands-on experience with tools for static analysis, container security, SBOMs, and threat modeling methodologies like STRIDE. Through a comprehensive fictional case study, you’ll apply these skills in real-world scenarios—from legacy integration to cloud-native deployments—preparing you to lead security-first development in any organization. Stay ahead of regulatory demands and design secure software from day one.

Syllabus

  • Course Introduction
    • In this course, you’ll learn how to implement advanced application security practices by embedding security throughout the software development lifecycle (SDLC). You’ll focus on real-world techniques such as secure coding, vulnerability assessment, and DevSecOps integration to anticipate and prevent cyber threats. Through expert instruction, case studies, and hands-on exercises, you’ll gain the skills to apply security controls, integrate automated security testing into pipelines, and align practices with industry standards. By the end of this course, you’ll be equipped to strengthen organizational resilience, reduce risk exposure, and lead proactive application security initiatives that protect software across cloud, mobile, IoT, and enterprise environments.
  • Secure Development and Code Security
    • In this module, you’ll learn how to embed security directly into your applications and development processes. You’ll explore Secure by Design principles, secure coding techniques, and secure configuration practices to prevent critical vulnerabilities. Through practical demonstrations, static and dynamic application security testing, and runtime protection strategies, you’ll develop the skills to identify, mitigate, and manage vulnerabilities throughout the software development lifecycle. This module emphasizes proactive security practices aligned with industry standards such as OWASP Top 10 and SANS Top 25 to ensure robust, production-ready applications.
  • Threat Modeling Best Practices
    • In this module, you’ll learn how to systematically identify and analyze security threats before they become costly vulnerabilities. You’ll explore industry-standard methodologies, including STRIDE, and gain hands-on experience with threat modeling tools like OWASP Threat Dragon, attack trees, and Rapid Threat Modeling Prototyping (RTMP). By applying these techniques to real-world scenarios, you’ll develop the skills to anticipate attack vectors, prioritize risks using OWASP and CVSS frameworks, and translate findings into actionable security controls that strengthen application defenses from design through deployment.
  • Supply Chain Security
    • In this module, you’ll learn how to secure the software supply chain and CI/CD pipelines critical to modern development. You’ll explore techniques for evaluating and securing open-source components, third-party dependencies, and vendor relationships while integrating automated security testing throughout development pipelines. Hands-on exercises with Software Bill of Materials (SBOM) creation, dependency management, and monitoring tools equip you to prevent supply chain attacks, ensure compliance with industry standards, and maintain secure DevOps workflows without slowing delivery.
  • Cloud Security and Container Security
    • In this module, you’ll learn how to secure cloud-native applications, containers, and serverless environments while implementing continuous monitoring and governance. You’ll explore cloud security architectures using CSA Cloud Controls Matrix standards, container and runtime security practices, and Infrastructure-as-Code (IaC) automation for secure deployments. Hands-on exercises with monitoring tools, Kubernetes RBAC, and secrets management help you protect dynamic cloud workloads, detect threats in real time, and maintain compliance across hybrid and multi-cloud environments.
  • Course Conclusion
    • In this final module, you will synthesize your learning across secure coding, threat modeling, supply chain protection, and cloud-native security practices. You’ll bring these core concepts together in a hands-on capstone project where you will perform a complete threat modeling exercise using OWASP Threat Dragon. This project demonstrates your ability to identify risks, design effective mitigations, and integrate security into the software development lifecycle. By the end, you will be prepared to showcase your expertise in applying industry-standard frameworks and tools to build secure, resilient applications that align with both technical requirements and organizational goals.

Taught by

Derek Fisher and Starweaver

Reviews

Start your review of Advanced Practices in Application Security

Go to class

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Sign up for free
Someone learning on their laptop while sitting on the floor.