Application Security Testing and Debugging

Starweaver via Coursera

Go to class Write review

Details

Go to class

Provider

Coursera
Pricing

Paid Course
Languages

English
Certificate

Paid Certificate Available
Duration & workload

11 hours 36 minutes
Sessions

On-Demand
Subtitles

English

Found in

Overview

Coursera Flash Sale

40% Off Coursera Plus for 3 Months!

Grab it

In today's digital landscape, application security is not optional—it's essential. With cyber threats evolving rapidly and data breaches making headlines daily, organizations desperately need skilled professionals who can identify, analyze, and resolve security vulnerabilities before malicious actors exploit them. This comprehensive course transforms you from a security novice into a confident application security testing professional. You'll master both automated and manual testing techniques, learn to think like an attacker, and develop systematic debugging skills that separate expert security practitioners from the rest. This course is designed for software developers looking to expand their skillset in security testing, QA professionals transitioning into security roles, IT professionals with basic coding experience, and cybersecurity students or early-career professionals eager to dive deeper into application security. If you're ready to strengthen your understanding of web application vulnerabilities and security testing methodologies, this course will provide the knowledge and hands-on experience needed to excel in the field. To get the most out of this course, you'll need basic programming knowledge in any language and a solid understanding of web technologies like HTTP, HTML, and databases. Familiarity with the software development lifecycle and CI/CD processes is preferred, though not required. Basic command-line usage is also essential, as many tools and exercises in this course will involve navigating through terminal interfaces. By the end of this course, you will be able to implement both automated (SAST/DAST) and manual testing techniques to identify and mitigate web application vulnerabilities. You'll also gain advanced debugging skills to diagnose, isolate, and resolve security flaws in application code. Additionally, you'll conduct penetration testing to simulate real-world attack scenarios and produce comprehensive security reports that effectively communicate technical findings and remediation strategies to various stakeholders.

Syllabus

Course Introduction

In this course, you’ll master application security testing with both automated and manual techniques. You’ll learn to identify and resolve vulnerabilities, simulate attacks, and develop advanced debugging strategies. Through hands-on exercises and real-world simulations, you’ll gain the skills to integrate security testing into development workflows and produce professional security reports. By the end, you'll be ready to take on roles like Application Security Engineer or Penetration Tester, equipped to tackle complex security challenges and drive security improvements.

Foundations of Security Testing & SAST

This module introduces the fundamental principles of application security and static application security testing (SAST). You will learn about the key vulnerabilities identified in the OWASP Top 10 and gain hands-on experience using tools like SpotBugs and OWASP security testing tools. The module focuses on integrating security testing early in the software development lifecycle (SDLC) and emphasizes the importance of both automated and manual security testing methods. By the end of the module, you will have practical knowledge in configuring, running, and interpreting results from SAST tools and manual reviews, with a focus on prioritizing vulnerabilities based on CVSS scoring systems.

Security-Focused Debugging Techniques

In this module, you will learn the critical role of security-focused debugging in identifying vulnerabilities that traditional methods often miss. Using runtime analysis, you'll uncover flaws like authentication bypasses, race conditions, and memory corruption. Through hands-on sessions with tools like OWASP ZAP, Burp Suite, and CodeQL, you'll master debugging techniques and integrate them into DevSecOps pipelines for automated security monitoring. By the end, you'll be able to detect runtime vulnerabilities missed by static testing and implement continuous security monitoring in development workflows..

Dynamic Testing & Penetration Testing

In this module, you'll learn dynamic application security testing (DAST) and penetration testing techniques to validate real-world security controls. By simulating attack scenarios, you'll uncover vulnerabilities like session flaws and business logic errors that static analysis can't detect. You’ll gain hands-on experience with tools like OWASP ZAP, Burp Suite, and WebGoat, applying both automated and manual testing methods. By the end, you'll be able to execute realistic penetration tests and enhance your security testing skills.

Professional Reporting & Real-World Applications

In this module, you will learn to translate technical security findings into actionable business outcomes. You’ll focus on creating clear security reports, communicating with various stakeholders, and using frameworks like CVSS to prioritize vulnerabilities. Through hands-on exercises, you’ll develop remediation strategies, analyze real-world case studies, and document security testing workflows. By the end, you’ll be able to produce professional reports that drive security improvements and align with business goals.

Course Conclusion

In this wrap-up module, you will consolidate your learning by designing a strategic cybersecurity framework that integrates vision, communication, training, and cultural reporting. Through a final case-study project, you'll apply your knowledge to address a critical security challenge and demonstrate your ability to lead cybersecurity initiatives with clarity and measurable impact. This module ties together the key concepts and prepares you to take the next steps in your professional journey.