Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

Coursera

Fundamentals of Secure Software

Packt via Coursera

Go to class Write review

Overview

Coursera Flash Sale
40% Off Coursera Plus for 3 Months!
Grab it
Updated in May 2025. This course now features Coursera Coach! A smarter way to learn with interactive, real-time conversations that help you test your knowledge, challenge assumptions, and deepen your understanding as you progress through the course. In today's digital world, software security is more critical than ever. This course provides a comprehensive understanding of secure software development, equipping you with the knowledge to identify vulnerabilities, implement security best practices, and mitigate risks. You'll explore essential security principles, the Software Development Life Cycle (SDLC), and key frameworks like OWASP, NIST, and CSA. Throughout the course, you’ll dive deep into secure coding practices, application security goals, and risk management strategies. You’ll gain hands-on experience with tools like WebGoat, Threat Dragon, and Microsoft Threat Model Tool. The course covers major security threats, including injection attacks, cryptographic failures, and insecure design, with demonstrations on how to mitigate these risks effectively. You'll also explore advanced topics such as DevSecOps, secure CI/CD pipelines, and supply chain security. The curriculum includes critical cloud security concepts, API protection, and vulnerability management techniques. Hands-on demos and real-world case studies ensure a practical, application-driven learning experience. This course is ideal for software developers, security engineers, and IT professionals looking to enhance their understanding of secure software development. A basic knowledge of programming and web application concepts is recommended, but no prior cybersecurity experience is required. Whether you're new to security or looking to deepen your expertise, this course will provide valuable insights into building resilient software.

Syllabus

  • Introduction to the Course
    • In this module, we will introduce the core principles of application security, covering essential terminology and objectives. You will gain an understanding of why application security is critical and explore OWASP WebGoat, a deliberately vulnerable application used for security training.
  • Understanding Secure SDLC
    • In this module, we will delve into Secure SDLC, starting with an overview of application security and key industry standards. You will learn about common security risks, fundamental security goals, and leading frameworks like NIST and CSA that guide secure software development.
  • Defense in Depth
    • In this module, we will explore the Defense in Depth strategy, focusing on multiple layers of security to protect applications. You will gain insights into cybersecurity roles, API security, CSP implementation, SSRF attacks, and effective vulnerability management practices.
  • Dive into the OWASP Top 10
    • In this module, we will take a deep dive into the OWASP Top 10, the most critical web security risks recognized globally. Through theoretical explanations and practical demos, you will learn how vulnerabilities like Broken Access Control, Injection, and Cross-Site Scripting (XSS) are exploited and how to mitigate them effectively.
  • Supply Chain Security
    • In this module, we will explore the critical aspects of supply chain security, from understanding risks to implementing proactive defenses. You will learn about Software Composition Analysis (SCA), the SLSA framework, SBOM, and essential tools like Dependency-Track and CycloneDX to manage software dependencies securely.
  • Cloud and Container Security
    • In this module, we will dive into cloud and container security, focusing on securing workloads across AWS, Azure, and GCP. You will learn about identity and access management, detection controls, data protection, and incident response in AWS, along with best practices for securing containerized applications.
  • Session Management
    • In this module, we will explore the critical aspects of session management, including web sessions, JWT, and JSON Web Encryption (JWE). You will also learn about OAuth and OpenID Connect, which are widely used authentication and authorization protocols for securing modern applications.
  • Risk Rating and Basic Threat Modeling
    • In this module, we will explore risk rating methodologies and introduce threat modeling as a proactive approach to identifying and mitigating security threats. You will learn how to assess risks, apply security controls, and use industry-leading tools like the Microsoft Threat Model Tool and OWASP Threat Dragon.
  • More Advanced Threat Modeling
    • In this module, we will dive deeper into advanced threat modeling approaches, including DREAD, MITRE ATT&CK, and attack trees. You will learn how to apply these frameworks, perform hands-on demos, and implement continuous threat modeling for cloud environments using tools like Threagile.
  • Encryption and Hashing
    • In this module, we will explore the concepts of encryption and hashing, their applications, and their role in cybersecurity. You will gain hands-on experience with hashing techniques, password security, and Public Key Infrastructure (PKI) to understand how cryptographic principles protect sensitive data.
  • DevSecOps and Secure CICD
    • In this module, we will explore the integration of security into DevOps, creating a DevSecOps culture and implementing security in continuous integration and continuous deployment (CI/CD). You will learn about secure development practices, vulnerability analysis, and operational security, culminating in a hands-on demo of a secure CI/CD pipeline.
  • Security Scanning and Testing
    • In this module, we will explore various security testing techniques used to identify and mitigate vulnerabilities in applications. You will learn about SAST, DAST, IAST, and RASP, as well as security posture management, web application firewalls, and hands-on penetration testing and fuzz testing techniques.
  • Conclusion
    • In this module, we will review the essential takeaways from the course and reinforce the importance of proactive security measures. You will leave with a strong understanding of application security principles and practical strategies to implement them effectively in your projects.

Taught by

Packt - Course Instructors

Reviews

Start your review of Fundamentals of Secure Software

Go to class

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Sign up for free
Someone learning on their laptop while sitting on the floor.