Application Security Foundations: Level 1 by Tanya Janca

Application Security Foundations: Level 1


This introductory course will answer all of your burning questions and define all of the technical terms right at the start. Then we will set goals for your AppSec program at work as an exercise. After this we dive in deep into every type of application security activity and tool on the market, while sprinkling you with quizzes and exercises. As a final project we make an AppSec program action plan for you to bring back to work with you.
Product Description.pdf

Included in your purchase!

Online Course

14 online modules!
  1. Course Introduction
  2. Definitions and Burning Questions
  3. Application Security Goals
  4. Choosing Goals
  5. AppSec Activities - The Basics
  6. AppSec Activities - Intermediate
  7. AppSec Activities - DevOps Flavoured
  8. AppSec Activities - Advanced
  9. AppSec Tooling - The Basics
  10. AppSec Tooling - Intermediate
  11. AppSec Tooling - Modern Twist
  12. AppSec Adjacent Tooling
  13. Updating Your Goals
  14. Conclusion

Your Textbook

The textbook for this program is Alice and Bob Learn Application Security. You can have a physical or digital copy, let us know your preference when you've made your purchase.

Credit towards Certification of Completion

When you have completed all three of the Application Security Foundations Program, you are eligible for a certificate of completion for the program!

What's included?

Video Icon 86 videos File Icon 6 files Text Icon 3 text files

Contents

Course Introduction
Course Introduction
3 mins
Prerequisites
Meet Your Trainer
4 mins
History Lesson
5 mins
Your Textbook: Alice and Bob Learn Application Security
Definitions and Burning Questions
What is AppSec, what is DevSecOps, and why do they matter?
What is 'Cyber'?
2 mins
Computer Sciences vs Application Security
3 mins
What is DevOps?
5 mins
What is Application Security?
2 mins
What is a Tech Stack?
4 mins
Can you jump right into an Application Security position?
2 mins
Is application security just coding?
4 mins
Biggest Application Security Challenges
3 mins
Skillsets needed for Application Security
4 mins
How can I get into AppSec?
5 mins
Definitions and Burning Questions: Quiz
Application Security Goals
What are program goals?
3 mins
Goal: Inventory
2 mins
Goal: Finding Vulnerabilities
3 mins
Goal: The Knowledge to Fix What You Have Found
3 mins
Goal: Giving Developers Security Tools
3 mins
Goal: Education and Reference Materials
3 mins
Goal: Secure SDLC
4 mins
Goal: Incident Response
3 mins
Goal: Continuous Improvement
4 mins
Application Security Goals: Quiz
Choosing Goals
Choosing your program goals.
5 mins
Setting Goals.pdf
554 KB
AppSec Activities - The Basics
Interactive Exercise!
2 mins
Interactive AppSec Activities Assigment
528 KB
Tactics versus Strategy
2 mins
VA Scans and Security Assessments
4 mins
Threat Modelling
4 mins
Secure Code Review and SAST
5 mins
Software Composition Analysis (SCA)
4 mins
Penetration Testing
5 mins
AppSec Activities - The Basics: Quiz
AppSec Activities - Intermediate
Developer Education and Advocacy Programs
2 mins
Coordinated Disclosure
6 mins
Policies, Guidelines and Standards
2 mins
Giving Developers Security Tools
3 mins
Secure Coding Library/ Templates
3 mins
Security Reference Materials
2 mins
‘The Partnership Model’
3 mins
Metrics and Measurement
2 mins
Security Regression Testing (with unit tests)
3 mins
Capture The Flag and Gamification
3 mins
Reviewing New Tech
2 mins
IDE Tools
2 mins
Adding a shield in front of your app (WAF/RASP)
3 mins
AppSec Activities - Intermediate: Quiz
AppSec Activities - DevOps Flavoured
Adding Security Tooling to a Pipeline
3 mins
Asynchronous Pipeline
3 mins
Chaos Engineering and Red Teaming
3 mins
Security Sprints
3 mins
Asking directly for feedback from Dev & Ops
2 mins
Turning PenTest results into Unit Tests
2 mins
AppSec Activities - DevOps Flavoured: Quiz
AppSec Activities - Advanced
Team-Specific Customized Security Training
3 mins
Creating Custom Tools
4 mins
Bug Bounties
5 mins
Red Teaming
4 mins
Targeting an Entire Bug Class
4 mins
Security Exercises and Simulations
5 mins
Did you complete the interactive assignment?
2 mins
Interactive AppSec Activities Assigment.pdf
528 KB
AppSec Activities - Advanced: Quiz
AppSec Tooling - The Basics
Interactive Tooling Assignment
2 mins
Interactive AppSec Tooling Assigment
382 KB
Introduction to AppSec Tooling
5 mins
Static Application Security Testing (SAST)
5 mins
Software Composition Analysis Tools
5 mins
Web Proxy
4 mins
Dynamic Application Security Testing (DAST)
6 mins
Fuzzing
4 mins
VM & Container VA scanners
5 mins
AppSec Tooling - The Basics: Quiz
AppSec Tooling - Intermediate
API Tools that Speak Directly to the API
6 mins
Web Application Firewall (WAF)
6 mins
Vulnerability Management
4 mins
IDE Tools and Hooks
4 mins
Tooling Made for Pipelines
5 mins
Unit Test Creativity
4 mins
AppSec Tooling - Intermediate: Quiz
AppSec Tooling - Modern Twist
Interactive Application Security Testing (IAST)
5 mins
SIEM + App integration
3 mins
Runtime Application Security Protection (RASP)
5 mins
Service Mesh
3 mins
API Gateway
4 mins
Application and Web Asset Inventory
4 mins
AppSec Tooling - Modern Twist: Quiz
AppSec Adjacent Tooling
Integrated Bug Tracker for Vulnerabilities
5 mins
Cloud Native
3 mins
Playbooks = Workflows + Serverless Apps
4 mins
VM/Container VA Scanners - Again
4 mins
Application Control Tooling
3 mins
AppSec Tooling Exercise - What to do.
2 mins
File Integrity Monitoring
3 mins
Interactive AppSec Tooling Assigment.pdf
382 KB
AppSec Adjacent Tooling: Quiz
Updating Your Goals
Final Project
3 mins
Final Project - Update Your Goals.pdf
762 KB
Conclusion
Conclusion
3 mins
Thank you for choosing We Hack Purple.
2 mins