Application Security Foundations: Level 3 by Tanya Janca

Application Security Foundations: Level 3

Start learning application security immediately with level three!

The final course in this program will teach you all the policies, standards and guidelines you will need to support your AppSec program. We will also learn about more advanced AppSec activities, as well as incident response (and prevention). At the end we will update your AppSec Program goals so that you have complete action plan to secure ALL of your organization's software!
Product Description.PDF

Launches on December 11th, 2020


Online Course

10 Online Modules!
  1. Course Introduction
  2. Policy
  3. Standards and Guidelines
  4. Incident Response
  5. Case Study Incident Response
  6. Advanced Activities
  7. Case Study Program Goals
  8. Final Project
  9. Resources
  10. Conclusion
Plus sample policies and guidelines, incident report, post mortem report, 3 quizzes and a final project for the entire program.

Your Textbook

The textbook for this program is Alice and Bob Learn Application Security. You can have a physical or digital copy, let us know your preference when you've made your purchase. 

Credit towards Certification of Completion

When you have completed all three of the Application Security Foundations Program, you are eligible for a certificate of completion for the program!

Buy this course as part of a bundle!

Buy all three courses + Alice and Bob Learn Application Security for $999 to complete the AppSec Foundations Program AND a certificate of completion.
Take me to the bundles!

What's included?

File Icon 10 files Text Icon 82 text files

Contents will be updated until launch date

Course Introduction
Course Introduction
About Your Trainer
Your Textbook: Alice and Bob Learn Application Security
Summary from previous courses in this program
Definitions and FAQ
What do you mean by ‘Modern Technologies’? And how is securing them different?
Policies, Standards and Guidelines – What’s the difference?
What are the sample policies, standards and guidelines that you will provide in this course?
What’s a security incident?
What is incident response?
Why do I need to legitimize my AppSec program? What do you mean?
How do I secure modern apps? In one minute explain it to me.
Is the final project hard? (Spoiler: yes)
Is there a certification for this program? Yes.
I thought you covered advanced activities in level 1, but it’s in this course as well. What gives?
Your Goals From AppSec Foundations Level 1 and/or 2
Setting and Reaching Goals
Goal Assignment - Video
Goal Assignment - AppSec Foundations Level 3 - PDF File
573 KB
Securing Modern Technologies
Zero Trust/Assume Breach
Cloud Workflows
Online Storage
Containers & Orchestration
APIs and Microservice Architecture
Infrastructure as Code (IaC)
Security as Code (SaC)
Platform as a Service (PaaS)
Infrastructure as a Service (IaaS)
Continuous Integration/ Continuous Delivery/ Continuous Deployment
Public Cloud
Securing Modern Technologies Assignment - Video explanation
Securing Modern Technologies Assignment - PDF File
What are policies?
What policies do we need for AppSec?
Policies We Want to Influence
Policies We Create
Application Security Program policy
Security Tool Usage Policy
Application Security Policy (Secure SDLC)
Security Testing Policy sample from SANS
Free Policy Samples from SANS
Policy Assignment
Standards and Guidelines
What are Standards and Guidelines?
Standards That WE (The AppSec Team) Create
Standards and Guidelines Assignment
Samples of Standards and Guidelines
Secure Coding Guideline - Video and Details
Secure Coding Guideline - Downloadable PDF
115 KB
Project Security Requirements - Video
Web App Security Requirements - PDF File
118 KB
SSRF Defenses and Mitigations - Video Explanation
SSRF Defenses and Mitigations - PDF File
491 KB
Error Handling and Logging - Video
Error Handling and Logging - PDF File
157 KB
Azure Hardening Best Practices - Video Explanation
Azure Hardening Best Practices - PDF File
102 KB
API Security Best Practices - Video Explanation
API Security Best Practices - PDF File
107 KB
Incident Response
What is Incident Response?
Create an Incident Response Process
Patch Management
3rd Party Components & Code
IR and Forensic Training
Threat Feeds
Virtual Patching
Backups and Rollbacks
Training for Other Teams
Incident Simulations
During an Incident - Process
Post Mortem
Incident Preparation Assignment
Incident Report
Postmortem Report
Advanced Activities
Secure Defaults / Paved Roads
Automated Everything
Self Service
Final Project
Refresher on Goals
The Final Project - Video Explanation
We Hack Purple Community
OWASP: Free for Open Source Application Security Tools
Thank you