Application Security Foundations Level 1

Learn about application security from the very beginning! In this course we will learn about building a basic AppSec program, tooling and activities you can perform to ensure your organization's software is secure.

Enroll for free

Course curriculum

1. Welcome to Semgrep Academy!
2. Course Introduction
3. Course Prerequisites
4. History Lesson
5. Industry Definitions
1. Goals vs Activities
2. Goal: Inventory
3. Goal: Finding Vulnerabilities
4. Goal: The Knowledge to Fix What You Have Found
5. Goal: Effective Tooling
6. Goal: Education and Reference Materials
7. Goal: Giving Developers Security Tools
8. Goal: Security Activities during the SDLC
9. Goal: Incident Response
10. Goal: Continuous Improvement
11. Example: Program Goals 1
12. Example 2: Program Goals
13. Example 3: Program Goals
14. Assignment Instructions: Setting Your Goals
15. Assignment #1: Setting Goals for your AppSec Program
16. Quiz: Application Security Goals
1. What are the different AppSec activities?
2. VA Scans and Security Assessments
3. Threat Modelling
4. Secure Code Review and Static Analysis
5. Software Composition Analysis (SCA) and Supply Chain Security
6. Penetration Testing (PenTesting)
7. Quiz: AppSec Activities - The Basics
1. Developer Education and Advocacy Programs
2. Responsible Disclosure and Bug Bounty
3. Helpful Policies, Guidelines and Standards
4. Giving Developers Security Tools
5. Secure Coding Library and Templates
6. Security Reference Materials
7. The Partnership Model
8. Metrics and Measurement
9. Security Regression Testing with unit tests
10. Capture The Flag and Other Forms of Gamification
11. Reviewing New Tech
12. Adding Security-Related IDE Plugins
13. Adding a shield in front of your app (WAF/RASP/CDN)
14. Quiz: AppSec Activities - Intermediate
1. Adding Security Tooling to a Pipeline
2. Asynchronous Pipeline
3. Chaos Engineering and Red Teaming
4. Security Sprints
5. Asking directly for feedback from Dev & Ops
6. Quiz: AppSec Activities - DevOps Flavoured
1. Team-Specific, Customized Security Training
2. Creating Custom Tools
3. Targeting an Entire Bug Class
4. Table Top Exercises
5. Interactive Assignment - AppSec Activities
6. Assignment 2: AppSec Activities
7. Quiz: Advanced AppSec Activities
1. Assignment 3: Interactive Tooling
2. Assignment 3: Interactive Tooling
3. Introduction to AppSec Tooling
4. Static Analysis / Static Application Security Testing (SAST)
5. Software Composition Analysis (SCA) and Supply Chain Tools
6. VA scanners - Verifying your VMs and Containers
7. Package Management Proxies
8. Quiz: AppSec Tooling - The Basics
1. API Tools that Speak Directly to the API
2. Web Application Firewall (WAF)
3. ASOC, ASPM and Vulnerability Management
4. Secret Management
5. IDE Tools and Hooks
6. Pipeline Tooling
7. Unit Test Creativity
8. Repository Scanning
9. Integrating Your Bug Tracker
10. Secret Scanning
11. Quiz: AppSec Tooling - Intermediate
1. Interactive Application Security Testing (IAST)
2. Runtime Application Security Protection (RASP)
3. Service Mesh
4. API Gateway
5. Application and Web Asset Inventory
6. SIEM + App integration
7. Quiz: AppSec Tooling - Modern Twist
1. Integrated Bug Tracker
2. Cloud Native
3. Application Control Tooling
4. File Integrity Monitoring (FIM)
5. Assignment #3: Tooling - The Instructions
6. Assignment 3: Interactive Tooling
7. Quiz: AppSec Adjacent Tooling
1. Updating Your Goals - What to do
2. Assignment #4: Updating Your Goals
1. Course Summary
2. Resources to learn even more!
3. Conclusion
4. Course Survey
5. Thank you for choosing Semgrep Academy!

About this course

Free
95 lessons
5 hours of video content

Build your AppSec program, starting today

Enroll today

Additional Course You May Like

View more courses

Course Reviews

Check out what other students have to say!

Content Clarity

Priscilla Azilafu

The course topic on what AppSec is was really explained and now I no that DevSecOps is weaing security into Dev and Ops. DevSecOps engineers don't do DevOps ...

The course topic on what AppSec is was really explained and now I no that DevSecOps is weaing security into Dev and Ops. DevSecOps engineers don't do DevOps work but work with the DevOps team to ensure security in their usual processes. This is phenomenal. Thanks for the clarity.

Read Less

Great Course !

Surendra Pal

Recommended for someone who wants to learn Application Security.

Read Less

course review

Kyle Bearden

very practical and helpful for real world activities. Good ideas

Read Less

AppSec Foundations Level 1 training

Lewis M.K.

Very informative and rich with info. that's recommended for everyone, especially CISOs, Security Teams, and anyone wanting to get into Cyber Security.

Read Less