Welcome to Semgrep Academy!
Course Introduction
Course Prerequisites
History Lesson
Industry Definitions
Goals vs Activities
Goal: Inventory
Goal: Finding Vulnerabilities
Goal: The Knowledge to Fix What You Have Found
Goal: Effective Tooling
Goal: Education and Reference Materials
Goal: Giving Developers Security Tools
Goal: Security Activities during the SDLC
Goal: Incident Response
Goal: Continuous Improvement
Example: Program Goals 1
Example 2: Program Goals
Example 3: Program Goals
Assignment Instructions: Setting Your Goals
Assignment #1: Setting Goals for your AppSec Program
Quiz: Application Security Goals
What are the different AppSec activities?
VA Scans and Security Assessments
Threat Modelling
Secure Code Review and Static Analysis
Software Composition Analysis (SCA) and Supply Chain Security
Penetration Testing (PenTesting)
Quiz: AppSec Activities - The Basics
Developer Education and Advocacy Programs
Responsible Disclosure and Bug Bounty
Helpful Policies, Guidelines and Standards
Giving Developers Security Tools
Secure Coding Library and Templates
Security Reference Materials
The Partnership Model
Metrics and Measurement
Security Regression Testing with unit tests
Capture The Flag and Other Forms of Gamification
Reviewing New Tech
Adding Security-Related IDE Plugins
Adding a shield in front of your app (WAF/RASP/CDN)
Quiz: AppSec Activities - Intermediate
Adding Security Tooling to a Pipeline
Asynchronous Pipeline
Chaos Engineering and Red Teaming
Security Sprints
Asking directly for feedback from Dev & Ops
Quiz: AppSec Activities - DevOps Flavoured
Team-Specific, Customized Security Training
Creating Custom Tools
Targeting an Entire Bug Class
Table Top Exercises
Interactive Assignment - AppSec Activities
Assignment 2: AppSec Activities
Quiz: Advanced AppSec Activities
