Application Security Foundations Level 3

This course will teach you the policies, standards and guidelines you will need to support your Application Security program. We will also learn about more advanced AppSec activities, such as incident response, securing modern technologies, and more!

Enroll for free

Video

Course curriculum

1. Course introduction
2. About your trainer
3. Prerequisites
4. Summary from previous courses in this program
1. What do you mean by ‘Modern Technologies’ And how is securing them different?
2. Why do I need to legitimize my AppSec program? What do you mean?
3. I thought you covered advanced activities in level 1, but it’s in this course as well. What gives?
4. Is the final project hard? (Spoiler: it is.)
5. How do I secure modern apps? In one minute explain it to me.
6. Policies, standards and guidelines – what’s the difference?
7. What is scaling?
8. What’s a security incident?
1. Setting and Reaching Goals
2. Goal Assignment - Video and Files
1. Zero trust and assume breach
2. Serverless
3. Online storage
4. Containers and orchestration
5. APIs and Microservices Architecture APIs
6. Infrastructure as a Service (IaaS)
7. Infrastructure as Code (IaC)
8. Security as Code (SaC)
9. Platform as a Service (PaaS)
10. Public Cloud
11. Modern Tech Assignment
12. Securing Modern Technologies: Quiz
1. What are policies?
2. What policies do we need for AppSec?
3. Policies we create, and policies we want to influence
4. Application Security Program Policy (Secure SDLC)
5. Security Tool Usage Policy
6. Security Testing Policy sample from SANS
7. Policy Assignment
1. What are standards and guidelines?
2. Standards that WE (the AppSec Team) create
3. Standards and Guidelines Assignment
4. Standards and Guidelines Quiz
1. Secure Coding Guidelines - Video and Details
2. Project Security Requirements
3. SSRF Defences and Mitigations
4. Error Handling and Logging.mp4
5. API Security Best Practices
6. PDF Samples of Standards, Guidelines, and Policies
1. What is incident response?
2. Create an Incident Response Process
3. Inventory
4. Third Party Components and Code
5. IR and Forensic Training
6. Scanning
7. Threat Feeds
8. Virtual Patching
9. Backups and Rollbacks
10. Tooling
11. Access
12. Patch Management
13. Training for Other Teams
14. Incident Simulations / Tabletop Exercises
15. Logs
16. Disaster Recovery and Business Continuity Planning
17. During an Incident (The Process)
18. Post Mortem
19. Incident Preparation Assignment - Video Explanation and Files
1. DevSecOps
2. Automate Everything
3. Self-Service
4. Secure Defaults
5. Advanced Activities Assignment
1. Refresher On Goals
2. The Final Project
1. OWASP: An Open AppSec Community
2. Semgrep Newsletter
3. Semgrep AppSec Platform
1. Summary
2. Conclusion
3. Thank you for attending Semgrep Academy!
4. Course Survey

About this course

Free
76 lessons
5 hours of video content

Improve your AppSec Program

Build BETTER Software

Enroll today

Application Security Foundations Level 3

Video

Course curriculum

Course Introduction

Definitions and FAQ

Your Goals From AppSec Foundations Level 1 and/or 2

Securing Modern Technologies

Policy

Standards and Guidelines

Samples of Standards and Guidelines

Incident Response

Advanced Activities

Final Project

Resources

Conclusion

About this course

Improve your AppSec Program