Application Security - A complete guide

Every company uses software to function. From Fortune 500 technology companies to sole-proprietor landscaping firms, software is integral to businesses large and small. The right software, properly secured, can help organizations to move quickly and stay ahead of their competition.

Business software provides a means to track employees, customers, inventory, and scheduling. Data moves from a myriad of systems, networks, and software applications, providing insights to businesses looking to stay competitive. Depending on the needs and resources of a company, it may develop and build its own software, or it may purchase ready-made software and integrate it into the business operations. What this means is that every organization, regardless of size and industry, has a software need.

That is why there is an urgent need for people to develop and implement secure software. That’s where this course comes in: it is designed to help you become one of those crucial people.

This course will familiarize you with the common vulnerabilities that plague developed code, as outlined by the publications that set the industry standards, such as the OWASP Top 10 list of critical risks and the SANS Top 25 list of most dangerous flaws in software. You will understand what type of development behaviors lead to vulnerabilities and how to avoid those behaviors when creating secure code. You will learn how to perform a threat model on development features to understand what threats could impact your code, where they come from, and how to mitigate them. You will also learn to review and operate developer analysis tools to discover vulnerabilities, allowing you to correct them early in the development life cycle. Finally, you will understand how application security fits in an overall cyber security program.

Distributed by Manning Publications

This course was created independently by Derek Fisher and is distributed by Manning through our exclusive liveVideo platform.

• How to become an application security champion.
• What is the OWASP Top 10 and how to defend against those vulnerabilities.
• How to use threat modeling to identify threats and mitigation in development features.
• How to perform a threat model on an application.
• How to perform a vulnerability scan of an application.
• Rating security vulnerabilities using standard and open processes.
• How to correct common security vulnerabilities in code.
• How application security fits in an overall cyber security program
• Building security into the software development life cycle.

• Basic programming knowledge
• Understanding of IT systems and how software is deployed in operational environments

Derek Fisher has been working in application security for over a decade, and has seen numerous security successes and failures firsthand. He has several decades of experience designing systems in both hardware and software, and holds a graduate degree in cybersecurity from Boston University. He continues to work as a leader, university instructor, and conference speaker in the security space where he provides his insight to professionals in multiple fields and disciplines.