Application Security for Developers and DevOps Professionals

Offrez à votre carrière le cadeau de Coursera Plus avec $160 de réduction, facturé annuellement. Économisez aujourd’hui.

Application Security for Developers and DevOps Professionals

Name: Application Security for Developers and DevOps Professionals
Rating: 4.7272727272727275 (187 reviews)

Ce cours fait partie de plusieurs programmes.

Instructeur : John Rofrano

Enseignant de premier plan

16 680 déjà inscrits

Inclus avec Coursera Plus

4 modules

Obtenez un aperçu d'un sujet et apprenez les principes fondamentaux.

4.7

(187 avis)

niveau Intermédiaire

Expérience recommandée

Planning flexible

Env. 17 heures

Apprenez à votre propre rythme

97%

La plupart des apprenants ont aimé ce cours

4 modules

Obtenez un aperçu d'un sujet et apprenez les principes fondamentaux.

4.7

(187 avis)

niveau Intermédiaire

Expérience recommandée

Planning flexible

Env. 17 heures

Apprenez à votre propre rythme

97%

La plupart des apprenants ont aimé ce cours

Ce que vous apprendrez

Explain security by design, learn to develop applications using security by design principles; perform defensive coding following OWASP principles.
Describe IBM cloud container vulnerability; perform vulnerability scanning and pen testing with Kali Linux.
Describe what to look for in app performance; perform troubleshooting using logging, stack trace, and log analytics.
Discuss concepts like Golden Signals; list tools for monitoring and troubleshooting; and test monitoring in action with Prometheus and Grafana.

Compétences que vous acquerrez

Catégorie : Open Web Application Security Project (OWASP)
Catégorie : Observability
Catégorie : security
Catégorie : Monitoring
Catégorie : logging

Détails à connaître

Certificat partageable

Ajouter à votre profil LinkedIn

Évaluations

14 devoirs

Enseigné en Anglais

Découvrez comment les employés des entreprises prestigieuses maîtrisent des compétences recherchées

En savoir plus sur Coursera pour les affaires

Élaborez votre expertise du sujet

Ce cours est disponible dans le cadre de

Lorsque vous vous inscrivez à ce cours, vous devez également sélectionner un programme spécifique.

Apprenez de nouveaux concepts auprès d'experts du secteur
Acquérez une compréhension de base d'un sujet ou d'un outil
Développez des compétences professionnelles avec des projets pratiques
Obtenez un certificat professionnel partageable auprès de IBM

Obtenez un certificat professionnel

Ajoutez cette qualification à votre profil LinkedIn ou à votre CV

Partagez-le sur les réseaux sociaux et dans votre évaluation de performance

Il y a 4 modules dans ce cours

How vulnerable are your applications to security risks and threats? This course will help you identify vulnerabilities and monitor the health of your applications and systems. You’ll examine and implement secure code practices to prevent events like data breaches and leaks, and discover how practices like monitoring and observability can keep systems safe and secure.

You will gain extensive knowledge on various practices, concepts, and processes for maintaining a secure environment, including DevSecOps practices that automate security integration across the software development lifecycle (SDLC), Static Application Security Testing (SAST) for identifying security flaws, Dynamic Analysis, and Dynamic Testing. You’ll also learn about creating a Secure Development Environment, both on-premise and in the cloud. You’ll explore the Open Web Application Security Project (OWASP) top application security risks, including broken access controls and SQL injections. Additionally, you will learn how monitoring, observability, and evaluation ensure secure applications and systems. You’ll discover the essential components of a monitoring system and how application performance monitoring (APM) tools aid in measuring app performance and efficiency. You’ll analyze the Golden Signals of monitoring, explore visualization and logging tools, and learn about the different metrics and alerting systems that help you understand your applications and systems. Through videos, hands-on labs, peer discussion, and the practice and graded assessments in this course, you will develop and demonstrate your skills and knowledge for creating and maintaining a secure development environment.

In this module, you will identify how security fits into your workflow and gain a working knowledge of security concepts and terminology. You’ll discover how to design for security in the Software Development Lifecycle (SDLC) and find out about a set of practices known as DevSecOps. You will also discover the OSI model, identify the necessary OSI layers for developers, and implement security measures on the four layers of application development. You will gain insights into security patterns and learn how to organize them. You will describe TLS (Transport Layer Security) and SSL (Secure Sockets Layer), identify how to keep TLS secure in the SDLC, and explore OpenSSL and its purpose. You will learn the strategies, best practices, and methodologies for getting security early into your code to protect applications against threats and vulnerabilities. Further, you’ll find out how you can use tools like vulnerability scanners and threat models to mitigate security vulnerabilities. You’ll also get the opportunity to add key terms like authentication, encryption, and integrity to your security vocabulary. Finally, you will also perform hands-on labs to encrypt and decrypt files using OpenSSL and scan a network environment with Nmap.

Inclus

11 vidéos4 lectures4 devoirs2 éléments d'application2 plugins

11 vidéosTotal 59 minutes

Course Introduction   4 minutesPrévisualiser le module
Security by Design5 minutes
What is DevSecOps? 5 minutes
The OSI Model6 minutes
Securing Layers for Application Development6 minutes
Security Patterns7 minutes
TLS/SSL5 minutes
What is OpenSSL?4 minutes
Vulnerability Scanning and Threat Modeling  4 minutes
Threat Monitoring  3 minutes
Security Concepts and Terminology4 minutes

4 lecturesTotal 27 minutes

Summary & Highlights - Introduction to DevSecOps2 minutes
Summary and Highlights - Understanding the Role of Network Security3 minutes
Getting Started with Network and Port Scanning with Nmap20 minutes
Summary and Highlights - Inspecting Security in Application Development  2 minutes

4 devoirsTotal 60 minutes

Graded Quiz: Introduction to Security for Application Development30 minutes
Introduction to DevSecOps10 minutes
Understanding the Role of Network Security10 minutes
Inspecting Security in Application Development10 minutes

2 éléments d'applicationTotal 35 minutes

Hands on Lab: Using OpenSSL to Encrypt and Decrypt Files15 minutes
Hands on Lab: Scanning a Network Environment with Nmap20 minutes

2 pluginsTotal 20 minutes

Cheat Sheet: Introduction to Security for Application Development5 minutes
Module 1 Glossary: Introduction to Security for Application Development15 minutes

In this module, you will learn the key mitigation strategies to secure your application throughout development and production. You will also discover a range of security testing methods like static analysis, dynamic analysis, vulnerability analysis, software component analysis, and continuous security analysis. You will explore ways to perform code review and ensure runtime protection for application development. You will also perform hands-on labs based on static analysis, dynamic analysis, vulnerability scanning, and vulnerability detection.

Inclus

9 vidéos2 lectures3 devoirs4 éléments d'application3 plugins

9 vidéosTotal 39 minutes

Introduction to Security Testing and Mitigation Strategies  4 minutesPrévisualiser le module
Static Analysis  3 minutes
Dynamic Analysis 3 minutes
Code Review 3 minutes
Vulnerability Analysis4 minutes
Demo Video: Evaluating Vulnerability Analysis5 minutes
Runtime Protection 4 minutes
Software Component Analysis5 minutes
Continuous Security Analysis3 minutes

2 lecturesTotal 4 minutes

Summary & Highlights - Introduction to Security Testing and Mitigation Strategies2 minutes
Summary & Highlights - Implementing Key Analysis in Applications2 minutes

3 devoirsTotal 50 minutes

Graded Quiz: Security Testing and Mitigation Strategies 30 minutes
Introduction to Security Testing and Mitigation Strategies 10 minutes
Implementing Key Analysis in Applications 10 minutes

4 éléments d'applicationTotal 105 minutes

Hands-on Lab: Using Static Analysis 30 minutes
Hands-on Lab: Using Dynamic Analysis 30 minutes
Hands-on Lab: Evaluating Vulnerability Analysis 20 minutes
Hands-on Lab: Evaluate Software Component Analysis25 minutes

3 pluginsTotal 35 minutes

Reading: Evaluate Software component analysis10 minutes
Cheat Sheet: Security Testing and Mitigation Strategies10 minutes
Module 2 Glossary: Security Testing and Mitigation Strategies15 minutes

In this module, you will learn about the Open Web Application Security Project (OWASP) and its Top 10 security concerns. You’ll learn about application vulnerabilities and discover the top vulnerabilities concerning security experts and professionals. You will explore SQL injection, cross-site scripting, and storing secrets securely. You will also investigate software and data integrity failures, discover how to detect these types of vulnerabilities, and examine ways to mitigate their impact. You will also perform hands-on labs to analyze your code repository using Snyk and use the Vault Python API (hvac) to read, write, and delete key-value secrets in Vault.

Inclus

10 vidéos3 lectures3 devoirs3 éléments d'application4 plugins

10 vidéosTotal 66 minutes

Intro to OWASP (Top 10) Sec Vulnerabilities 4 minutesPrévisualiser le module
OWASP Top 1-37 minutes
OWASP Top 4-67 minutes
OWASP Top 7-109 minutes
Demo Video: Snyk (SAST) Free Tool4 minutes
SQL Injections  4 minutes
Other Types of SQL Injection Attacks8 minutes
Demo Video: Example of an SQL Injection7 minutes
Cross Site Scripting4 minutes
Storing Secrets Securely7 minutes

3 lecturesTotal 24 minutes

Discover Code Vulnerabilities with Snyk (SAST) Free Tool20 minutes
Summary & Highlights - Introducing OWASP Top 10 2 minutes
Summary & Highlights - Diving Deeper into OWASP2 minutes

3 devoirsTotal 48 minutes

Graded Quiz: OWASP Application Security Risks30 minutes
Practice Quiz: Introducing OWASP Top 108 minutes
Diving Deeper into OWASP10 minutes

3 éléments d'applicationTotal 80 minutes

Hands-on Lab: Understanding SQL Injections20 minutes
Hands-on Lab: Cross Site Scripting25 minutes
Hands-on Lab: Storing Secrets Securely35 minutes

4 pluginsTotal 65 minutes

Hands on Lab: Discover Code Vulnerabilities with Snyk (SAST) Free Tool30 minutes
Reading: Cross Site Scripting10 minutes
Cheat Sheet: OWASP Application Security Risks10 minutes
Module 3 Glossary: OWASP Application Security Risks15 minutes

In this module, you will learn about coding best practices and software dependencies. You’ll also explore how to secure a development environment by deciding what to store in a centralized repository and what not to store in GitHub. You will also perform hands-on labs to create HTTP security headers using flask-talisman and safely store and retrieve secrets using the pass CLI (command-line-interface). As your final project, you will check your code on GitHub for vulnerabilities in order of severity and fix the vulnerabilities. You’ll apply the best practices for reducing the risk of vulnerability.

Inclus

3 vidéos3 lectures4 devoirs2 éléments d'application6 plugins

3 vidéosTotal 20 minutes

Code Practices 5 minutesPrévisualiser le module
Dependencies  6 minutes
Secure Development Environment8 minutes

3 lecturesTotal 8 minutes

Summary & Highlights - Code Development Practices2 minutes
Congratulations and Next Steps3 minutes
Thanks from the Course Team3 minutes

4 devoirsTotal 130 minutes

Graded Quiz: Security Best Practices 30 minutes
Graded Quiz: Final Project30 minutes
Final Assessment 60 minutes
Code Development Practices10 minutes

2 éléments d'applicationTotal 40 minutes

Hands-on Lab: Code Practices 20 minutes
Hands-on Lab: Secure Development Environment 20 minutes

6 pluginsTotal 123 minutes

Reading: CodeQL Analysis6 minutes
Cheat Sheet: Security Best Practices15 minutes
Module 4 Glossary: Security Best Practices15 minutes
Practice Lab: Security Vulnerability Scan and Fix30 minutes
Final Lab: Scan and Fix Vulnerabilities30 minutes
Glossary: Application Security for Developers and DevOps Professionals27 minutes

Instructeur

Évaluations de l’enseignant

4.8 (44 évaluations)

Enseignant de premier plan

John Rofrano

IBM

7 Cours219 155 apprenants

Offert par

IBM

Recommandé si vous êtes intéressé(e) par Software Development

Packt
Security and Risk Management
Cours
Packt
Web Hacker's Toolbox - Tools Used by Successful Hackers
Cours
University of California, Davis
Exploiting and Securing Vulnerabilities in Java Applications
Cours
LearnKartS
Salesforce Fundamentals and Setup
Cours

Pour quelles raisons les étudiants sur Coursera nous choisissent-ils pour leur carrière ?

Felipe M.

Étudiant(e) depuis 2018

’Pouvoir suivre des cours à mon rythme à été une expérience extraordinaire. Je peux apprendre chaque fois que mon emploi du temps me le permet et en fonction de mon humeur.’

Jennifer J.

Étudiant(e) depuis 2020

’J'ai directement appliqué les concepts et les compétences que j'ai appris de mes cours à un nouveau projet passionnant au travail.’

Larry W.

Étudiant(e) depuis 2021

’Lorsque j'ai besoin de cours sur des sujets que mon université ne propose pas, Coursera est l'un des meilleurs endroits où se rendre.’

Chaitanya A.

’Apprendre, ce n'est pas seulement s'améliorer dans son travail : c'est bien plus que cela. Coursera me permet d'apprendre sans limites.’

Avis des étudiants

Affichage de 3 sur 187

4.7

187 avis

5 stars
80 %
4 stars
16,31 %
3 stars
2,10 %
2 stars
0 %
1 star
1,57 %

Révisé le 27 oct. 2022

Révisé le 13 mars 2024

Révisé le 30 mai 2024

Voir plus d’avis

Ouvrez de nouvelles portes avec Coursera Plus

Accès illimité à plus de 7 000 cours de renommée internationale, à des projets pratiques et à des programmes de certificats reconnus sur le marché du travail, tous inclus dans votre abonnement

Faites progresser votre carrière avec un diplôme en ligne

Obtenez un diplôme auprès d’universités de renommée mondiale - 100 % en ligne

Découvrir les diplômes

Rejoignez plus de 3 400 entreprises mondiales qui ont choisi Coursera pour les affaires

Améliorez les compétences de vos employés pour exceller dans l’économie numérique

Foire Aux Questions

No. This is an introductory course that assumes no prior knowledge of DevOps.

You will need to sign up for a no-charge GitHub account and use other no-charge tools from IBM in your browser.

Access to lectures and assignments depends on your type of enrollment. If you take a course in audit mode, you will be able to see most course materials for free. To access graded assignments and to earn a Certificate, you will need to purchase the Certificate experience, during or after your audit. If you don't see the audit option:

The course may not offer an audit option. You can try a Free Trial instead, or apply for Financial Aid.
The course may offer 'Full Course, No Certificate' instead. This option lets you see all course materials, submit required assessments, and get a final grade. This also means that you will not be able to purchase a Certificate experience.

When you enroll in the course, you get access to all of the courses in the Certificate, and you earn a certificate when you complete the work. Your electronic Certificate will be added to your Accomplishments page - from there, you can print your Certificate or add it to your LinkedIn profile. If you only want to read and view the course content, you can audit the course for free.