In this module, we will delve into the OWASP Top 10 and additional security concerns. You'll learn about the most critical web application security risks, the SANS Top 25 software errors, and the various threat actors involved. We will also cover defense-in-depth strategies, introduce proxy tools for testing, demonstrate Fiddler with JuiceShop, and discuss the principles of API security.

In this module, we will explore each of the OWASP Top 10 security risks in depth. You'll gain an understanding of broken access control, cryptographic failures, injection, and insecure design. We will also cover security misconfigurations, the risks of vulnerable components, identification and authentication failures, software and data integrity issues, security logging and monitoring failures, and server-side request forgery.

In this module, we will focus on defensive strategies and tools to enhance application security. You will learn how to install and configure OWASP ZAP, run security scans, and understand cross-site scripting. We'll cover implementing Content Security Policy, various security models, and using software composition analysis. Additionally, you'll explore the Security Knowledge Framework (SKF) through explanations and demos, and learn the essentials of performing secure code reviews.

In this module, we will cover the essential aspects of session management. You'll learn about best practices in session management, the workings of web sessions, and the role of JSON Web Tokens. We'll provide a detailed example of JWT, explain the OAuth protocol, and discuss OpenID and OpenID Connect, highlighting their importance in secure authentication and authorization processes.

In this module, we will explore risk rating and threat modeling methodologies. You'll gain an understanding of the importance of risk rating and learn how to perform it effectively. We'll introduce you to threat modeling, covering different types and techniques, including manual threat modeling. Additionally, we will prepare you for and demonstrate the use of the Microsoft Threat Model tool, providing a comprehensive approach to identifying and mitigating security threats.

In this module, we will delve into the core concepts of encryption and hashing. You'll learn about the importance and applications of encryption, explore different use cases, and gain an understanding of hashing principles. We'll also cover the Public Key Infrastructure (PKI) and its role in security, along with best practices for secure password management. Practical demonstrations will enhance your understanding of hashing and password management techniques.

In this module, we will explore essential frameworks and processes critical to application security. You'll learn about the regulatory requirements of HIPAA and PCI DSS, understand the roles and methodologies of DevOps, and be introduced to DevSecOps for integrating security into the development process. Additionally, we will examine various use, abuse, and misuse cases to understand potential threats and their mitigation strategies.

In this module, we will cover various security scanning and testing methodologies to ensure robust application security. You will learn about SAST and see a demonstration using Spot Bugs, understand the applications of DAST and IAST, and explore the benefits of RASP. We will also introduce Web Application Firewalls (WAF), explain the critical role of penetration testing, and discuss the importance of Software Composition Analysis (SCA) for securing open-source software components.

In this module, we will review the important concepts learned throughout the course. You'll get a recap of key application security practices and principles, reinforcing the importance of implementing these strategies in your work. This module will also encourage you to continue learning and staying updated on the latest in application security to ensure robust and effective protection for your applications.