How vulnerable are your applications to security risks and threats? This course will help you identify vulnerabilities and monitor the health of your applications and systems. You’ll examine and implement secure code practices to prevent events like data breaches and leaks, and discover how practices like monitoring and observability can keep systems safe and secure.
Application Security for Developers and DevOps Professionals
This course is part of multiple programs.
Instructor: John Rofrano
Top Instructor
17,640 already enrolled
Included with
(192 reviews)
Recommended experience
What you'll learn
Explain security by design, learn to develop applications using security by design principles; perform defensive coding following OWASP principles.
Describe IBM cloud container vulnerability; perform vulnerability scanning and pen testing with Kali Linux.
Describe what to look for in app performance; perform troubleshooting using logging, stack trace, and log analytics.
Discuss concepts like Golden Signals; list tools for monitoring and troubleshooting; and test monitoring in action with Prometheus and Grafana.
Skills you'll gain
Details to know
Add to your LinkedIn profile
14 assignments
See how employees at top companies are mastering in-demand skills
Build your subject-matter expertise
- Learn new concepts from industry experts
- Gain a foundational understanding of a subject or tool
- Develop job-relevant skills with hands-on projects
- Earn a shareable career certificate from IBM
Earn a career certificate
Add this credential to your LinkedIn profile, resume, or CV
Share it on social media and in your performance review
There are 4 modules in this course
In this module, you will identify how security fits into your workflow and gain a working knowledge of security concepts and terminology. You’ll discover how to design for security in the Software Development Lifecycle (SDLC) and find out about a set of practices known as DevSecOps. You will also discover the OSI model, identify the necessary OSI layers for developers, and implement security measures on the four layers of application development. You will gain insights into security patterns and learn how to organize them. You will describe TLS (Transport Layer Security) and SSL (Secure Sockets Layer), identify how to keep TLS secure in the SDLC, and explore OpenSSL and its purpose. You will learn the strategies, best practices, and methodologies for getting security early into your code to protect applications against threats and vulnerabilities. Further, you’ll find out how you can use tools like vulnerability scanners and threat models to mitigate security vulnerabilities. You’ll also get the opportunity to add key terms like authentication, encryption, and integrity to your security vocabulary. Finally, you will also perform hands-on labs to encrypt and decrypt files using OpenSSL and scan a network environment with Nmap.
What's included
11 videos4 readings4 assignments2 app items2 plugins
In this module, you will learn the key mitigation strategies to secure your application throughout development and production. You will also discover a range of security testing methods like static analysis, dynamic analysis, vulnerability analysis, software component analysis, and continuous security analysis. You will explore ways to perform code review and ensure runtime protection for application development. You will also perform hands-on labs based on static analysis, dynamic analysis, vulnerability scanning, and vulnerability detection.
What's included
9 videos2 readings3 assignments4 app items3 plugins
In this module, you will learn about the Open Web Application Security Project (OWASP) and its Top 10 security concerns. You’ll learn about application vulnerabilities and discover the top vulnerabilities concerning security experts and professionals. You will explore SQL injection, cross-site scripting, and storing secrets securely. You will also investigate software and data integrity failures, discover how to detect these types of vulnerabilities, and examine ways to mitigate their impact. You will also perform hands-on labs to analyze your code repository using Snyk and use the Vault Python API (hvac) to read, write, and delete key-value secrets in Vault.
What's included
10 videos3 readings3 assignments3 app items4 plugins
In this module, you will learn about coding best practices and software dependencies. You’ll also explore how to secure a development environment by deciding what to store in a centralized repository and what not to store in GitHub. You will also perform hands-on labs to create HTTP security headers using flask-talisman and safely store and retrieve secrets using the pass CLI (command-line-interface). As your final project, you will check your code on GitHub for vulnerabilities in order of severity and fix the vulnerabilities. You’ll apply the best practices for reducing the risk of vulnerability.
What's included
3 videos3 readings4 assignments2 app items6 plugins
Instructor
Offered by
Recommended if you're interested in Software Development
Why people choose Coursera for their career
Learner reviews
192 reviews
- 5 stars
80.41%
- 4 stars
15.97%
- 3 stars
2.06%
- 2 stars
0%
- 1 star
1.54%
Showing 3 of 192
Reviewed on Oct 27, 2022
A good overview of the most popular tools and techniques. The practical labs are quite basic, but that's understandable since the course is aimed at beginners.
Reviewed on Mar 13, 2024
I directly applied the concepts and skills I learned from my courses to an exciting new project at work
Reviewed on May 30, 2024
This one did a much better job explaining more of the little details for people who are truly noobs coming from a non-programming world.
New to Software Development? Start here.
Open new doors with Coursera Plus
Unlimited access to 10,000+ world-class courses, hands-on projects, and job-ready certificate programs - all included in your subscription
Advance your career with an online degree
Earn a degree from world-class universities - 100% online
Join over 3,400 global companies that choose Coursera for Business
Upskill your employees to excel in the digital economy
Frequently asked questions
No. This is an introductory course that assumes no prior knowledge of DevOps.
You will need to sign up for a no-charge GitHub account and use other no-charge tools from IBM in your browser.
Access to lectures and assignments depends on your type of enrollment. If you take a course in audit mode, you will be able to see most course materials for free. To access graded assignments and to earn a Certificate, you will need to purchase the Certificate experience, during or after your audit. If you don't see the audit option:
The course may not offer an audit option. You can try a Free Trial instead, or apply for Financial Aid.
The course may offer 'Full Course, No Certificate' instead. This option lets you see all course materials, submit required assessments, and get a final grade. This also means that you will not be able to purchase a Certificate experience.