Security isn’t just about tools and vulnerabilities. Security is a very human field, born from the idea that everything has value and some people will go to great lengths to acquire that value for themselves.

In this course we will examine some of the key concepts that underpin security and why they matter when it comes to protecting our systems and applications.

This course will cover many DevOps processes and technologies and how to manage security risks. We will also demonstrate how to achieve higher levels of security by embracing agility in software development and how to bridge the gap between DevOps and security. It will address how to secure your cloud environment, regardless of your cloud service provider. The final modules will focus on developing your incident response process for agile environments and also on how to establish a secure DevSecOps program.

This course covers the why, what, and how of mobile application security. We’ll highlight how security must be considered by the entire development team, from decision-makers and managers to developers. You’ll gain a solid foundation to assist you in improving the security posture of your mobile applications and complying with relevant security requirements.

In this course, we will step through the development lifecycle and highlight the key decisions we are making that have a security impact. We will focus on turning our security decisions from implicit to informed, and equip ourselves with the information needed to get this work done. This course is interactive and is designed to be re-used for each low-code or no-code project you have. That way you only have to go through the learning that you need so you can get your solution built – quickly and securely.

This course will give you the skills you need to carry out threat assessments throughout your software’s life.

From design and inception through to reviewing legacy systems, this repeatable and structured approach raises our focus from the lines of code we write to the ecosystems and processes we build.

You’ll learn how to understand your systems and their environment, assess your system using a threat assessment methodology, and prioritize your risks and apply defensive controls.

Microservices are growing in popularity and use. If done well, they can enable organizations to build and maintain their systems in ways that allow them to scale bigger, deploy faster, and be more resilient than their monolithic counterparts.

This also means securing them is slightly different, requiring us to focus more on specific areas like authentication, authorization, alerting, and resource hardening.

In this course, we’ll introduce new concepts and principles that relate to microservices — specifically focusing on where security is involved and how it can add value. We’ll also share the patterns you can use and different ways you can apply security to your architecture designing flows.

Software security vulnerabilities are big business for potential attackers. Identifying them early and knowing what common pitfalls to avoid can make a big difference to the resilience of your applications.

This course will help you to understand, identify, and avoid common software security vulnerabilities in your code.

In this course, we will introduce different ways to apply security concepts and controls to how you build and manage your APIs. We will also take you through common security vulnerability classes that affect APIs and how to identify and avoid them.

While application security is always evolving, right now we’re going through a large paradigm shift that will define the next generation of secure software development and architecture.

We’re moving away from centrally managed applications and trusted zones towards a cloud-centric technology environment and we need to approach security differently.

Zero Trust is a principled approach that can help application development teams decide on the right security architecture for their solutions and organizations. Zero Trust approaches are being mandated by governments and clients across the globe.

Security testing is a type of software testing that allows you to uncover potential vulnerabilities or weaknesses. These weaknesses lead to security risks — which could impact the system, data, or users.

Just like how software testing is performed to check that the software is working as expected; security testing is performed to tell if the software can be misused or exploited to make it do something it shouldn’t — such as give you more data or access than you should have, or make the systems unreliable or unavailable.

In this course, we’re going to learn a bit more about what security testing is, and specifically how we can integrate it into every aspect of our software development life cycle.

The Security Built-in Developer’s Playbook course is a playbook-styled series of modules to help learners do their jobs with security built-in.

The Product Manager’s Playbook course is a playbook-styled series of modules to help learners do their jobs with security built-in.

As a Business Analyst, figuring out where to start with uncovering security requirements can be a challenge. In this course, we equip you with key concepts and questions for you to ask, as part of your requirements elicitation workflow.

This course will help bootstrap some key ideas you can take into your requirements discovery, elicitation, and planning discussions. These will help you better navigate these conversations, and support you in uncovering the security requirements.

You will also have the details necessary for writing user stories for the backlog, and any subsequent prioritization activities your team takes.