Autoplay
Autocomplete
Previous Lesson
Complete and Continue
The Complete Application Security Course
Training Overview
Description of Training
Section 1: Introduction to this course.
Welcome to Understanding Application Security! (1:53)
Section 2: Welcome!
Application Security Introduction (8:07)
Application Security Terms and Definitions (6:46)
Application Security Goals (9:42)
OWASP WebGoat Demo (10:29)
Introduction Quiz
Section 3: Introduction to OWASP Top 10 and more terms
Introduction to OWASP Top 10 (9:17)
SANS Top 25 (5:06)
Threat actors and more definitions (11:04)
Defense in Depth (4:28)
Proxy Tools (2:28)
Demo of Fiddler with JuiceShop (4:55)
API Security (8:49)
Section 4: Dive into the OWASP Top 10
Broken Access Control (5:19)
Cryptographic Failures (7:17)
Injection (8:57)
Insecure Design (6:27)
Security Misconfiguration (4:27)
Vulnerable and Outdated Components (7:24)
Identification and Authentication Failures (3:52)
Software and Data Integrity Failures (3:35)
Security Logging and Monitoring Failures (5:42)
Server-Side Request Forgery (3:03)
Section 5: Defenses and Tools
OWASP ZAP (Zed Attack Proxy) (2:26)
Running a ZAP scan (7:40)
Cross Site Scripting (2:47)
CSP (Content Security Policy) (5:07)
CSP Demo (4:11)
Security Models (5:02)
SKF (Security Knowledge Framework) (3:14)
SKF Demo (10:03)
SKF Labs Demo (5:59)
Source Code Review (6:44)
Section 6: Session Management
Web sessions (6:25)
Introduction to session management (6:28)
JWT (JSON Web Token) (5:38)
JWT Example (3:29)
OAuth (5:26)
OpenID & OpenID Connect (5:06)
Section 7: Risk Rating and Threat Modeling
Risk Rating Introduction (9:38)
Risk Rating Demo (14:57)
Introduction to Threat Modeling (9:34)
Type of Threat Modeling (5:00)
Introduction to Manual Threat Modeling (3:49)
Manual Threat Model demo (4:33)
Prepping for Microsoft Threat Model Tool (4:30)
Microsoft Threat Model Tool demo (9:18)
Section 8: Encryption and Hashing
Encryption Overview (3:54)
Encryption Use Cases (10:53)
Hashing Overview (5:44)
Hashing Demo (3:53)
PKI (Public Key Infrastructure) (4:10)
Password Management (5:16)
Password Demo (3:11)
Section 9: Frameworks and Process
PCI DSS (Payment Card Industry Data Security Standard) (2:47)
HIPAA (Health Insurance Portability and Accountability Act) (7:42)
DevOps (3:58)
DevSecOps (5:31)
Use, Abuse, and Misuse cases (2:59)
Section 10: Security Scanning and Testing
SAST (Static Application Security Testing) (5:29)
Spot Bugs Demo (5:57)
DAST (Dynamic Application Security Testing) (1:53)
IAST (Interactive Application Security Testing) (1:48)
RASP (Runtime Application Self-Protection) (2:01)
WAF (Web Application Firewall) (3:28)
Penetration Testing (2:09)
SCA (Software Composition Analysis) (5:31)
Section 11: Conclusion
Conclusion (4:49)
OpenID & OpenID Connect
Lesson content locked
If you're already enrolled,
you'll need to login
.
Enroll in Course to Unlock