ASPM Demo

The Complete Application Security Course

Training Overview

Section : Introduction to this course.

Section : Understanding Secure SDLC

Application Security Introduction (11:57)
Top 10s (9:34)
Application Security Terms and Definitions (3:33)
Application Security Goals (9:05)
Introduction to NIST (11:06)
Introduction to CSA (7:58)
Quiz 1: Introduction Quiz

Section : Defense in Depth

Defense in Depth (6:19)
Roles and Terms in Cybersecurity (10:50)
API Security (12:04)
Content Security Policy (CSP) (4:27)
Server Side Request Forgery - SSRF (7:30)
Vulnerability Management (18:21)
Quiz 2: Section Quiz

Section : Dive into the OWASP Top 10

Broken Access Control (4:38)
Broken Access Control - Demo (8:25)
Cryptographic Failures (9:35)
Injection (3:50)
Injection Demo (17:05)
Insecure Design (9:40)
Security Misconfiguration (2:39)
Vulnerable and Outdated Components (9:53)
Identification and Authentication Failures (7:21)
Identification Failures Demo (5:59)
Software and Data Integrity Failures (8:35)
Security Logging and Monitoring Failures (7:35)
Cross Site Scripting (XSS) (7:42)
XXS Demo (9:39)
Quiz 3: OWASP Top Ten Quiz

Section : Supply Chain Security

Introduction to Supply Chain Security (5:52)
Supply Chain Defenses (10:59)
Software Composition Analysis SCA (12:13)
Introducing SLSA (5:52)
Software Bill of Material - SBOM (10:06)
Dependency-Track and CycloneDX (6:13)
Quiz 4: Supply Chain Security Quiz

Section : Cloud and Container Security

Introduction to Cloud (6:15)
Cloud Security Concepts (2:05)
AWS Security Pillar (5:15)
AWS Identity and Access Management (6:22)
AWS Detection Controls (4:13)
AWS Infrastructure (7:06)
AWS Data Protection (7:06)
AWS Incident Response (2:10)
AWS Application Security (2:17)
Container Security (4:31)
Azure and GCP (5:35)
Quiz 5: Cloud & Container Security Quiz

Section : Session Management

Introduction to session management (15:19)
Web sessions (5:25)
JWT (JSON Web Token) (6:32)
JWT Example (3:29)
JWE (JSON Web Encryption) (5:58)
OAuth (6:21)
OpenID & OpenID Connect (3:33)
Quiz 6: Session Management Quiz

Section : Risk Rating and Threat Modeling

Risk Rating Introduction (15:10)
Risk Rating Demo (7:59)
Security Controls (10:22)
Introduction to Threat Modeling (8:38)
Type of Threat Modeling (8:01)
Introduction to Manual Threat Modeling (7:43)
Prepping for Microsoft Threat Model Tool (3:36)
Microsoft Threat Model Tool demo (9:18)
OWASP Threat Dragon demo (6:26)
Quiz 7: Risk Rating and Threat Modeling Quiz

Section : More Advanced Threat Modeling

Additional Methods of Threat Modeling (3:21)
Using DREAD (4:37)
Using MITRE ATT&CK (8:38)
Other Advanced Threat Modeling Techniques (1:59)
Attack Trees (3:43)
Attack Tree Demo (2:57)
Continuous Threat Modeling (10:23)
Threagile Demo (14:05)
Threat Modeling the Cloud (3:30)
Quiz 8: Threat Modeling Quiz

Section : Encryption and Hashing

Encryption Overview (7:03)
Encryption Use Cases (9:23)
Hashing Overview (2:13)
Hashing Demo (3:53)
PKI (Public Key Infrastructure) (13:03)
Password Management (6:55)
Password Demo (3:30)
Quiz 9: Encryption and Hashing Quiz

Section : DevSecOps and Secure CICD

DevOps (13:38)
DevSecOps (5:13)
DevSecOps Design (1:48)
DevSecOps Code (3:03)
DevSecOps Analysis (5:57)
DevSecOps Build (6:55)
DevSecOps Operations (3:30)
Secure CICD (3:27)
Secure CICD Demo (8:26)
Quiz 10: DevSecOps and Secure CICD

Section : Security Scanning and Testing

SAST (Static Application Security Testing) (7:26)
CodeQL Demo (7:42)
DAST (Dynamic Application Security Testing) (5:16)
DAST Demo (5:55)
IAST (Interactive Application Security Testing) (2:01)
ASPM (Application Security Posture Management) (5:25)
ASPM Demo (7:10)
RASP (Runtime Application Self-Protection) (2:21)
WAF (Web Application Firewall) (6:34)
Penetration Testing (2:19)
Fuzz Testing (4:21)
Quiz 11: Scanning and Testing Tools Quiz

Section : Conclusion

Audio Version of the Training

Lesson content locked

If you're already enrolled, you'll need to login.