Build An Application Security Program.

Many workplaces don’t have formal programs to secure applications and software. With no framework or structure to follow, many preventable mistakes happen! The goal of Level 1 is to create a basic security plan for you to bring back to work. We start with your goals and fill in the blanks as we go and explore activities and tools. Level One has 4 hours of video along with assignments and quizzes.

This course is great for...

  • Anyone who is a beginner and wants to get into AppSec

  • Software developers to learn more security concepts and create more secure software

  • People in IT Security to gain different perspectives and enable developers

Meet your qualified instructor, Tanya

How can we describe Tanya in just a few words?

Tanya is passionate, driven and a force of nature. These characteristics have led her to become a leader in everything AppSec. While the list of her accomplishments is extensive, what Tanya is most proud of is how she continues to value diversity, inclusion and kindness through her success.  

Tanya now shares her decades of IT experience through educating others. She has compiled all her learnings from her career into a best-selling book and We Hack Purple’s valuable courses. 

Course curriculum

  • 1
  • 2

    Application Security Goals

    • Goals vs Activities

    • Goal: Inventory

    • Goal : Finding Vulnerabilities

    • Goal: The Knowledge to Fix What You Have Found

    • Goal: Effective Tooling

    • Goal: Education and Reference Materials

    • Goal: Giving Developers Security Tools

    • Goal: Security Activities during the SDLC

    • Goal: Incident Response

    • Goal: Continuous Improvement

    • Example Program Goals 1

    • Example Program Goals 2

    • Example Program Goals 3

    • Setting Your Goals

    • Setting Goals

    • Application Security Goals: Quiz

  • 3

    AppSec Activities - The Basics

    • Interactive Exercise! Assignment #2.

    • Interactive AppSec Activities Assignment

    • What are the different AppSec activities?

    • VA Scans and Security Assessments

    • Threat Modelling

    • Secure Code Review and SAST

    • Software Composition Analysis (SCA)

    • Penetration Testing

    • AppSec Activities - The Basics: Quiz

  • 4

    AppSec Activities - Intermediate

    • Developer Education and Advocacy Programs

    • Responsible Disclosure & Bug Bounty

    • Helpful Policies, Guidelines and Standards

    • Giving Developers Security Tools

    • Secure Coding Library/ Templates

    • Security Reference Materials

    • ‘The Partnership Model’

    • Metrics and Measurement

    • Security Regression Testing (with unit tests)

    • Capture The Flag and Other Forms of Gamification

    • Reviewing New Tech

    • Adding Security-Related IDE Plugins

    • Adding a shield in front of your app (WAF/RASP)

    • AppSec Activities - Intermediate: Quiz

  • 5

    AppSec Activities - DevOps Flavoured

    • Adding Security Tooling to a Pipeline

    • Asynchronous Pipeline

    • Chaos Engineering and Red Teaming

    • Security Sprints

    • Asking directly for feedback from Dev & Ops

    • AppSec Activities - DevOps Flavoured: Quiz

  • 6

    AppSec Activities - Advanced

    • Team-Specific Customized Security Training

    • Creating Custom Tools

    • Bug Bounties

    • Red Teaming

    • Targeting an Entire Bug Class

    • Table Top Exercises

    • Did you complete the interactive assignment?

    • Interactive AppSec Activities Assignment

    • AppSec Activities - Advanced: Quiz

  • 7

    AppSec Tooling - The Basics

    • Interactive Tooling Assignment

    • Interactive AppSec Tooling Assignment

    • Introduction to AppSec Tooling

    • Dynamic Application Security Testing (DAST)

    • Static Application Security Testing (SAST)

    • Software Composition Analysis Tools

    • VM & Container VA scanners

    • Package Management Proxies

    • AppSec Tooling - The Basics: Quiz

    • DAST Scanners - We Hack Purple Cheat Sheet

    • SAST Scanners - We Hack Purple Cheat Sheet

    • SCA - We Hack Purple Cheat Sheet

    • VA Scanners - We Hack Purple Cheat Sheet

    • Package Management Proxies - We Hack Purple Cheet Sheet

  • 8

    AppSec Tooling - Intermediate

    • API Tools that Speak Directly to the API

    • Web Application Firewall (WAF)

    • Vulnerability Management

    • Secret Management

    • IDE Tools and Hooks

    • Pipeline Tooling

    • Unit Test Creativity

    • Repository Scanning

    • Integrated Bug Tracker

    • AppSec Tooling - Intermediate: Quiz

    • API Security Tooling - We Hack Purple Cheat Sheet

    • IDE Security Tooling - We Hack Purple Cheet Sheet

    • Secret Management Tools - We Hack Purple Cheat Sheet

    • Secret Scanners - We Hack Purple Cheat Sheet

    • Vulnerability Management Tools - We Hack Purple Cheat Sheet

    • WAF - We Hack Purple Cheat Sheet

  • 9

    AppSec Tooling - Modern Twist

    • Interactive Application Security Testing (IAST)

    • Runtime Application Security Protection (RASP)

    • Service Mesh

    • API Gateway

    • Application and Web Asset Inventory

    • SIEM + App integration

    • AppSec Tooling - Modern Twist: Quiz

    • RASP - We Hack Purple Cheat Sheet

    • IAST - We Hack Purple Cheat Sheet

    • API Gateways - We Hack Purple Cheet Sheet

    • Service Mesh - We Hack Purple Cheet Sheet

    • Application Inventory and SBOM Tooling - We Hack Purple Cheet Sheet

  • 10

    AppSec Adjacent Tooling

    • Integrated Bug Tracker for Vulnerabilities

    • Cloud Native

    • Application Control Tooling

    • File Integrity Monitoring

    • AppSec Adjacent Tooling: Quiz

    • Tooling Assignment #3

    • Interactive AppSec Tooling Assignment

  • 11

    Updating Your Goals

    • Final Project - What to do

    • Final Project - Update Your Goals

  • 12


    • Conclusion

    • Thank you for choosing We Hack Purple.

    • Resources

    • Feedback to help us be better

Don't just take our word for it! See what our students have to say.

“I'd been trying to learn Application Security topics on my own, but We Hack Purple’s Application Security Fundamentals course made a lot of topics much clearer to me and helped me to understand what to prioritize when building an AppSec program. The lessons are short and easily "digestible" so that you can stop and resume as needed, without feeling like you have forgotten something. I highly recommend the course - and the book is absolutely essential!”


“I was building an AppSec program and went to a few workshops, but it always boiled down to “OWASP Top 10 = bad, this is XSS” Ended up disappointed ‘cuz there wasn’t anything I could use. Until I took the AppSec course from We Hack Purple which actually provided real value. So if you want to get into AppSec I highly recommend her online talks to get to know AppSec better and take her course if you want to seriously pursue a career in AppSec. ”


“What I enjoyed the most about the training was it was literally AppSec from the ground up. I don't work as an AppSec Engineer on my 8-5. This course gave me a realistic expectation and various scenarios I'd encounter in the day to day life of an AppSec engineer. It was really Tanya speaking from a place of experience and I felt like she was sharing it with me. The exercises and homework provided helps me be able to return back to my boss and lets me start getting into implementing the content in the course practically.”