Build An Application Security Program.

Many workplaces don’t have formal programs to secure applications and software. With no framework or structure to follow, many preventable mistakes happen! The goal of Level 1 is to create a basic security plan for you to bring back to work. We start with your goals and fill in the blanks as we go and explore activities and tools. Included in this course is the textbook, Alice and Bob Learn Application Security. Level One has 4 hours of video along with assignments and quizzes.

This course is great for...

  • Anyone who is a beginner and wants to get into AppSec

  • Software developers to learn more security concepts and create more secure software

  • People in IT Security to gain different perspectives and enable developers

Meet your qualified instructor, Tanya

How can we describe Tanya in just a few words?

Tanya is passionate, driven and a force of nature. These characteristics have led her to become a leader in everything AppSec. While the list of her accomplishments is extensive, what Tanya is most proud of is how she continues to value diversity, inclusion and kindness through her success.  

Tanya now shares her decades of IT experience through educating others. She has compiled all her learnings from her career into a best-selling book and We Hack Purple’s valuable courses. 

Course curriculum

  • 1
  • 2

    Definitions and Burning Questions

    • What is AppSec, what is DevSecOps, and why do they matter?

    • What is "Cyber"

    • Computer Sciences vs Application Security

    • What is Application Security aka AppSec

    • What is a Tech Stack?

    • Can you jump right into an Application Security position?

    • Is Application Security just coding?

    • What is DevOps?

    • Biggest Application Security Challenges

    • Skillsets needed for Application Security

    • How Can I get into AppSec?

    • Definitions and Burning Questions: Quiz

  • 3

    Application Security Goals

  • 4

    Choosing Goals

    • Choosing your program goals.

    • Setting Goals

  • 5

    AppSec Activities - The Basics

    • Interactive Exercise!

    • Interactive AppSec Activities Assigment

    • Tactics versus Strategy

    • VA Scans and Security Assessments

    • Threat Modelling

    • Secure Code Review and SAST

    • Software Composition Analysis (SCA)

    • Penetration Testing

    • AppSec Activities - The Basics: Quiz

  • 6

    AppSec Activities - Intermediate

    • Developer Education and Advocacy Programs

    • Responsible Disclosure

    • Policies, Guidelines and Standards

    • Giving Developers Security Tools

    • Secure Coding Library/ Templates

    • Security Reference Materials

    • ‘The Partnership Model’

    • Metrics and Measurement

    • Security Regression Testing (with unit tests)

    • Capture The Flag and Gamification

    • Reviewing New Tech

    • IDE Tools

    • Adding a shield in front of your app (WAF/RASP)

    • AppSec Activities - Intermediate: Quiz

  • 7

    AppSec Activities - DevOps Flavoured

    • Adding Security Tooling to a Pipeline

    • Asynchronous Pipeline

    • Chaos Engineering and Red Teaming

    • Security Sprints

    • Asking directly for feedback from Dev & Ops

    • Turning PenTest results into Unit Tests

    • AppSec Activities - DevOps Flavoured: Quiz

  • 8

    AppSec Activities - Advanced

    • Team-Specific Customized Security Training

    • Creating Custom Tools

    • Bug Bounties

    • Red Teaming

    • Targeting an Entire Bug Class

    • Security Exercises and Simulations

    • Did you complete the interactive assignment?

    • Interactive AppSec Activities Assigment

    • AppSec Activities - Advanced: Quiz

  • 9

    AppSec Tooling - The Basics

    • Interactive Tooling Assignment

    • Interactive AppSec Tooling Assigment

    • Introduction to AppSec Tooling

    • Static Application Security Testing (SAST)

    • Software Composition Analysis Tools

    • Web Proxy

    • Dynamic Application Security Testing (DAST)

    • Fuzzing

    • VM & Container VA scanners

    • AppSec Tooling - The Basics: Quiz

  • 10

    AppSec Tooling - Intermediate

    • API Tools that Speak Directly to the API

    • Web Application Firewall (WAF)

    • Vulnerability Management

    • IDE Tools and Hooks

    • Tooling Made for Pipelines

    • Unit Test Creativity

    • AppSec Tooling - Intermediate: Quiz

  • 11

    AppSec Tooling - Modern Twist

    • Interactive Application Security Testing (IAST)

    • SIEM + App integration

    • Runtime Application Security Protection (RASP)

    • Service Mesh

    • API Gateway

    • Application and Web Asset Inventory

    • AppSec Tooling - Modern Twist: Quiz

  • 12

    AppSec Adjacent Tooling

    • Integrated Bug Tracker for Vulnerabilities

    • Cloud Native

    • Playbooks = Workflows + Serverless Apps

    • VM/Container VA Scanners - Again

    • Application Control Tooling

    • File Integrity Monitoring

    • AppSec Tooling Exercise - What to do

    • Interactive AppSec Tooling Assigment

    • AppSec Adjacent Tooling: Quiz

  • 13

    Updating Your Goals

    • Final Project

    • Final Project - Update Your Goals

  • 14


    • Conclusion

    • Thank you for choosing We Hack Purple.

    • Live Training for your company

    • Feedback to help us be better

Don't just take our word for it! See what our students have to say.

“I'd been trying to learn Application Security topics on my own, but We Hack Purple’s Application Security Fundamentals course made a lot of topics much clearer to me and helped me to understand what to prioritize when building an AppSec program. The lessons are short and easily "digestible" so that you can stop and resume as needed, without feeling like you have forgotten something. I highly recommend the course - and the book is absolutely essential!”


“I was building an AppSec program and went to a few workshops, but it always boiled down to “OWASP Top 10 = bad, this is XSS” Ended up disappointed ‘cuz there wasn’t anything I could use. Until I took the AppSec course from We Hack Purple which actually provided real value. So if you want to get into AppSec I highly recommend her online talks to get to know AppSec better and take her course if you want to seriously pursue a career in AppSec. ”


“What I enjoyed the most about the training was it was literally AppSec from the ground up. I don't work as an AppSec Engineer on my 8-5. This course gave me a realistic expectation and various scenarios I'd encounter in the day to day life of an AppSec engineer. It was really Tanya speaking from a place of experience and I felt like she was sharing it with me. The exercises and homework provided helps me be able to return back to my boss and lets me start getting into implementing the content in the course practically.”