Kickstart Your AppSec Program.

Customize to your organization's needs.

Most organization’s AppSec program lack formal standards, guidelines and policies, simply because there’s no existing knowledge to build off of. To save you from starting from scratch, this course covers the best practices, which you can take back to your own organization to customize to your own needs. Level 3 has 5.5 hours of video along with multiple quizzes and assignments

Course curriculum

  • 1

    Your Goals From AppSec Foundations Level 1 and/or 2

    • Setting and Reaching Goals

    • Goal Assignment - Video

    • Goal Assignment - AppSec Foundations Level 3

  • 2

    Securing Modern Technologies

    • Zero Trust/Assume Breach

    • Serverless

    • Cloud Workflow

    • Online Storage

    • Containers & Orchestration

    • APIs and Microservices Architecture

    • Infrastructure as Code (IaC)

    • Security as Code (SaC)

    • Platform as a Service (PaaS)

    • Infrastructure as a Service (IaaS)

    • Continuous Integration/ Continuous Delivery/ Continuous Deployment

    • Public Cloud

    • Modern Tech Assignment - AppSec Foundations Level 3

    • Securing Modern Technologies: Quiz

  • 3


    • What are policies?

    • What policies do we need for AppSec?

    • Policies we create, and policies we want to influence

    • Application Security Program Policy (Secure SDLC)

    • Security Tool Usage Policy

    • Security Testing Policy sample from SANS

    • Free Policy Samples from SANS

    • Policy Assignment - AppSec Foundations Level 3

    • Policy: Quiz

  • 4

    Standards and Guidelines

    • What are standards and guidelines?

    • Standards that WE (the AppSec Team) create

    • Standards and Guidelines Assignment - AppSec Foundations Level 3

    • Standards and Guidelines: Quiz

  • 5

    Samples of Standards and Guidelines

    • Secure Coding Guideline - Video and Details

    • Secure Coding Guideline PDF

    • Project Security Requirements

    • Web App Security Requirements PDF

    • SSRF Defences and Mitigations - Video Explanation

    • SSRF Defenses and Mitigations PDF

    • Error Handling and Logging

    • Error Handling and Logging PDF

    • Azure Hardening and Best Practices

    • Azure Hardening Best Practices PDF

    • API Security Best Practices

    • API Security Best Practices PDF

  • 6

    Incident Response

    • What is incident response?

    • Create an Incident Response Process

    • Inventory

    • Patch Management

    • Third Party Components and Code

    • IR And Forensic Training

    • Scanning

    • Threat Feeds

    • Virtual Patching

    • Backups And Rollbacks

    • Tooling

    • Access

    • Training For Other Teams

    • Incident Simulations

    • Logs

    • Disaster Recovery and Business Continuity Planning

    • During An Incident (The Process)

    • Post Mortem

    • Incident Preparation Assignment - Video Explanation

    • Postmortem Report - AppSec Foundations Level 3

    • Incident Report - AppSec Foundations Level 3

    • Incident Preparation Assignment - AppSec Foundations Level 3

    • Postmortem Report - MS Word Doc

    • Incident Report - MS Word Document

  • 7

    Advanced Activities

    • DevSecOps

    • Automate Everything

    • Self Service

    • Secure Defaults

    • Advanced Activities Assignment - PDF

  • 8

    Final Project

    • Refresher On Goals

    • The Final Project - Video Explanation

    • Final Project - AppSec Foundations Level 3

    • Final Project - AppSec Level 3

  • 9


    • Resources

    • We Hack Purple Community

    • WoSEC - Women of Security

    • #CyberMentoringMonday

    • OWASP: Free for Open Source Application Security Tools

    • We offer Live training!

  • 10


    • Summary

    • Conclusion

    • Thank You

    • Feedback for We Hack Purple

Meet your qualified instructor, Tanya

How can we describe Tanya in just a few words?

Tanya is passionate, driven and a force of nature. These characteristics have led her to become a leader in everything AppSec. While the list of her accomplishments is extensive, what Tanya is most proud of is how she continues to value diversity, inclusion and kindness through her success.  

Tanya now shares her decades of IT experience through educating others. She has compiled all her learnings from her career into a best-selling book and We Hack Purple’s valuable courses. 

Finalize Your AppSec Program Now!

Don't wait to Secure All the Things.

Don't just take our word for it! See what our students have to say.

“I'd been trying to learn Application Security topics on my own, but We Hack Purple’s Application Security Fundamentals course made a lot of topics much clearer to me and helped me to understand what to prioritize when building an AppSec program. The lessons are short and easily "digestible" so that you can stop and resume as needed, without feeling like you have forgotten something. I highly recommend the course - and the book is absolutely essential!”


“I was building an AppSec program and went to a few workshops, but it always boiled down to “OWASP Top 10 = bad, this is XSS” Ended up disappointed ‘cuz there wasn’t anything I could use. Until I took the AppSec course from We Hack Purple which actually provided real value. So if you want to get into AppSec I highly recommend her online talks to get to know AppSec better and take her course if you want to seriously pursue a career in AppSec. ”


“What I enjoyed the most about the training was it was literally AppSec from the ground up. I don't work as an AppSec Engineer on my 8-5. This course gave me a realistic expectation and various scenarios I'd encounter in the day to day life of an AppSec engineer. It was really Tanya speaking from a place of experience and I felt like she was sharing it with me. The exercises and homework provided helps me be able to return back to my boss and lets me start getting into implementing the content in the course practically.”