Application Security Foundations Level 3
This course has moved to Semgrep Academy. You can take it for free, here: https://academy.semgrep.dev/courses/application-security-foundations-level-3
Customize to your organization's needs.
Setting and Reaching Goals
Goal Assignment - Video
Goal Assignment - AppSec Foundations Level 3
Zero Trust/Assume Breach
Serverless
Cloud Workflow
Online Storage
Containers & Orchestration
APIs and Microservices Architecture
Infrastructure as Code (IaC)
Security as Code (SaC)
Platform as a Service (PaaS)
Infrastructure as a Service (IaaS)
Continuous Integration/ Continuous Delivery/ Continuous Deployment
FREE PREVIEWPublic Cloud
Modern Tech Assignment - AppSec Foundations Level 3
Securing Modern Technologies: Quiz
What are policies?
What policies do we need for AppSec?
Policies we create, and policies we want to influence
Application Security Program Policy (Secure SDLC)
Security Tool Usage Policy
Security Testing Policy sample from SANS
Free Policy Samples from SANS
Policy Assignment - AppSec Foundations Level 3
Policy: Quiz
What are standards and guidelines?
Standards that WE (the AppSec Team) create
Standards and Guidelines Assignment - AppSec Foundations Level 3
Standards and Guidelines: Quiz
Secure Coding Guideline - Video and Details
Secure Coding Guideline PDF
Project Security Requirements
Web App Security Requirements PDF
SSRF Defences and Mitigations - Video Explanation
SSRF Defenses and Mitigations PDF
Error Handling and Logging
Error Handling and Logging PDF
Azure Hardening and Best Practices
Azure Hardening Best Practices PDF
API Security Best Practices
API Security Best Practices PDF
What is incident response?
Create an Incident Response Process
Inventory
Patch Management
Third Party Components and Code
IR And Forensic Training
Scanning
Threat Feeds
Virtual Patching
Backups And Rollbacks
Tooling
Access
Training For Other Teams
Incident Simulations
Logs
Disaster Recovery and Business Continuity Planning
During An Incident (The Process)
Post Mortem
Incident Preparation Assignment - Video Explanation
Postmortem Report - AppSec Foundations Level 3
Incident Report - AppSec Foundations Level 3
Incident Preparation Assignment - AppSec Foundations Level 3
Postmortem Report - MS Word Doc
Incident Report - MS Word Document
DevSecOps
Automate Everything
Self Service
Secure Defaults
Advanced Activities Assignment - PDF
Refresher On Goals
The Final Project - Video Explanation
Final Project - AppSec Foundations Level 3
Final Project - AppSec Level 3
Resources
We Hack Purple Community
WoSEC - Women of Security
#CyberMentoringMonday
OWASP: Free for Open Source Application Security Tools
We offer Live training!
Summary
Conclusion
Thank You
Feedback for We Hack Purple
How can we describe Tanya in just a few words?
Tanya is passionate, driven and a force of nature. These characteristics have led her to become a leader in everything AppSec. While the list of her accomplishments is extensive, what Tanya is most proud of is how she continues to value diversity, inclusion and kindness through her success.
Tanya now shares her decades of IT experience through educating others. She has compiled all her learnings from her career into a best-selling book and We Hack Purple’s valuable courses.
Don't just take our word for it! See what our students have to say.
“I'd been trying to learn Application Security topics on my own, but We Hack Purple’s Application Security Fundamentals course made a lot of topics much clearer to me and helped me to understand what to prioritize when building an AppSec program. The lessons are short and easily "digestible" so that you can stop and resume as needed, without feeling like you have forgotten something. I highly recommend the course - and the book is absolutely essential!”
“I was building an AppSec program and went to a few workshops, but it always boiled down to “OWASP Top 10 = bad, this is XSS” Ended up disappointed ‘cuz there wasn’t anything I could use. Until I took the AppSec course from We Hack Purple which actually provided real value. So if you want to get into AppSec I highly recommend her online talks to get to know AppSec better and take her course if you want to seriously pursue a career in AppSec. ”
“What I enjoyed the most about the training was it was literally AppSec from the ground up. I don't work as an AppSec Engineer on my 8-5. This course gave me a realistic expectation and various scenarios I'd encounter in the day to day life of an AppSec engineer. It was really Tanya speaking from a place of experience and I felt like she was sharing it with me. The exercises and homework provided helps me be able to return back to my boss and lets me start getting into implementing the content in the course practically.”
Save $200 with this bundle! All three levels of Application Security for the price of two!
We set goals for your AppSec program as an exercise. We dive into every type of application security activity & tool on the market, plus quizzes & exercises. The final project we make an AppSec program action plan for you to bring back to...
(5) 5.0 average ratingCreate a culture at your organization where security is part of everyone's job. We will learn how to measure & improve our AppSec program (plus case studies). We use this information to add to your AppSec program goals as the final project.