Application Security

Lessons

1. 1

   What is Application Security?

   Understand why applications are a major attack target and where security fits in the SDLC.

   Beginner·35 min
2. 2

   OWASP Top 10

   Walk through the OWASP Top 10 with real-world examples and identify vulnerabilities in sample code.

   Intermediate·50 min
3. 3

   Input Validation and Injection Attacks

   Understand SQL injection, XSS, and command injection through hands-on CTF challenges.

   Intermediate·50 min
4. 4

   Authentication and Session Security in Applications

   Learn cookie security and intercept requests with BurpSuite to observe session vulnerabilities.

   Intermediate·45 min
5. 5

   Secure Coding Practices

   Apply input sanitization, safe error handling, and supply chain security to real code.

   Intermediate·40 min
6. 6

   Web Application Firewalls and Security Testing

   Understand WAFs, SAST vs DAST, and analyze HTTP traffic with browser DevTools.

   Intermediate·35 min
7. 7

   Hands-on: OWASP Top 10 in DVWA and WebGoat

   Stand up DVWA and WebGoat in Docker and exploit then patch at least four OWASP Top 10 categories.

   Intermediate·75 min
8. 8

   OWASP A01: Broken Access Control

   Find and fix IDOR and privilege-escalation flaws with server-side ownership and role checks.

   Intermediate·45 min
9. 9

   OWASP A02: Cryptographic Failures and Password Hashing

   Store passwords correctly with salted bcrypt/Argon2 and understand why MD5/SHA-1 are broken for security.

   Intermediate·50 min
10. 10

    OWASP A04: Insecure Design

    Distinguish design flaws from code bugs and prevent them with threat modeling and abuse cases.

    Intermediate·40 min
11. 11

    OWASP A05: Security Misconfiguration

    Find default credentials, exposed storage, and missing headers, then harden by default.

    Intermediate·40 min
12. 12

    OWASP A06: Vulnerable and Outdated Components

    Inventory dependencies, find known CVEs, and automate updates to prevent an Equifax-style breach.

    Intermediate·40 min
13. 13

    OWASP A08: Software and Data Integrity Failures

    Verify the integrity of dependencies, pipelines, and data, and avoid insecure deserialization.

    Intermediate·40 min
14. 14

    OWASP A09: Security Logging and Monitoring Failures

    Log the right security events, centralize and alert on them, and tie alerts to incident response.

    Intermediate·40 min
15. 15

    OWASP A10: Server-Side Request Forgery (SSRF)

    Exploit and patch SSRF with URL allow-lists, internal-range blocking, IMDSv2, and least-privilege IAM.

    Intermediate·45 min
16. 16

    Top Security Threats and the Frameworks That Map Them

    Map ransomware, supply-chain, zero-day, phishing, and insider threats to OWASP and the NIST CSF.

    Intermediate·40 min
17. 17

    Security Best Practices for Developers

    Apply defense in depth, least privilege, secure by default, input validation, secrets management, and review checklists.

    Intermediate·45 min
18. 18

    Security Code Review

    Read JavaScript, Python, and SQL code by pattern-matching insecure patterns; pair with Semgrep to scale.

    Intermediate·55 min
19. 19

    Bug Bounty Programs

    Operate inside HackerOne and Bugcrowd scope rules and write a professional vulnerability disclosure report.

    Intermediate·45 min
20. 20

    Application Security Resources and Next Steps

    Explore curated resources, certifications (PenTest+, BSCP, GWEB, OSWE), and practice platforms.

    Beginner·25 min
21. 21

    Application Security Job Readiness

    Translate AppSec skills into a resume, portfolio plan, and interview prep for AppSec engineer roles.

    Beginner·30 min