Security for Developers

Lessons

1. 1

   Security Is Your Job: The Developer's Security Mindset

   Free

   Understand why security is part of every developer's job and how this subtrack takes you from zero to shipping secure code by default.

   Beginner·20 min
2. 2

   Secrets Management and Environment Variables

   Keep API keys and tokens out of source code, clean a leaked secret from Git history, and manage secrets across environments and CI/CD.

   Intermediate·45 min
3. 3

   Rate Limiting and Abuse Prevention

   Add rate limiting to public endpoints with Upstash Redis and Cloudflare WAF, and pick the right algorithm for the job.

   Intermediate·45 min
4. 4

   Bot Protection and Anti-Scraping

   Defend forms and content with Cloudflare Bot Fight Mode, Turnstile, robots.txt, and honeypots.

   Intermediate·40 min
5. 5

   HTTP Security Headers

   Set a complete set of security headers (CSP, HSTS, frame-ancestors, nosniff, Referrer-Policy, Permissions-Policy) in Next.js and grade them.

   Intermediate·45 min
6. 6

   Secure Authentication Practices

   Hash passwords with Argon2id/bcrypt, secure sessions and JWTs, implement TOTP MFA, and harden OAuth.

   Intermediate·50 min
7. 7

   Dependency Security and Supply Chain

   Audit dependencies with npm audit, automate updates with Dependabot, gate CI with Snyk, and treat every dependency as attack surface.

   Intermediate·40 min
8. 8

   HTTPS, TLS, and DNS Security

   Explain how TLS works, get certificates, use Cloudflare Full Strict mode, and lock down DNS with DNSSEC and registrar MFA.

   Intermediate·45 min
9. 9

   Capstone: Harden a Deployed App

   Harden a real deployed app end to end across every defense in this subtrack and write a short security report.

   Advanced·120 min
10. 10

    Job Readiness: Secure Development Roles

    Translate secure-development skills into job titles, resume bullets, interview answers, certifications, and a portfolio checklist.

    Intermediate·35 min