Foundations · AppSec

Application Security
& DevSecOps

Develop with a defense mindset. Understand how web applications work and learn to protect them from design to production.

CORP_TRAINING_REQ

Interested in training your team with this program?

Request a Proposal View Presentation

Curriculum 06 Practical Modules

Don't leave security for the end. Learn to inject vulnerability testing directly into code and harden systems before production deployment.

Module 01 — Introduction to Secure Development

What is software, how web applications work (client-server, HTTP, APIs) and why security matters from the design phase.

Module 02 — OWASP Top 10 Deep Dive

In-depth analysis of the most critical vulnerabilities: from injections and XSS to broken access control and SSRF.

Module 03 — SAST and DAST Testing

Static code analysis (SAST) and dynamic runtime testing (DAST). Tools, differences and when to use each.

Module 04 — API Protection

JWT authentication, OAuth2, Rate Limiting, input validation and defense against data exposure in REST APIs.

Module 05 — DevSecOps and CI/CD Security

Security integration in the pipeline: secrets scanning, SCA (dependency analysis) and secure containers.

Module 06 — Threat Modeling

STRIDE, DREAD and data flow diagrams. How to identify risks before writing the first line of code.