Cybersecurity for Developers: From Basics to Best Practices
- Description
- Curriculum
- FAQ
- Reviews
In an increasingly interconnected world, cybersecurity is no longer a luxury—it’s a necessity. Whether you’re a developer, IT professional, or just starting your tech journey, understanding how to secure digital assets is essential to protecting your applications, data, and users.
Welcome to the “Cybersecurity for Developers” course, your practical guide to mastering the essential principles of modern cybersecurity. Designed with real-world scenarios in mind, this course takes you beyond the theory and into hands-on, practical examples, focusing on web application security—one of the most vulnerable and commonly exploited areas today.
Through engaging lessons, you’ll gain an in-depth understanding of core security concepts like:
-
Threat Modeling: Learn to anticipate potential threats and plan defenses before vulnerabilities are exploited.
-
Web Application Security: Dive into common vulnerabilities in web apps, such as Cross-Site Scripting (XSS), SQL Injection, and Insecure Authentication, and how to secure against them.
-
Secure Coding Best Practices: Discover how to write robust code that minimizes vulnerabilities from the start.
-
Incident Response: Learn how to detect, react, and recover from security breaches with minimal impact.
-
API Security: Gain insights into how to secure APIs, which are critical components of today’s applications, drawing from the OWASP Top 10 for APIs.
This course doesn’t just teach you how to recognize and mitigate vulnerabilities—it empowers you to build secure applications from the ground up. By using real-world examples from web application development, you’ll see exactly how these security measures apply in everyday scenarios, providing you with actionable skills you can implement immediately.
Who should take this course?
-
Developers: Looking to build and maintain secure applications, while understanding the threats they face.
-
Security Enthusiasts: Eager to deepen your knowledge of cybersecurity in practical, real-world situations.
-
IT Managers: Responsible for ensuring the security of applications and systems within their organization.
-
Students and Beginners: New to cybersecurity and want a clear, practical introduction with real-world examples.
By the end of this course, you’ll not only understand the foundations of cybersecurity, but also be able to apply best practices in your daily work, ensuring that your applications are secure from today’s most pressing threats.
Why enroll in this course?
-
Practical and hands-on: Learn from real examples and apply your knowledge in real-world scenarios.
-
Focused on developers: Tailored to the needs of developers who want to secure their applications and APIs.
-
Expert guidance: Receive step-by-step instruction from professionals with years of cybersecurity experience.
-
Up-to-date content: Stay ahead of evolving threats with the latest security techniques and tools.
-
Certificate of completion: Boost your credentials with a certificate you can proudly showcase.
Cybersecurity is no longer optional—it’s a critical skill that every developer needs. Enroll today and start protecting your applications from the threats of tomorrow!
-
3
OWASP Top 10: OverviewWhat is OWASP
What is OWASP Top 10
Why OWASP Top 10 is important
OWASP Top 10 2021
What is Common Weakness Enumeration (CWE)
What are Common Vulnerabilities and Exposures (CVE)
What is the Common Vulnerability Scoring System (CVSS)
OWASP Top 10 2017 VS OWASP 2021
-
4
Broken Access Control
What is Access Control
Authorization VS Authentication
Types of Access Control
OAuth (Overview)
JWT (Overview)
What is Broken Access Control
Impact
Insecure ID Vulnerability
Path Traversal Vulnerability
Poison Null Bytes Attack
Safelisting
Client Caching Vulnerability
Violation of the principle of least privilege
Elevation of privilege
Review Roles Management Approach
How to prevent (including design solutions)
Example of Attack Scenarios
-
5
Cryptography Failures (Theory, Sensitive Data, Data Breach, Types of Failures)
Cryptographic Failures: Overview
The most common root causes
Comparative analysis between OWASP Top 10 2017 & 2021
Notable Common Weakness Enumerations
Types of cryptographic failures
Personal data VS Sensitive data
Types of sensitive data
Cryptographic Failure vs. Data Breach
What leads to cryptographic failures
-
6
Cryptography Failures (Practical Examples, SQL Injections, TLS/SSL, HTTPS)
Example of attack scenraios
SQL Injections
TLS & SSL
HTTPS VS HTTP
Enabling HTTPS on Tomcat web server
-
7
Cryptography Failures (Examples, Password Encryption, Hashing, Salting)
Example of attack scenraios
Password encryption practical exercise
Passwords hashing
Salted passwords
Hashing algorithms (MD5, SHA, PBKDF2, BCrypt, and SCrypt)
How to prevent cryptographic failures
-
8
Injection (Overview, Fuzzing, CWEs, Impact, Injection Types, Command Injection)
Injection Risk Category: Overview
Fuzzing
Notable Common Weakness Enumerations (CWEs)
Impact
Comparison of Injection in OWASP Top 10 2021 and 2017
Injection Types
Command Injection
-
9
Injection (Cross Site Scripting, Types of XSS, SQL, JPA, NoSQL Injections)
Cross Site Scripting
Types of Cross Site Scripting
SQL Injection
JPA Injection
NoSQL Injection
-
10
Injection (XPath Injection, Log Injection, Input Validation)
XML: XPath Injection
Log Injection
How to prevent injection vulnerabilities
Input Validation: Goals
Input Validation: Strategies
Input Validation: Techniques
-
11
Insecure Design (Overivew, CWEs, Shift Left Security, Threat Modeling Manifesto)
Insecure Design Overview
Insecure Design VS Insecure Implementation
Shift left security approach
Notable CWEs
What is secure design
Threat Modeling
Goal of threat modeling
Threat Modeling Manifesto: Overview
Threat Modeling Manifesto: Values
Threat Modeling Manifesto: Principles
-
12
Insecure Design (Secure Design Process, Security Controls, Metrics, Examples)
Build a secure design process
Business impact analysis
Working with threat register
Security controls
Security design document
Secure Design Process Metrics
Example of Attacks
How to prevent
-
13
Security Misconfiguration (Overview, CWEs, Types, Real-life attacks)
Overview
Potential Impact
Notable CWEs
Security Misconfiguration in OWASP Top 10 2021 VS 2017
Types of security misconfiguration
Examples of real-life attacks
Federated Architecture
-
14
Security Misconfiguration (Hardening, Zero Trust, Defense in Depth, Practice)
Security Hardening
Zero Trust Security Model
NIST 800-207
Defense in Depth
NIST 800-123
Best Practices for System Hardening
Example of Attacks - Demo
How to prevent
-
15
Vulnerable & Outdated Components
Overview
Risk Factors
Why it is hard to update outdated components
Notable CWEs
How attackers use vulnerable components
Real-life example
OWASP Top 10 2021 VS 2017
Demo of dependency check plugin
Vulnerability scanners
How to prevent
-
16
Identification & Authentication Failures
Overview
Potential Impact
Notable CWEs
OWASP Top 10 2017 VS 2021
How attackers exploit authentication failures
Session fixation
Cross-Site Request Forgery (CSRF)
Execution After Redirect (EAR)
Risk factors
Multi-factor authentication (MFA)
Review of different factors
Session ID Entropy
Examples of Attacks
Credential stuffing
Brute force access
Session hijacking
How to prevent
-
17
Software & Data Integrity Failures
Overview
Potential impact review
Common Weakness Enumerations
OWASP Top 10 2017 VS 2021
Examples of Attacks
How to prevent
-
18
Security Logging & Monitoring Failures
What is logging and logs
Overview of Security Logging and Monitoring Failures Category
Potential Impact
Risk Factors
Challenges
Log Management Tools
Libraries for Logging in Java
Notable Common Weakness Enumerations
OWASP Top 10 2017 VS 2021
Attack Examples
How to Prevent
-
19
Server-Side Request Forgery (SSRF)
Overview
Trust relationships
Risk factors
Potential impact
Types of SSRF
OWASP Top 10 2017 VS 2021
Capital One Incident: Overview
SSRF Java Example
Examples of Attacks
How to prevent
-
20
OWASP API Security Project & OWASP API Security Top 10 2023 -
21
API1:2023 Broken Object Level Authorization - Part 1
Definition of Object-Level Authorization and Its Importance
Explanation of BOLA Vulnerabilities and Their Prevalence in APIs
Connection to OWASP Top 10: Broken Access Control
Real-world examples of data breaches due to BOLA
Consequences for organizations and users of not adhering to BOLA best practices
Insecure Coding Practices Leading to BOLA
-
22
API1:2023 Broken Object Level Authorization - Part 2 (Practice)
Code examples demo: Problem & Solution - Online Shop Example
-
23
API1:2023 Broken Object Level Authorization - Part 3 (Zero-Trust, UUIDs)
Enforcing robust authorization mechanisms
Continuous testing and validation of authorization logic
Using Random Universally Unique Identifiers (UUIDs)
Implementation considerations when integrating UUIDs into API ecosystems
Securing the Business Logic Layer
Implementing Zero-Trust Security Model
How zero-trust principles mitigate BOLA vulnerabilities.
-
24
API2:2023 Broken Authentication - Part 1 (Basics, Impact, Types of Attacks)
Understanding Broken Authentication - Definition
Common Misconceptions about API Authentication
Authentication Mechanisms and Their Vulnerabilities
Ease of detecting authentication issues with current methodologies.
Connection with OWASP Top 10 Broken Access Control
Distinguishing Between Authentication and Access Control
How Broken Authentication Can Lead to Broken Access Control
Examples of Interconnected Vulnerabilities and Exploits
Causes of Broken Authentication
Types of Attacks
Technical Factors Contributing to Vulnerabilities
Automated Attacks
Poor Standards and Practices
Lack of Protection Mechanisms
Misimplementation of Authentication Mechanisms
-
25
API2:2023 Broken Authentication - Part 2 (Case Studies, OAuth, OpenID)
Case Studies
Lessons Learned from Case Studies
Impact and Consequences of Broken Authentication Vulnerabilities
Best Practices for Mitigating Broken Authentication
OAuth VS Open ID
-
26
API2:2023 Broken Authentication - P.3 - (Practice, JWT Tokens, Timing Attacks)
Real Life Code Example - Demo of Problem and Solution
Timing Attacks and How to Avoid Them
-
27
API3:2023 Broken Object Property Level Authorization - Part 1
Definition of Broken Object Property Level Authorization
Importance in API security
Threat Agents and Attack Vectors
Security weaknesses and their impacts
Real-world consequences of vulnerabilities
Example Review - Scenario #1: Fitness App Workout Tracking
Example Review - Scenario #2: Online Learning Platform Quiz Submissions
Prevention Measures -
Implementing access controls
Minimizing Data Exposure
Using Schema-Based Validation
Avoiding Client-Side Filtering Reliance
Related Concepts:
Excessive Data Exposure (OWASP API3:2019)
Mass Assignment (OWASP API6:2019)
-
28
API3:2023 Broken Object Property Level Authorization - Part 2 (Practice)
Online Shop: Practical Example Source Code Review
-
29
API4:2023 Unrestricted Resource Consumption - Part 1
Definition of Unrestricted Resource Consumption
Threat Agents and Attack Vectors
Typical design flaws and configuration issues
Technical Impact Analysis
Business Impact Analysis
Real-World Examples of Unrestricted Resource Consumption
SMS Abuse Leading to Financial Loss (NordVPN)
Increased Cloud Storage Costs (File Download Service)
DDoS Attack on Poland’s Tax Portal
CWE-770: Allocation of Resources Without Limits or Throttling
CWE-400: Uncontrolled Resource Consumption
CWE-799: Improper Control of Interaction Frequency
Detection of Unrestricted Resource Consumption
Prevention Strategies
Best Practices
-
30
API4:2023 Unrestricted Resource Consumption - Part 2 (Practice)
Practical Example Source Code Review - Problem & Solution
-
31
API5:2023 Broken Function Level Authorization - Part 1
Definition and explanation of BFLA
Difference between BFLA and Broken Object Level Authorization
Root Causes of BFLA
Attack Scenarios and Examples
Potential Consequences of BFLA
How to Detect BFLA
Prevention Techniques for BFLA
-
32
API5:2023 Broken Function Level Authorization - Part 2 (Practice)
Practical Example Source Code Review - Problem & Solution
-
33
API6:2023 Unrestricted Access to Sensitive Business Flows - Part 1
Definition of Unrestricted Access to Sensitive Business Flows
Importance of understanding this vulnerability
How UASBF differs from other API vulnerabilities
How attackers exploit UASBF
Common Scenarios and Examples
Examples of Business Logic Abuse
Challenges in detection and protection
How to Address These Challenges
-
34
API6:2023 Unrestricted Access to Sensitive Business Flows - Part 2
Potential impacts on businesses
Case Study Analysis
Real-Life Example: Airline Ticketing Abuse
Prevention and Mitigation - Business Layer
Prevention and Mitigation - Engineering Layer
Testing for UASBF
Best Practices
-
35
API6:2023 Unrestricted Access to Sensitive Business Flows - Part 3 (Practice)
Practical Example Source Code Review - Problem & Solution
-
36
API7:2023 - Server Side Request Forgery
Introduction to SSRF
Similarities Between API7:2023 and A10:2021
Differences Between API7:2023 and A10:2021
Attack Scenarios in API7:2023
Prevention Strategies
Summary and Conclusion
-
37
API8:2023 - Security Misconfiguration
Introduction to Security Misconfiguration
Similarities Between API8:2023 and A05:2021
Differences Between API8:2023 and A05:2021
Attack Scenarios in API8:2023
Prevention Strategies
Summary and Conclusion
-
38
API9:2023 Improper Inventory Management - Part 1
Definition and significance of API inventory management
Common challenges in maintaining API inventories
The role of proper inventory management in API security
Discussion of Key Risks:
Exploitation of Vulnerabilities
Amplification of Risks
Cross-Compatibility Issues
Real-World Examples of Security Breaches Due to Poor Inventory Management
Legacy APIs and Their Challenges
The Balance Between Backward Compatibility and Security
Strategies for Effective API Inventory Management
-
39
API9:2023 Improper Inventory Management - Part 2 (Practice)
Practical Example Source Code Review - Problem & Solution
-
40
API10:2023 Unsafe Consumption of APIs - Part 1
Definition and Importance
Common Misconceptions About API Security
Why APIs are Vulnerable
Key Vulnerabilities in Unsafe Consumption of APIs
Key Risks Associated with Unsafe API Consumption
Real-World Examples and Case Studies
How to Spot Unsafe API Consumption Vulnerabilities
Mitigation Strategies
Best Practices
-
41
API10:2023 Unsafe Consumption of APIs - Part 2 (Practice)
Practical Example Source Code Review - Problem & Solution
