Security was once an afterthought in software design, but today it's an increasingly critical aspect of application development, from design through deployment and beyond. The volume of applications developed, distributed, used and updated over networks is rapidly expanding. As a result, application security practices must address an increasing variety of threats. It's even more complicated when cloud-native applications built using microservices and containers are thrown into the mix.
It is not enough for application security programs to operate by focusing only on compliance. Modern AppSec programs must go deeper and answer much more complicated questions about the integrity of each software component. To be effective, modern AppSec programs must identity pre-built components (open source and proprietary) within software, develop and maintain a software bill of materials (SBOM) for each application and keep dependencies up to date. Developers and AppSec teams must also identity and prioritize the vulnerabilities that pose the biggest risk to their apps, and know which can be safely ignored. They must also know how to apply fixes without worrying about breaking the build and integrate automated remediation. Finally, teams must be able to embed AppSec tools into development workflows and quickly and efficiently onboard developers, as well as being able to find and block malicious software before those devs can download it.
In this program, you'll learn how to: