Public Schedule

Fundamentals of Secure App Dev

  • Courses
  • Fundamentals of Secure App Dev

Information Technology

Leadership

Business Analysis

Certifications

Project Management

Public Schedule

Our Blogs

Get Course Information

Connect for information with us at info@velocityknowledge.com

How would you like to learn?*

Duration: 4-Days Course

Course Description

This four-day intensive course provides software professionals with the foundational knowledge and practical skills needed to develop secure applications across web, mobile, and cloud environments. Participants will learn how to identify common vulnerabilities, implement secure coding practices, validate inputs, manage authentication and authorization, and integrate secure development principles across the software development lifecycle (SDLC). Each module is reinforced through hands-on labs, real-world case studies, and secure code reviews.

Prerequisites

  • Proficiency in at least one programming language (e.g., Java, Python, JavaScript, C#)
  • Basic understanding of software development practices
  • Familiarity with HTTP, REST APIs, and relational databases
  • Recommended: prior experience with Git and IDEs (VSCode, IntelliJ, etc.)

Key Learning Objectives

By the end of the course, participants will be able to:

  • Understand the principles of secure software development
  • Recognize and remediate common application vulnerabilities
  • Implement secure input validation, session management, and access controls
  • Apply threat modeling to anticipate and mitigate risks
  • Integrate security throughout the SDLC using modern tools and methodologies
  • Perform secure code reviews and static/dynamic analysis

Module 1: Introduction to Secure Development & Application Threats

Topics

  • The evolving threat landscape
  • Introduction to SDLC and SSDLC
  • OWASP Top 10: Overview and examples
  • Secure development principles: least privilege, defense in depth, fail-safe defaults
  • Identifying attack surfaces

Hands-On Labs

  • Lab 1: Explore a vulnerable web application (e.g., DVWA) to observe OWASP Top 10 flaws in action
  • Lab 2: Perform threat modeling using STRIDE on a sample architecture
  • Lab 3: Identify security flaws in a code walkthrough (JavaScript/Java/Python examples)

Takeaways

  • Understanding of core security principles in the context of modern app development
  • Basic threat modeling skills

Module 2: Secure Coding Fundamentals

Topics

  • Input validation and output encoding
  • Secure authentication and session management
  • Managing secrets and sensitive data
  • SQL injection and command injection
  • Cross-site scripting (XSS) and cross-site request forgery (CSRF)

Hands-On Labs

  • Lab 4: Fix SQL injection and XSS in a demo app (Node.js or Flask)
  • Lab 5: Implement CSRF protection and secure cookie flags
  • Lab 6: Use regex and allowlists for secure input validation

Takeaways

  • Ability to recognize and fix critical code-level vulnerabilities
  • Secure coding patterns applicable across languages and frameworks

Module 3: Authentication, Authorization & Session Management

Topics

  • Secure design for user authentication
  • Multi-factor authentication (MFA) integration
  • Role-based access control (RBAC) and attribute-based access control (ABAC)
  • Token-based auth: JWT, OAuth 2.0, OpenID Connect
  • Secure session lifecycle: creation, renewal, expiration

Hands-On Labs

  • Lab 7: Integrate OAuth2 login into a sample app
  • Lab 8: Implement RBAC and test privilege escalation scenarios
  • Lab 9: Secure session handling in a web app using HTTPOnly, Secure, and SameSite cookie flags

Takeaways

  • Practical experience securing identity and access layers
  • Understanding of modern auth protocols and secure session management

Module 4: Secure Development Lifecycle, DevSecOps, and Review

Topics

  • Secure SDLC integration points (requirements, design, implementation, testing, deployment)
  • Code review strategies and secure design patterns
  • Static and dynamic code analysis tools
  • Introduction to DevSecOps: CI/CD security, secret scanning, dependency checks
  • Secure deployment and logging practices

Hands-On Labs

  • Lab 10: Run static analysis (e.g., SonarQube or Semgrep) on code samples and fix flagged issues
  • Lab 11: Perform a secure code review on a real-world pull request
  • Lab 12: Build a basic DevSecOps pipeline using GitHub Actions or GitLab CI with security scans (SAST, dependency checks)

Course Review & Final Exercise

  • Group threat modeling and secure design critique for a provided application scenario
  • Q&A and feedback

Takeaways

  • Secure SDLC blueprint for teams and projects
  • Tools and checklists to integrate security into real-world development pipelines

Contact us to customize this course for your team and for your organization.

Contact Us?
Close

Search

Interested?
Fundamentals of Secure App Dev

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Ut elit tellus, luctus nec ullamcorper mattis, pulvinar dapibus leo.