Secure Software Delivery: From Code to Deployment is an intermediate-level course designed to help developers and technical leads build and ship secure applications confidently—without slowing down innovation. As software systems scale, so do the risks—and success now depends on embedding security into every phase of the development lifecycle. In this course, you’ll move beyond one-off vulnerability patching and learn how to systematically integrate secure coding practices, threat modeling, and automated security testing into your workflows.
Security Essentials for Modern Developers
您将获得的技能
要了解的详细信息
了解顶级公司的员工如何掌握热门技能
该课程共有3个模块
In this first lesson, learners discover why spotting and ranking security risks early is essential to build secure, cloud-based applications. Developers and security teams move from reacting to vulnerabilities to anticipating them. Using frameworks such as STRIDE and DREAD, learners practice mapping high-priority threats before any code ships. The Equifax breach In this first lesson, learners discover why spotting and ranking security risks early is essential to build secure, cloud-based applications. Developers and security teams move from reacting to vulnerabilities to anticipating them. Using frameworks such as STRIDE and DREAD, learners practice mapping high-priority threats before any code ships. The Equifax breach illustrates the real-world cost of poor risk prioritization—and the value of getting it right. Videos, hands-on threat-modeling exercises, and guided discussions grow the risk awareness and strategic thinking needed to embed security measures into the development process from the start.exercises, and guided discussions grow the risk awareness and strategic thinking needed to embed security measures into the development process from the start.
涵盖的内容
3个视频3篇阅读材料1个作业
In this lesson, learners will explore the OWASP Top-10 vulnerabilities and how to prevent security incidents through proactive secure coding practices and effective analysis tools. The lesson emphasizes why fixing security flaws late in the process is costly and unsustainable, and how systematic prevention—through secure coding and regular testing—offers a better approach. Real-world security incidents, such as the Fortnite XSS vulnerability, are highlighted to illustrate the practical consequences of common coding mistakes. Learners will be introduced to essential tools including Static Application Security Testing (SAST) and dynamic scanning with OWASP ZAP. Through a blend of videos, readings, discussions, and hands-on labs, learners will gain the skills and confidence to systematically build secure, robust applications—transforming their coding approach from reactive fixes to proactive prevention.
涵盖的内容
2个视频2篇阅读材料1个作业
In this lesson, learners examine how embedding security into Continuous Integration and Continuous Deployment (CI/CD) pipelines transforms release processes into continuous guardians of trust rather than mere delivery engines. Through a scenario illustrating a late-night deployment where a known vulnerable library slipped into production, the lesson highlights why automated security checks must be integrated from the very first pipeline stage. Learners will investigate practical tool implementations—such as Snyk for dependency scanning, OWASP Dependency-Check for open-source vulnerability detection, and GitHub Actions workflows for automation—to ensure issues are caught before code reaches production. Case studies of CI/CD misconfigurations, such as the Capital One cloud breach, demonstrate how small oversights in pipeline or infrastructure-as-code settings can lead to major incidents, reinforcing the need for continuous oversight. Hands-on demonstrations guide learners through setting up security gates that fail builds on critical findings, interpreting scan results, and configuring policy-as-code enforcement, all without impeding development velocity. By the end of the lesson, participants will understand both how to configure and integrate these security tools into real pipelines and why treating security as a separate stage is no longer acceptable—security must be continuous, integrated, and owned by every stakeholder in the delivery workflow.
涵盖的内容
3个视频2篇阅读材料3个作业
位教师
提供方
从 Software Development 浏览更多内容
人们为什么选择 Coursera 来帮助自己实现职业发展
Felipe M.
自 2018开始学习的学生
''能够按照自己的速度和节奏学习课程是一次很棒的经历。只要符合自己的时间表和心情,我就可以学习。'
Jennifer J.
自 2020开始学习的学生
''我直接将从课程中学到的概念和技能应用到一个令人兴奋的新工作项目中。'
Larry W.
自 2021开始学习的学生
''如果我的大学不提供我需要的主题课程,Coursera 便是最好的去处之一。'
Chaitanya A.
''学习不仅仅是在工作中做的更好:它远不止于此。Coursera 让我无限制地学习。'
常见问题
To access the course materials, assignments and to earn a Certificate, you will need to purchase the Certificate experience when you enroll in a course. You can try a Free Trial instead, or apply for Financial Aid. The course may offer 'Full Course, No Certificate' instead. This option lets you see all course materials, submit required assessments, and get a final grade. This also means that you will not be able to purchase a Certificate experience.
When you purchase a Certificate you get access to all course materials, including graded assignments. Upon completing the course, your electronic Certificate will be added to your Accomplishments page - from there, you can print your Certificate or add it to your LinkedIn profile.
Yes. In select learning programs, you can apply for financial aid or a scholarship if you can’t afford the enrollment fee. If fin aid or scholarship is available for your learning program selection, you’ll find a link to apply on the description page.
更多问题
提供助学金,
¹ 本课程的部分作业采用 AI 评分。对于这些作业,将根据 Coursera 隐私声明使用您的数据。