Application Security Testing and Debugging

Application Security Testing and Debugging

位教师：Sonali Sen Baidya

访问权限由 Coursera Learning Team 提供

6个模块

深入了解一个主题并学习基础知识。

中级等级

推荐体验

1 周完成

在 10 小时一周

灵活的计划

自行安排学习进度

6个模块

深入了解一个主题并学习基础知识。

中级等级

推荐体验

1 周完成

在 10 小时一周

灵活的计划

自行安排学习进度

您将学到什么

Implement automated (SAST/DAST) and manual testing techniques to identify web application vulnerabilities and improve security posture.
Apply advanced debugging techniques and security-focused analysis to diagnose, isolate, and resolve critical vulnerabilities in application code.
Execute penetration testing engagements to simulate real-world attack scenarios and validate application security controls.
Produce security reports with technical findings, business impact, and actionable remediation strategies for diverse stakeholders.

您将获得的技能

您将学习的工具

Open Web Application Security Project (OWASP)

要了解的详细信息

可分享的证书

添加到您的领英档案

作业

4 任务¹

AI 评分请参见免责声明

授课语言：英语（English）

了解顶级公司的员工如何掌握热门技能

了解关于 Coursera for Business 的更多信息

Petrobras, TATA, Danone, Capgemini, P&G 和 L'Oreal 的徽标

该课程共有6个模块

In today's digital landscape, application security is not optional—it's essential. With cyber threats evolving rapidly and data breaches making headlines daily, organizations desperately need skilled professionals who can identify, analyze, and resolve security vulnerabilities before malicious actors exploit them.

This comprehensive course transforms you from a security novice into a confident application security testing professional. You'll master both automated and manual testing techniques, learn to think like an attacker, and develop systematic debugging skills that separate expert security practitioners from the rest. This course is designed for software developers looking to expand their skillset in security testing, QA professionals transitioning into security roles, IT professionals with basic coding experience, and cybersecurity students or early-career professionals eager to dive deeper into application security. If you're ready to strengthen your understanding of web application vulnerabilities and security testing methodologies, this course will provide the knowledge and hands-on experience needed to excel in the field. To get the most out of this course, you'll need basic programming knowledge in any language and a solid understanding of web technologies like HTTP, HTML, and databases. Familiarity with the software development lifecycle and CI/CD processes is preferred, though not required. Basic command-line usage is also essential, as many tools and exercises in this course will involve navigating through terminal interfaces. By the end of this course, you will be able to implement both automated (SAST/DAST) and manual testing techniques to identify and mitigate web application vulnerabilities. You'll also gain advanced debugging skills to diagnose, isolate, and resolve security flaws in application code. Additionally, you'll conduct penetration testing to simulate real-world attack scenarios and produce comprehensive security reports that effectively communicate technical findings and remediation strategies to various stakeholders.

In this course, you’ll master application security testing with both automated and manual techniques. You’ll learn to identify and resolve vulnerabilities, simulate attacks, and develop advanced debugging strategies. Through hands-on exercises and real-world simulations, you’ll gain the skills to integrate security testing into development workflows and produce professional security reports. By the end, you'll be ready to take on roles like Application Security Engineer or Penetration Tester, equipped to tackle complex security challenges and drive security improvements.

涵盖的内容

1个视频1篇阅读材料

This module introduces the fundamental principles of application security and static application security testing (SAST). You will learn about the key vulnerabilities identified in the OWASP Top 10 and gain hands-on experience using tools like SpotBugs and OWASP security testing tools. The module focuses on integrating security testing early in the software development lifecycle (SDLC) and emphasizes the importance of both automated and manual security testing methods. By the end of the module, you will have practical knowledge in configuring, running, and interpreting results from SAST tools and manual reviews, with a focus on prioritizing vulnerabilities based on CVSS scoring systems.

涵盖的内容

10个视频2篇阅读材料1个作业1次同伴评审1个讨论话题

10个视频总计109分钟

Module Introduction 3分钟
Intro to Application Security 6分钟
Security Testing in the SDLC 10分钟
OWASP Top 10 Deep Dive 7分钟
SAST Fundamentals and Tool Selection 11分钟
Hands-on SAST with SpotBugs 19分钟
SAST Results Analysis & CVSS Scoring 16分钟
Manual Security Code Review Process 9分钟
OWASP Code Review Tools Workshop 18分钟
Security Audit Standards & Compliance 10分钟

2篇阅读材料总计10分钟

NIST Secure Code Review Practices 5分钟
Secure Coding Practices Checklist 5分钟

1个作业总计20分钟

Foundations of Security Testing & SAST20分钟

1次同伴评审总计15分钟

Hands-On-Learning: Practical Vulnerability Analysis Using SAST 15分钟

1个讨论话题总计10分钟

Integrating Security Testing in Your Development Workflow10分钟

In this module, you will learn the critical role of security-focused debugging in identifying vulnerabilities that traditional methods often miss. Using runtime analysis, you'll uncover flaws like authentication bypasses, race conditions, and memory corruption. Through hands-on sessions with tools like OWASP ZAP, Burp Suite, and CodeQL, you'll master debugging techniques and integrate them into DevSecOps pipelines for automated security monitoring. By the end, you'll be able to detect runtime vulnerabilities missed by static testing and implement continuous security monitoring in development workflows..

涵盖的内容

10个视频2篇阅读材料1个作业1次同伴评审1个讨论话题

10个视频总计103分钟

Module Introduction 4分钟
Systematic Debugging for Security 11分钟
White-Box Debugging Techniques 10分钟
Runtime Security Analysis 11分钟
Authentication Flow Debugging 13分钟
Interactive Debugging in Web Applications 15分钟
Advanced Exploit Analysis 7分钟
DevSecOps Pipeline Integration 14分钟
CodeQL and Advanced Static Analysis 11分钟
Security Test Automation Architecture 7分钟

2篇阅读材料总计10分钟

DevSecOps Best Practices 5分钟
OWASP Testing Guide: Error Handling 5分钟

1个作业总计20分钟

Security-Focused Debugging Techniques 20分钟

1次同伴评审总计15分钟

Hands-On-Learning: Vulnerability Discovery with a Proxy Tool 15分钟

1个讨论话题总计10分钟

From Traditional Debugging to Security-Focused Analysis 10分钟

In this module, you'll learn dynamic application security testing (DAST) and penetration testing techniques to validate real-world security controls. By simulating attack scenarios, you'll uncover vulnerabilities like session flaws and business logic errors that static analysis can't detect. You’ll gain hands-on experience with tools like OWASP ZAP, Burp Suite, and WebGoat, applying both automated and manual testing methods. By the end, you'll be able to execute realistic penetration tests and enhance your security testing skills.

涵盖的内容

10个视频2篇阅读材料1个作业1次同伴评审1个讨论话题

10个视频总计97分钟

Module Introduction 4分钟
DAST Methodology and Black-box Testing 7分钟
ZAP Professional Workshop 15分钟
Hybrid Testing: Automated and Manual Techniques 8分钟
Penetration Testing Methodology 8分钟
Burp Suite Professional Techniques 16分钟
WebGoat Exploitation Laboratory 18分钟
Authentication & Session Security Testing 8分钟
Business Logic & Race Condition Testing 6分钟
Injection Attack Mastery 8分钟

2篇阅读材料总计10分钟

Advanced Penetration Testing Techniques 5分钟
OWASP ZAP Getting Started 5分钟

1个作业总计20分钟

Dynamic Testing & Penetration Testing 20分钟

1次同伴评审总计15分钟

Hands-On-Learning: Penetration Testing: Exploiting a Web Injection 15分钟

1个讨论话题总计10分钟

Ethical Hacking and Authentication Security Testing 10分钟

In this module, you will learn to translate technical security findings into actionable business outcomes. You’ll focus on creating clear security reports, communicating with various stakeholders, and using frameworks like CVSS to prioritize vulnerabilities. Through hands-on exercises, you’ll develop remediation strategies, analyze real-world case studies, and document security testing workflows. By the end, you’ll be able to produce professional reports that drive security improvements and align with business goals.

涵盖的内容

10个视频2篇阅读材料1个作业1次同伴评审1个讨论话题

10个视频总计95分钟

Module Introduction 4分钟
Executive Security Reporting 7分钟
CVSS Scoring and Risk Quantification 9分钟
Remediation Strategy Development 7分钟
Complete Vulnerability Assessment 9分钟
Enterprise Penetration Testing Case Study 14分钟
DevSecOps Transformation Case Study 13分钟
ISTQB Security Testing Standards 9分钟
Career Development in Security Testing 11分钟
Building Security Culture 12分钟

2篇阅读材料总计10分钟

Security Testing Career Guide 5分钟
FIRST CVSS v3.1 User Guide 5分钟

1个作业总计20分钟

Professional Reporting & Real-World Applications 20分钟

1次同伴评审总计15分钟

Hands-On-Learning: Security Reporting: From Findings to Strategy 15分钟

1个讨论话题总计10分钟

Building Professional Security Testing Expertise and Career Value 10分钟

In this wrap-up module, you will consolidate your learning by designing a strategic cybersecurity framework that integrates vision, communication, training, and cultural reporting. Through a final case-study project, you'll apply your knowledge to address a critical security challenge and demonstrate your ability to lead cybersecurity initiatives with clarity and measurable impact. This module ties together the key concepts and prepares you to take the next steps in your professional journey.