Security Essentials for Modern Developers

位教师：Hurix Digital

访问权限由 New York State Department of Labor 提供

3个模块

深入了解一个主题并学习基础知识。

高级设置等级

推荐体验

3 小时完成

灵活的计划

自行安排学习进度

3个模块

深入了解一个主题并学习基础知识。

高级设置等级

推荐体验

3 小时完成

灵活的计划

自行安排学习进度

您将获得的技能

Vulnerability Assessments
Continuous Delivery
Security Testing
DevSecOps
Security Engineering
Threat Detection
Continuous Deployment
Secure Coding
Vulnerability Scanning
Continuous Integration
CI/CD
Application Security
Open Web Application Security Project (OWASP)
Threat Modeling
技能部分已折叠。显示 9 项技能，共 14 项。

要了解的详细信息

可分享的证书

添加到您的领英档案

作业

5 任务¹

AI 评分请参见免责声明

授课语言：英语（English）

了解顶级公司的员工如何掌握热门技能

了解关于 Coursera for Business 的更多信息

Petrobras, TATA, Danone, Capgemini, P&G 和 L'Oreal 的徽标

该课程共有3个模块

Secure Software Delivery: From Code to Deployment is an intermediate-level course designed to help developers and technical leads build and ship secure applications confidently—without slowing down innovation. As software systems scale, so do the risks—and success now depends on embedding security into every phase of the development lifecycle. In this course, you’ll move beyond one-off vulnerability patching and learn how to systematically integrate secure coding practices, threat modeling, and automated security testing into your workflows.

Through engaging videos, real-world case studies, interactive labs, and scenario-based coaching, you’ll gain hands-on experience with tools like SAST, DAST, and GitHub Actions. Whether you're fixing critical flaws, shifting security left in CI/CD, or leading team-wide secure coding habits, this course will help you operationalize security as a continuous, collaborative practice—and deliver software that’s not just functional, but resilient.

In this first lesson, learners discover why spotting and ranking security risks early is essential to build secure, cloud-based applications. Developers and security teams move from reacting to vulnerabilities to anticipating them. Using frameworks such as STRIDE and DREAD, learners practice mapping high-priority threats before any code ships. The Equifax breach In this first lesson, learners discover why spotting and ranking security risks early is essential to build secure, cloud-based applications. Developers and security teams move from reacting to vulnerabilities to anticipating them. Using frameworks such as STRIDE and DREAD, learners practice mapping high-priority threats before any code ships. The Equifax breach illustrates the real-world cost of poor risk prioritization—and the value of getting it right. Videos, hands-on threat-modeling exercises, and guided discussions grow the risk awareness and strategic thinking needed to embed security measures into the development process from the start.exercises, and guided discussions grow the risk awareness and strategic thinking needed to embed security measures into the development process from the start.

涵盖的内容

3个视频3篇阅读材料1个作业

3个视频总计11分钟

Introduction and Welcome 3分钟
Why Threat Modeling Matters—A Shift in Perspective 3分钟
Learning from Equifax—Prioritizing Risks in Practice 5分钟

3篇阅读材料总计15分钟

Welcome to the Course: Course Overview 5分钟
Threat Modeling: STRIDE and DREAD Frameworks 5分钟
Real-World Threat Modeling Success Stories 5分钟

1个作业总计10分钟

HOL: Creating Your First Threat Model 10分钟

In this lesson, learners will explore the OWASP Top-10 vulnerabilities and how to prevent security incidents through proactive secure coding practices and effective analysis tools. The lesson emphasizes why fixing security flaws late in the process is costly and unsustainable, and how systematic prevention—through secure coding and regular testing—offers a better approach. Real-world security incidents, such as the Fortnite XSS vulnerability, are highlighted to illustrate the practical consequences of common coding mistakes. Learners will be introduced to essential tools including Static Application Security Testing (SAST) and dynamic scanning with OWASP ZAP. Through a blend of videos, readings, discussions, and hands-on labs, learners will gain the skills and confidence to systematically build secure, robust applications—transforming their coding approach from reactive fixes to proactive prevention.

涵盖的内容

2个视频2篇阅读材料1个作业

2个视频总计10分钟

Why the OWASP Top-10 Changes How You Code 5分钟
Avoiding the Pitfalls: Real Stories of Vulnerabilities 5分钟

2篇阅读材料总计11分钟

Building Security Into Every Line: A Developer’s Guide to Safer Code 6分钟
Real-World Lessons: Case Studies in Secure Coding 5分钟

1个作业总计10分钟

HOL: Use SAST Scans to Identify and Remediate OWASP Top-10 issues 10分钟

In this lesson, learners examine how embedding security into Continuous Integration and Continuous Deployment (CI/CD) pipelines transforms release processes into continuous guardians of trust rather than mere delivery engines. Through a scenario illustrating a late-night deployment where a known vulnerable library slipped into production, the lesson highlights why automated security checks must be integrated from the very first pipeline stage. Learners will investigate practical tool implementations—such as Snyk for dependency scanning, OWASP Dependency-Check for open-source vulnerability detection, and GitHub Actions workflows for automation—to ensure issues are caught before code reaches production. Case studies of CI/CD misconfigurations, such as the Capital One cloud breach, demonstrate how small oversights in pipeline or infrastructure-as-code settings can lead to major incidents, reinforcing the need for continuous oversight. Hands-on demonstrations guide learners through setting up security gates that fail builds on critical findings, interpreting scan results, and configuring policy-as-code enforcement, all without impeding development velocity. By the end of the lesson, participants will understand both how to configure and integrate these security tools into real pipelines and why treating security as a separate stage is no longer acceptable—security must be continuous, integrated, and owned by every stakeholder in the delivery workflow.