How to do application security right Learning Path

Learn about hacking your own system to discover vulnerabilities.

8 hours, 20 minutes

Quick facts

About this learning path

  • courses

    100% online

  • Duration

    8 hours, 20 minutes

  • Assessment


About How to do application security right

Whether you are a technology leader, software developer or security professional, you may be struggling with some (or all) of the same ten problems that anyone trying to secure software systems struggles with. However, the conventional solutions to those common problems tend to be completely backwards. This path identifies the common misconceptions about application security and replaces those misconceptions with what to do instead. The stories, strategies and tactics you'll learn in this course are all based on decades of ethical hacking and security research. And you'll learn the ultimate payoff: how to convert your security investment into a competitive advantage that helps you earn more sales, faster.



Information Security Management Processes skill assessment

Assessment - 96 questions

Why take this course?

Course - 00:14:00

If you're a technology leader, software developer or security professional looking to level up your understanding and skills as it relates to securing software systems, you will want to learn if this course will help you. You’ll also determine whether the instructor seems credible to you and has the authority to teach you what you need to learn.
Start with the right mindset and the right partner

Course - 01:00:00

Success in security begins with how you think and how well you combine in-house teams with external experts. In this course, you learn what each means, common misconceptions and practical limitations. As a result, you'll understand how to get this crucial element right. The right mindset examines why (and how) to think like a hacker, as well as why (and how) to seek excellence. The right partners examines what makes a good partner, how to vet them and the benefits they bring relative to your in-house teams.
Choose the right assessment methodology

Course - 00:29:00

Information is power. But when it comes to security, information tends to be intentionally withheld. This course teaches you why that's a problem, and what to do about it. You'll learn the difference between white-box and black-box methodologies and figure out which is best for you.
Get the right security testing

Course - 01:00:00

If a system has something worth protecting, companies usually invest in security testing to determine if the system has weaknesses. But what are you actually getting? This course examines the widespread confusion about security assessment terms, so you can differentiate what is what and get the right outcomes.
Hack your system

Course - 00:36:00

The fundamentals of security testing including analyzing the design, running automated scanners and looking for known vulnerabilities. However, many security testing approaches don’t even do all of this. Furthermore, the most important vulnerabilities aren’t discovered until the advanced tactics: abuse functionality, chain exploits and seek the unknown unknowns. You’ll learn what all of these entail and how to think differently about your approach to security testing.
Fix your vulnerabilities

Course - 00:31:00

One of the most common problems that hold security programs back is feeling overwhelmed with remediating the many vulnerabilities that are discovered as a result of security testing. In this course, you’ll learn how to break that problem down into a process that makes it easy to deal with.
Hack it again

Course - 00:32:00

Most security programs revisit security too infrequently, which has dramatic impact on both outcomes and cost. You’ll learn why to revisit security, how often to do it (in most cases) and quantify the ways you’ll save money by doing it the right way.
Spend wisely

Course - 00:46:00

No one has an unlimited budget, and it can be difficult to determine how much time, effort and money to spend on security. This course examines the relationship between risk and cost and then helps determine the right balance of spending versus outcomes, providing a framework to think about your security budget.
Establish your threat model

Course - 00:43:00

A threat model is the foundation of any security plan, yet most organizations struggle to establish one, let alone implement it. This course teaches you the three main components of threat modeling, how to establish a threat model and how to implement it. You want to evaluate what to protect, whom to defend against and where you’ll be attacked.
Build security in

Course - 00:30:00

Security is often seen as a development effort that can be deferred to later, yet doing so dramatically increases the cost. This course examines why to "build it in" rather than "bolt it on," investigating the financial implications along the way. You'll learn why it's both more effective and less expensive to build security in.
Use security to win sales

Course - 01:28:00

The ultimate payoff to security done right is that not only do you get a better, more secure system; you also get a sales and marketing benefit. In this course, you’ll learn how to leverage your security partner, your assessment report, your marketing website, your development roadmap and even security questionnaires to improve your position and win sales.

Meet the author

Ted Harrington

Ted Harrington is the #1 bestselling author of "Hackable", which led to his TED talk “Why You Need To Think Like a Hacker.” He’s the Executive Partner at ISE, the company of ethical hackers famous for hacking cars, medical devices, and web apps; he also co-founded START, software which simplifies vendor risk management. His clients include Google, Amazon, and Netflix, and he has been featured in more than 100 media outlets, including The Wall Street Journal, Financial Times, and Forbes. His team founded IoT Village, an event series whose hacking contest is a four-time DEF CON Black Badge winner, and he hosts the Tech Done Different podcast.

The details

Learning path insights

How to claim CPEs

Should you complete this learning path, you’ll be able to download a certificate of completion. Use this to claim your CPEs or CPUs.

No software. No set up. Unlimited access.

Skip the server racks and spin up a realistic environment with one click. Infosec Skills cyber ranges require no additional software, hardware or server space so your team can spend less time configuring environments and more time learning. Unlimited cyber range access is included in every Infosec Skills subscription so your team can skill up however they learn best.

Unlock 7 days of free training

  • 1,400+ hands-on courses and labs
  • Certification practice exams
  • Skill assessments

Plans & pricing

Infosec Skills Personal

$299 / year

  • 190+ role-guided learning paths (e.g., Ethical Hacking, Threat Hunting)
  • 100s of hands-on labs in cloud-hosted cyber ranges
  • Custom certification practice exams (e.g., CISSP, Security+)
  • Skill assessments
  • Infosec peer community support

Infosec Skills Teams

$799 per license / year

  • Team administration and reporting
  • Dedicated client success manager
  • Single sign-on (SSO)
    Easily authenticate and manage your learners by connecting to any identity provider that supports the SAML 2.0 standard.
  • Integrations via API
    Retrieve training performance and engagement metrics and integrate learner data into your existing LMS or HRS.
  • 190+ role-guided learning paths and assessments (e.g., Incident Response)
  • 100s of hands-on labs in cloud-hosted cyber ranges
  • Create and assign custom learning paths
  • Custom certification practice exams (e.g., CISSP, CISA)
  • Optional upgrade: Guarantee team certification with live boot camps

Learn about scholarships and financing with

Affirm logo