• For Individuals
  • For Businesses
  • For Universities
  • For Governments
Coursera
  • Coursera Plus
  • Log In
  • Join for Free
    Coursera
    IBM
    Application Security for Developers and DevOps Professionals
    • About
    • Outcomes
    • Modules
    • Testimonials
    • Reviews
    • Recommendations
    1. Browse
    2. Computer Science
    3. Software Development
    IBM

    Application Security for Developers and DevOps Professionals

    This course is part of multiple programs.

    This course is part of multiple programs

    IBM DevOps and Software Engineering Professional Certificate
    IBM Back-End Development Professional Certificate
    IBM Applied DevOps Engineering Professional Certificate
    John Rofrano

    Instructor: John Rofrano

    Top Instructor

    21,172 already enrolled

    Included with Coursera Plus

    •Learn more
    4 modules
    Gain insight into a topic and learn the fundamentals.
    4.7

    97%

    (220 reviews)

    Intermediate level

    Recommended experience

    Recommended experience

    Intermediate level

    Programming experience with Python is required.

    Flexible schedule
    Approx. 17 hours
    Learn at your own pace
    Earn a Certificate
    With paid plans

    4 modules
    Gain insight into a topic and learn the fundamentals.
    4.7

    97%

    (220 reviews)

    Intermediate level

    Recommended experience

    Recommended experience

    Intermediate level

    Programming experience with Python is required.

    Flexible schedule
    Approx. 17 hours
    Learn at your own pace
    Earn a Certificate
    With paid plans
    • About
    • Outcomes
    • Modules
    • Testimonials
    • Reviews
    • Recommendations

    What you'll learn

    • Explain security by design, learn to develop applications using security by design principles; perform defensive coding following OWASP principles.

    • Describe IBM cloud container vulnerability; perform vulnerability scanning and pen testing with Kali Linux.

    • Describe what to look for in app performance; perform troubleshooting using logging, stack trace, and log analytics.

    • Discuss concepts like Golden Signals; list tools for monitoring and troubleshooting; and test monitoring in action with Prometheus and Grafana.

    Skills you'll gain

    • DevSecOps
    • Development Environment
    • Threat Modeling
    • Vulnerability Assessments
    • Open Web Application Security Project (OWASP)
    • Secure Coding
    • Application Performance Management
    • Vulnerability Scanning
    • System Monitoring
    • Application Security
    • Continuous Monitoring
    • Software Development Life Cycle
    • Data Security
    • Security Testing

    Details to know

    Shareable certificate

    Add to your LinkedIn profile

    Assessments

    14 assignments

    Taught in English

    See how employees at top companies are mastering in-demand skills

    Learn more about Coursera for Business
     logos of Petrobras, TATA, Danone, Capgemini, P&G and L'Oreal

    Build your subject-matter expertise

    This course is available as part of
    When you enroll in this course, you'll also be asked to select a specific program.
    • Learn new concepts from industry experts
    • Gain a foundational understanding of a subject or tool
    • Develop job-relevant skills with hands-on projects
    • Earn a shareable career certificate from IBM
    Coursera Career Certificate

    Earn a career certificate

    Add this credential to your LinkedIn profile, resume, or CV

    Share it on social media and in your performance review

    Coursera Career Certificate

    There are 4 modules in this course

    How vulnerable are your applications to security risks and threats? This course will help you identify vulnerabilities and monitor the health of your applications and systems. You’ll examine and implement secure code practices to prevent events like data breaches and leaks, and discover how practices like monitoring and observability can keep systems safe and secure.

    You will gain extensive knowledge on various practices, concepts, and processes for maintaining a secure environment, including DevSecOps practices that automate security integration across the software development lifecycle (SDLC), Static Application Security Testing (SAST) for identifying security flaws, Dynamic Analysis, and Dynamic Testing. You’ll also learn about creating a Secure Development Environment, both on-premise and in the cloud. You’ll explore the Open Web Application Security Project (OWASP) top application security risks, including broken access controls and SQL injections. Additionally, you will learn how monitoring, observability, and evaluation ensure secure applications and systems. You’ll discover the essential components of a monitoring system and how application performance monitoring (APM) tools aid in measuring app performance and efficiency. You’ll analyze the Golden Signals of monitoring, explore visualization and logging tools, and learn about the different metrics and alerting systems that help you understand your applications and systems. Through videos, hands-on labs, peer discussion, and the practice and graded assessments in this course, you will develop and demonstrate your skills and knowledge for creating and maintaining a secure development environment.

    In this module, you will identify how security fits into your workflow and gain a working knowledge of security concepts and terminology. You’ll discover how to design for security in the Software Development Lifecycle (SDLC) and find out about a set of practices known as DevSecOps. You will also discover the OSI model, identify the necessary OSI layers for developers, and implement security measures on the four layers of application development. You will gain insights into security patterns and learn how to organize them. You will describe TLS (Transport Layer Security) and SSL (Secure Sockets Layer), identify how to keep TLS secure in the SDLC, and explore OpenSSL and its purpose. You will learn the strategies, best practices, and methodologies for getting security early into your code to protect applications against threats and vulnerabilities. Further, you’ll find out how you can use tools like vulnerability scanners and threat models to mitigate security vulnerabilities. You’ll also get the opportunity to add key terms like authentication, encryption, and integrity to your security vocabulary. Finally, you will also perform hands-on labs to encrypt and decrypt files using OpenSSL and scan a network environment with Nmap.

    What's included

    11 videos4 readings4 assignments2 app items2 plugins

    11 videos•Total 59 minutes
    • Course Introduction   •4 minutes•Preview module
    • Security by Design•5 minutes
    • What is DevSecOps? •5 minutes
    • The OSI Model•6 minutes
    • Securing Layers for Application Development•6 minutes
    • Security Patterns•7 minutes
    • TLS/SSL•5 minutes
    • What is OpenSSL?•4 minutes
    • Vulnerability Scanning and Threat Modeling  •4 minutes
    • Threat Monitoring  •3 minutes
    • Security Concepts and Terminology•4 minutes
    4 readings•Total 27 minutes
    • Summary & Highlights - Introduction to DevSecOps•2 minutes
    • Summary and Highlights - Understanding the Role of Network Security•3 minutes
    • Getting Started with Network and Port Scanning with Nmap•20 minutes
    • Summary and Highlights - Inspecting Security in Application Development  •2 minutes
    4 assignments•Total 60 minutes
    • Introduction to DevSecOps•10 minutes
    • Understanding the Role of Network Security•10 minutes
    • Inspecting Security in Application Development•10 minutes
    • Graded Quiz: Introduction to Security for Application Development•30 minutes
    2 app items•Total 35 minutes
    • Hands on Lab: Using OpenSSL to Encrypt and Decrypt Files•15 minutes
    • Hands on Lab: Scanning a Network Environment with Nmap•20 minutes
    2 plugins•Total 20 minutes
    • Cheat Sheet: Introduction to Security for Application Development•5 minutes
    • Module 1 Glossary: Introduction to Security for Application Development•15 minutes

    In this module, you will learn the key mitigation strategies to secure your application throughout development and production. You will also discover a range of security testing methods like static analysis, dynamic analysis, vulnerability analysis, software component analysis, and continuous security analysis. You will explore ways to perform code review and ensure runtime protection for application development. You will also perform hands-on labs based on static analysis, dynamic analysis, vulnerability scanning, and vulnerability detection.

    What's included

    9 videos2 readings3 assignments4 app items3 plugins

    9 videos•Total 39 minutes
    • Introduction to Security Testing and Mitigation Strategies  •4 minutes•Preview module
    • Static Analysis  •3 minutes
    • Dynamic Analysis •3 minutes
    • Code Review •3 minutes
    • Vulnerability Analysis•4 minutes
    • Demo Video: Evaluating Vulnerability Analysis•5 minutes
    • Runtime Protection •4 minutes
    • Software Component Analysis•5 minutes
    • Continuous Security Analysis•3 minutes
    2 readings•Total 4 minutes
    • Summary & Highlights - Introduction to Security Testing and Mitigation Strategies•2 minutes
    • Summary & Highlights - Implementing Key Analysis in Applications•2 minutes
    3 assignments•Total 50 minutes
    • Introduction to Security Testing and Mitigation Strategies •10 minutes
    • Implementing Key Analysis in Applications •10 minutes
    • Graded Quiz: Security Testing and Mitigation Strategies •30 minutes
    4 app items•Total 105 minutes
    • Hands-on Lab: Using Static Analysis •30 minutes
    • Hands-on Lab: Using Dynamic Analysis •30 minutes
    • Hands-on Lab: Evaluating Vulnerability Analysis •20 minutes
    • Hands-on Lab: Evaluate Software Component Analysis•25 minutes
    3 plugins•Total 35 minutes
    • Reading: Evaluate Software component analysis•10 minutes
    • Cheat Sheet: Security Testing and Mitigation Strategies•10 minutes
    • Module 2 Glossary: Security Testing and Mitigation Strategies•15 minutes

    In this module, you will learn about the Open Web Application Security Project (OWASP) and its Top 10 security concerns. You’ll learn about application vulnerabilities and discover the top vulnerabilities concerning security experts and professionals. You will explore SQL injection, cross-site scripting, and storing secrets securely. You will also investigate software and data integrity failures, discover how to detect these types of vulnerabilities, and examine ways to mitigate their impact. You will also perform hands-on labs to analyze your code repository using Snyk and use the Vault Python API (hvac) to read, write, and delete key-value secrets in Vault.

    What's included

    10 videos3 readings3 assignments3 app items4 plugins

    10 videos•Total 66 minutes
    • Intro to OWASP (Top 10) Sec Vulnerabilities •4 minutes•Preview module
    • OWASP Top 1-3•7 minutes
    • OWASP Top 4-6•7 minutes
    • OWASP Top 7-10•9 minutes
    • Demo Video: Snyk (SAST) Free Tool•4 minutes
    • SQL Injections  •4 minutes
    • Other Types of SQL Injection Attacks•8 minutes
    • Demo Video: Example of an SQL Injection•7 minutes
    • Cross Site Scripting•4 minutes
    • Storing Secrets Securely•7 minutes
    3 readings•Total 24 minutes
    • Discover Code Vulnerabilities with Snyk (SAST) Free Tool•20 minutes
    • Summary & Highlights - Introducing OWASP Top 10 •2 minutes
    • Summary & Highlights - Diving Deeper into OWASP•2 minutes
    3 assignments•Total 48 minutes
    • Practice Quiz: Introducing OWASP Top 10•8 minutes
    • Diving Deeper into OWASP•10 minutes
    • Graded Quiz: OWASP Application Security Risks•30 minutes
    3 app items•Total 80 minutes
    • Hands-on Lab: Understanding SQL Injections•20 minutes
    • Hands-on Lab: Cross Site Scripting•25 minutes
    • Hands-on Lab: Storing Secrets Securely•35 minutes
    4 plugins•Total 65 minutes
    • Hands on Lab: Discover Code Vulnerabilities with Snyk (SAST) Free Tool•30 minutes
    • Reading: Cross Site Scripting•10 minutes
    • Cheat Sheet: OWASP Application Security Risks•10 minutes
    • Module 3 Glossary: OWASP Application Security Risks•15 minutes

    In this module, you will learn about coding best practices and software dependencies. You’ll also explore how to secure a development environment by deciding what to store in a centralized repository and what not to store in GitHub. You will also perform hands-on labs to create HTTP security headers using flask-talisman and safely store and retrieve secrets using the pass CLI (command-line-interface). As your final project, you will check your code on GitHub for vulnerabilities in order of severity and fix the vulnerabilities. You’ll apply the best practices for reducing the risk of vulnerability.

    What's included

    3 videos3 readings4 assignments2 app items6 plugins

    3 videos•Total 20 minutes
    • Code Practices •5 minutes•Preview module
    • Dependencies  •6 minutes
    • Secure Development Environment•8 minutes
    3 readings•Total 8 minutes
    • Summary & Highlights - Code Development Practices•2 minutes
    • Congratulations and Next Steps•3 minutes
    • Thanks from the Course Team•3 minutes
    4 assignments•Total 130 minutes
    • Code Development Practices•10 minutes
    • Graded Quiz: Security Best Practices •30 minutes
    • Graded Quiz: Final Project•30 minutes
    • Final Assessment •60 minutes
    2 app items•Total 40 minutes
    • Hands-on Lab: Code Practices •20 minutes
    • Hands-on Lab: Secure Development Environment •20 minutes
    6 plugins•Total 123 minutes
    • Reading: CodeQL Analysis•6 minutes
    • Cheat Sheet: Security Best Practices•15 minutes
    • Module 4 Glossary: Security Best Practices•15 minutes
    • Practice Lab: Security Vulnerability Scan and Fix•30 minutes
    • Final Lab: Scan and Fix Vulnerabilities•30 minutes
    • Glossary: Application Security for Developers and DevOps Professionals•27 minutes

    Instructor

    Instructor ratings

    Instructor ratings

    We asked all learners to give feedback on our instructors based on the quality of their teaching style.

    4.7 (50 ratings)
    John Rofrano

    Top Instructor

    John Rofrano
    IBM
    7 Courses•267,042 learners

    Offered by

    IBM

    Offered by

    IBM

    At IBM, we know how rapidly tech evolves and recognize the crucial need for businesses and professionals to build job-ready, hands-on skills quickly. As a market-leading tech innovator, we’re committed to helping you thrive in this dynamic landscape. Through IBM Skills Network, our expertly designed training programs in AI, software development, cybersecurity, data science, business management, and more, provide the essential skills you need to secure your first job, advance your career, or drive business success. Whether you’re upskilling yourself or your team, our courses, Specializations, and Professional Certificates build the technical expertise that ensures you, and your organization, excel in a competitive world.

    Why people choose Coursera for their career

    Felipe M.
    Learner since 2018
    "To be able to take courses at my own pace and rhythm has been an amazing experience. I can learn whenever it fits my schedule and mood."
    Jennifer J.
    Learner since 2020
    "I directly applied the concepts and skills I learned from my courses to an exciting new project at work."
    Larry W.
    Learner since 2021
    "When I need courses on topics that my university doesn't offer, Coursera is one of the best places to go."
    Chaitanya A.
    "Learning isn't just about being better at your job: it's so much more than that. Coursera allows me to learn without limits."

    Learner reviews

    4.7

    220 reviews

    • 5 stars

      78.73%

    • 4 stars

      15.83%

    • 3 stars

      2.26%

    • 2 stars

      0.45%

    • 1 star

      2.71%

    Showing 3 of 220

    E
    EJ
    5

    Reviewed on May 31, 2024

    This one did a much better job explaining more of the little details for people who are truly noobs coming from a non-programming world.

    M
    MG
    5

    Reviewed on Mar 14, 2024

    I directly applied the concepts and skills I learned from my courses to an exciting new project at work

    D
    DH
    5

    Reviewed on Oct 8, 2022

    A​pplication security and monitoring is a huge topic. It's very helpful that some valuable contents are selected and consolidated into this course.

    View more reviews
    Coursera Plus

    Get access to all these courses and more with a subscription

    • P

      Packt

      Fundamentals of Secure Software

      Intermediate · Course

    • P

      Packt

      Secure Software Development

      4.9
      Rating, 4.9 out of 5 stars
      ·
      16 reviews

      Intermediate · Course

    • C

      Codio

      Software Security for Web Applications

      4.8
      Rating, 4.8 out of 5 stars
      ·
      10 reviews

      Intermediate · Course

    • M

      Microsoft

      Secure Your Applications

      4.5
      Rating, 4.5 out of 5 stars
      ·
      13 reviews

      Intermediate · Course

    Learn more

    Career resources

    AI in Software Development: Revolutionizing the Coding Landscape

    March 4, 2025

    Article

    What Does an Application Developer Do?

    March 3, 2025

    Article

    What Is Continuous Integration?

    May 6, 2025

    Article

    What Is the Software Development Life Cycle? SDLC Explained

    May 6, 2025

    Article

    Coursera Plus

    Unlock access to 10,000+ courses with a subscription

    Explore roles and skills, learn more effectively with Coursera Coach, and earn recognized credentials

    Learn more

    Advance your career with an online degree

    Earn a degree from world-class universities - 100% online

    Explore degrees

    Join over 3,400 global companies that choose Coursera for Business

    Upskill your employees to excel in the digital economy

    Learn more

    Frequently asked questions

    No. This is an introductory course that assumes no prior knowledge of DevOps.

    You will need to sign up for a no-charge GitHub account and use other no-charge tools from IBM in your browser.

    Access to lectures and assignments depends on your type of enrollment. If you take a course in audit mode, you will be able to see most course materials for free. To access graded assignments and to earn a Certificate, you will need to purchase the Certificate experience, during or after your audit. If you don't see the audit option:

    • The course may not offer an audit option. You can try a Free Trial instead, or apply for Financial Aid.

    • The course may offer 'Full Course, No Certificate' instead. This option lets you see all course materials, submit required assessments, and get a final grade. This also means that you will not be able to purchase a Certificate experience.

    When you enroll in the course, you get access to all of the courses in the Certificate, and you earn a certificate when you complete the work. Your electronic Certificate will be added to your Accomplishments page - from there, you can print your Certificate or add it to your LinkedIn profile. If you only want to read and view the course content, you can audit the course for free.

    If you subscribed, you get a 7-day free trial during which you can cancel at no penalty. After that, we don’t give refunds, but you can cancel your subscription at any time. See our full refund policyOpens in a new tab.

    More questions

    Visit the learner help center

    Financial aid available,

    Coursera Footer

    Technical Skills

    • ChatGPT
    • Coding
    • Computer Science
    • Cybersecurity
    • DevOps
    • Ethical Hacking
    • Generative AI
    • Java Programming
    • Python
    • Web Development

    Analytical Skills

    • Artificial Intelligence
    • Big Data
    • Business Analysis
    • Data Analytics
    • Data Science
    • Financial Modeling
    • Machine Learning
    • Microsoft Excel
    • Microsoft Power BI
    • SQL

    Business Skills

    • Accounting
    • Digital Marketing
    • E-commerce
    • Finance
    • Google
    • Graphic Design
    • IBM
    • Marketing
    • Project Management
    • Social Media Marketing

    Career Resources

    • Essential IT Certifications
    • High-Income Skills to Learn
    • How to Get a PMP Certification
    • How to Learn Artificial Intelligence
    • Popular Cybersecurity Certifications
    • Popular Data Analytics Certifications
    • What Does a Data Analyst Do?
    • Career Development Resources
    • Career Aptitude Test
    • Share your Coursera Learning Story

    Coursera

    • About
    • What We Offer
    • Leadership
    • Careers
    • Catalog
    • Coursera Plus
    • Professional Certificates
    • MasterTrack® Certificates
    • Degrees
    • For Enterprise
    • For Government
    • For Campus
    • Become a Partner
    • Social Impact
    • Free Courses
    • ECTS Credit Recommendations

    Community

    • Learners
    • Partners
    • Beta Testers
    • Blog
    • The Coursera Podcast
    • Tech Blog
    • Teaching Center

    More

    • Press
    • Investors
    • Terms
    • Privacy
    • Help
    • Accessibility
    • Contact
    • Articles
    • Directory
    • Affiliates
    • Modern Slavery Statement
    • Manage Cookie Preferences
    Learn Anywhere
    Download on the App Store
    Get it on Google Play
    Logo of Certified B Corporation
    © 2025 Coursera Inc. All rights reserved.
    • Coursera Facebook
    • Coursera Linkedin
    • Coursera Twitter
    • Coursera YouTube
    • Coursera Instagram
    • Coursera TikTok
    Coursera

    Sign up

    Learn on your own time from top universities and businesses.

    ​
    ​
    Between 8 and 72 characters
    Your password is hidden
    ​

    or

    Already on Coursera?


    I accept Coursera's Terms of Use and Privacy Notice. Having trouble logging in? Learner help center

    This site is protected by reCAPTCHA Enterprise and the Google Privacy Policy and Terms of Service apply.