Assessing Application Security
*(ISC)² Members/Associates can access this course for free by logging in above and clicking the 'My Courses' menu item.
*Free for (ISC)² Members/Associates by logging in above and clicking "My Courses". In today’s app-enabled world it is more important than ever for security practitioners to work with their organization to ensure their digital assets are adequately protected against attacks. In most cases, the internet-facing application is the primary targets for attackers. Applications, when not properly hardened and secured, create the entryway for criminals to gain access to sensitive data or even allow for the complete compromise of the underlying system. Whether the application is bought, built or acquired it is important to consider its vulnerabilities and the types of attacks that might be used to exploit them. This course will explore the foundations of how to assess an application’s security.
This course includes the following five (5) lab exercises: 1) Requirements Generation 2) Attack Surface Analysis 3) Abuse Cases 4) Threat Modeling and 5) Vulnerability Analysis.
Audience or Who Should Take This Course
Experienced cyber, information, software and infrastructure security professionals who better want to understand the vulnerabilities and the types of attacks that might be used to exploit applications that are bought, built or acquired.
The intended audience for this course is entry level security practitioners or anyone hoping to learn more about application security, specifically vulnerabilities and the types of attacks that might be used to exploit applications that are bought, built or acquired. This includes application developers or project managers/owners who want to learn more about security requirements. No prerequisite knowledge is required, although an understanding of security software and infrastructure concepts is recommended.
How This Course Works
This course is a four-hour PDI Lab introduces the learner to different phases of a secure development lifecycle, security requirements, and threat models. It is a hands-on, self-paced course delivered in a VM environment using a US keyboard configuration. Throughout this course, learners experience the following activities:
- Review of foundational information needed to succeed in the lab
- Video walkthrough for additional support. (optional)
- Five lab exercises including:
- Requirements Generation
- Attack Surface Analysis
- Abuse Cases
- Threat Modeling
- Vulnerability Analysis
- Additional resources
- Knowledge Checks, Summary Checks, and Final Assessment
- Course Evaluation
Note: Once you begin the lab, you will have 7 days to complete all activities. After 7 days, all progress will be reset.
CPE credits for (ISC)2 credentials must be self-reported by members and associates through the (ISC)2 CPE Portal accessible via www.isc2.org using your member login credentials.
CPE credits earned for this course may be eligible for continuing professional education credits for non-(ISC)² certifications. Please visit the continuing education requirements established by the credentialing organization for eligibility.
For specific questions related to your CPE credits or the CPE portal please contact member support - firstname.lastname@example.org