This course sets out to introduce some of the most important aspects of secure programming, with a focus on web application development.
The Secure Software Development Life Cycle (SSDLC) is a framework that aims to incorporate security at every phase of the software development process. It ensures security is built into software from the start and not after deployment.
Threat modelling is a way of thinking about what might go wrong and how to prevent it. It involves identifying, quantifying, and addressing the security risks associated with an application.
The OWASP Top 10 is a standard awareness document representing a consensus about the most critical security risks to web applications. The Top 10 project aims to raise awareness about application security by identifying some of the most critical risks facing organisations.
We will discuss high-level security measures such as encryption, two-factor authentication, secure coding practices, and more.
The codebase that we will be using throughout this course is developed using the following technologies:
We will work on a Spring Boot application developed using Java 21. Java 21 brings several new features and improvements, making our application more robust and secure.
The front-end of our application is developed using the Angular framework. Angular's built-in protections against common web-application vulnerabilities ensure that our application is secure.
Along with Angular, we will also be using plain JavaScript and HTML for certain parts of our application. We will adopt best practices for writing secure JavaScript and HTML code.
This mix of technologies will give us an opportunity to learn and understand secure programming practices in diverse programming environments.