In this module, you’ll learn how to embed security directly into your applications and development processes. You’ll explore Secure by Design principles, secure coding techniques, and secure configuration practices to prevent critical vulnerabilities. Through practical demonstrations, static and dynamic application security testing, and runtime protection strategies, you’ll develop the skills to identify, mitigate, and manage vulnerabilities throughout the software development lifecycle. This module emphasizes proactive security practices aligned with industry standards such as OWASP Top 10 and SANS Top 25 to ensure robust, production-ready applications.

In this module, you’ll learn how to systematically identify and analyze security threats before they become costly vulnerabilities. You’ll explore industry-standard methodologies, including STRIDE, and gain hands-on experience with threat modeling tools like OWASP Threat Dragon, attack trees, and Rapid Threat Modeling Prototyping (RTMP). By applying these techniques to real-world scenarios, you’ll develop the skills to anticipate attack vectors, prioritize risks using OWASP and CVSS frameworks, and translate findings into actionable security controls that strengthen application defenses from design through deployment.

In this module, you’ll learn how to secure the software supply chain and CI/CD pipelines critical to modern development. You’ll explore techniques for evaluating and securing open-source components, third-party dependencies, and vendor relationships while integrating automated security testing throughout development pipelines. Hands-on exercises with Software Bill of Materials (SBOM) creation, dependency management, and monitoring tools equip you to prevent supply chain attacks, ensure compliance with industry standards, and maintain secure DevOps workflows without slowing delivery.

In this module, you’ll learn how to secure cloud-native applications, containers, and serverless environments while implementing continuous monitoring and governance. You’ll explore cloud security architectures using CSA Cloud Controls Matrix standards, container and runtime security practices, and Infrastructure-as-Code (IaC) automation for secure deployments. Hands-on exercises with monitoring tools, Kubernetes RBAC, and secrets management help you protect dynamic cloud workloads, detect threats in real time, and maintain compliance across hybrid and multi-cloud environments.

In this final module, you will synthesize your learning across secure coding, threat modeling, supply chain protection, and cloud-native security practices. You’ll bring these core concepts together in a hands-on capstone project where you will perform a complete threat modeling exercise using OWASP Threat Dragon. This project demonstrates your ability to identify risks, design effective mitigations, and integrate security into the software development lifecycle. By the end, you will be prepared to showcase your expertise in applying industry-standard frameworks and tools to build secure, resilient applications that align with both technical requirements and organizational goals.