Modern computer systems are almost universally connected, which creates wider attack surfaces well beyond code to users, hardware, and more. Securing systems is thus a fundamental skill for modern software engineers.

This course is a comprehensive introduction to cyber security best practices. You’ll start with an overview of common threats and vulnerabilities, as well as high-level concepts like privilege, integrity, logging, and mediation. With these concepts in mind, you’ll then learn common protection mechanisms and defense strategies from endpoint protection to firewalls, gateways, and proxy servers. Next, you’ll learn monitoring and detection techniques, alerts, and event management. Finally, when you detect a threat, you’ll know how to respond with support tickets, data preservation, and change management.

By the end of this course, you’ll have a better understanding of modern cyber security practices and a clear roadmap to implementing these as a developer.

Cyber Security Best Practices for Developers

## Bugs in software

All software has bugs. There is no such thing as perfect software. Regardless of how pristine the software appears, it’s only a matter of time before a security vulnerability is discovered. Such imperfections can take any of the following forms:


- Code that’s written by in-house or contracted developers.
 

- Software that runs in vendor-provided solutions, such as a security appliance.

- Components that developers download from open source repositories over the internet.

## Find software vulnerabilities

The methods used to find software vulnerabilities can also vary:


- Sometimes it’s by accident, like non-malicious usage or a review of the software.
 

- Other times, it can result from someone intentionally attempting to break the software to see what happens. When intentionally causing an application or server to fail, the attacker can gain information that can be used in a subsequent attack. This is a form of reconnaissance. 

- Software failures can also present an opportunity for the adversary, such as privilege escalation or authentication bypass.



# Bugs in software

All software has bugs. There is no such thing as perfect software. Regardless of how pristine the software appears, it’s only a matter of time before a security vulnerability is discovered. Such imperfections can take any of the following forms:


- Code that’s written by in-house or contracted developers.
 

- Software that runs in vendor-provided solutions, such as a security appliance.

- Components that developers download from open source repositories over the internet.

# Find software vulnerabilities

The methods used to find software vulnerabilities can also vary:


- Sometimes it’s by accident, like non-malicious usage or a review of the software.
 

- Other times, it can result from someone intentionally attempting to break the software to see what happens. When intentionally causing an application or server to fail, the attacker can gain information that can be used in a subsequent attack. This is a form of reconnaissance. 

- Software failures can also present an opportunity for the adversary, such as privilege escalation or authentication bypass.



Learn about software failures, how they’re discovered, and how we can recover from them.


Fail Securely

Learn about software failures, how they’re discovered, and how we can recover from them.

Introduction

Basics of Security

Detect

Protect

Respond

Conclusion

Fail Securely

Bugs in software

Find software vulnerabilities