All courses
Computer Science

Application Security, IAM, and Zero Trust

Curated and verified byAarav Deshmukh, Cybersecurity Engineer, Honeywell
Study time: 10 hours
LanguagesEnglish · 简体中文 · Español
$24.00Lifetime access
Certificate of completionverifiable · shareable
Preview

You can ship a feature that works perfectly and is still wide open. The login succeeds, the API returns data, the deploy goes green — and a user can still read another customer's records, a copied-from-a-blog OAuth flow trusts a token it never verified, a service credential with admin rights sits in an environment variable, and "it's behind the VPN" is doing all the security work. None of that shows up in a passing test. This course is for the people who build, run, and review those systems — developers, cloud engineers, security analysts, architects — and it teaches one repeatable move you can make on any application: map the trust boundaries and threats, authenticate every principal properly, authorize each action under least privilege, then verify everything continuously as if the network is already breached. Along the way it settles the things engineers get wrong because the advice changed and nobody told them. Authentication is not authorization. OAuth doesn't log users in — OpenID Connect does, and the ID token is not the access token. A signed JWT is readable, not secret, and "it decoded" is not "it's valid." Forcing 90-day password changes makes things worse; NIST says so now. Zero Trust is an architecture you design, not a product you buy. You'll work from the real canon — the OWASP Top 10 and ASVS, NIST's identity and Zero Trust guidance, the OAuth and OIDC specs, the CISA maturity model — so you can read the source instead of folklore, and keep up as it moves. It's a build-and-defend course, not an exploit catalog: every flaw is taught so you recognize it in your own code and design it out. By the end, a security review stops being something that happens to your code and becomes something you can run yourself.

Lessons

About the course creator

Aarav Deshmukh
Aarav Deshmukh
Cybersecurity Engineer, Honeywell

Aarav Deshmukh is the person organizations call when the dashboard turns red—and, increasingly, before it ever does. Across financial services, healthcare, and cloud software, he has progressed from investigating alerts in security operations centers to designing defenses for entire technology environments. Her experience spans threat hunting, penetration testing, digital forensics, malware analysis, identity and access management, cloud architecture, and secure software development, complemented by responsibility for audits, incident exercises, and executive breach briefings. Aarav has rebuilt detection programs, embedded security reviews into engineering pipelines, and converted complex regulatory requirements into controls that technical teams can realistically maintain. He judges a security program not by the number of tools it owns, but by how quickly it can recognize an attack, contain the damage, and continue operating.

Reviews (1)

5 out of 5
  • sneaky_lion

    love it