全部課程
電腦科學

Application Security, IAM, and Zero Trust

甄選並驗證:Aarav Deshmukh, Cybersecurity Engineer, Honeywell
學習時長:約 10 小時
授課語言English · 简体中文 · Español
US$24.00永久存取
結業證書可驗證 · 可分享
預覽

You can ship a feature that works perfectly and is still wide open. The login succeeds, the API returns data, the deploy goes green — and a user can still read another customer's records, a copied-from-a-blog OAuth flow trusts a token it never verified, a service credential with admin rights sits in an environment variable, and "it's behind the VPN" is doing all the security work. None of that shows up in a passing test. This course is for the people who build, run, and review those systems — developers, cloud engineers, security analysts, architects — and it teaches one repeatable move you can make on any application: map the trust boundaries and threats, authenticate every principal properly, authorize each action under least privilege, then verify everything continuously as if the network is already breached. Along the way it settles the things engineers get wrong because the advice changed and nobody told them. Authentication is not authorization. OAuth doesn't log users in — OpenID Connect does, and the ID token is not the access token. A signed JWT is readable, not secret, and "it decoded" is not "it's valid." Forcing 90-day password changes makes things worse; NIST says so now. Zero Trust is an architecture you design, not a product you buy. You'll work from the real canon — the OWASP Top 10 and ASVS, NIST's identity and Zero Trust guidance, the OAuth and OIDC specs, the CISA maturity model — so you can read the source instead of folklore, and keep up as it moves. It's a build-and-defend course, not an exploit catalog: every flaw is taught so you recognize it in your own code and design it out. By the end, a security review stops being something that happens to your code and becomes something you can run yourself.

課程目錄

關於課程作者

Aarav Deshmukh
Aarav Deshmukh
Cybersecurity Engineer, Honeywell

Aarav Deshmukh is the person organizations call when the dashboard turns red—and, increasingly, before it ever does. Across financial services, healthcare, and cloud software, he has progressed from investigating alerts in security operations centers to designing defenses for entire technology environments. Her experience spans threat hunting, penetration testing, digital forensics, malware analysis, identity and access management, cloud architecture, and secure software development, complemented by responsibility for audits, incident exercises, and executive breach briefings. Aarav has rebuilt detection programs, embedded security reviews into engineering pipelines, and converted complex regulatory requirements into controls that technical teams can realistically maintain. He judges a security program not by the number of tools it owns, but by how quickly it can recognize an attack, contain the damage, and continue operating.

評價 (1)

5 / 5
  • sneaky_lion

    love it