Application Security (AppSec) & Secure Coding Practices is a specialized course focused on building software that is resilient to attacks. It begins by addressing the evolving threat landscape in modern software development, with a strong emphasis on the importance of integrating security throughout the software development lifecycle (SDLC). Learners are introduced to secure coding principles for various programming languages including Java, Python, JavaScript, and C#. The course covers common application vulnerabilities identified in the OWASP Top 10 such as SQL Injection, Cross-Site Scripting (XSS), Cross-Site Request Forgery (CSRF), Insecure Deserialization, and Broken Authentication. Each vulnerability is dissected to explain how it occurs, how it can be exploited, and how to prevent it using secure coding patterns, input validation, output encoding, and proper authentication mechanisms. Learners also explore secure API development, encryption techniques, session management, and secure DevOps (DevSecOps) practices. Hands-on labs using platforms like OWASP Juice Shop, DVWA, and WebGoat allow learners to exploit and fix security issues in simulated environments. Code review strategies, automated static and dynamic analysis, and secure CI/CD pipelines are also emphasized. By the end, learners will be prepared to build and maintain secure applications, identify risks in code, and implement best practices for software assurance.