Call : (+91) 968636 4243
Mail : info@EncartaLabs.com
EncartaLabs

Fortify SAST and DAST for Developers

( Duration: 2 Days )

This Fortify SAST and DAST for Developers training course explores how the Fortify product suite Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST) scans for security vulnerabilities. You will learn about the threats to applications, as well as the operation and remediation through the Fortify solution.

By attending Fortify SAST and DAST for Developers workshop, delegates will learn to:

  • Identify application security and the Pernicious Kingdoms
  • Successfully run static (SAST) and dynamic (DAST) scans
  • Analyze the scan results using both Fortify (SAST) and WebInspect (DAST)
  • Manage projects and audit issues using Audit Workbench

  • Basic programming skills (able to read Java, C/C++, or .NET)
  • Basic understanding of web technologies: HTTP Requests and Responses, HTML tags, JavaScript, and server-side dynamic content (JSP, ASP or similar)
  • Knowledge of Web Application development and security practices

The Fortify SAST and DAST for Developers class is ideal for:

  • Software/Application Developers, Product Managers, Development Managers, Q/A Managers, Q/A Analysts, and Application Security Analysts

COURSE AGENDA

DAY 1 - SAST

1

Application Security overview

  • Review the OWASP Top 10
  • Recognize layers of Securing Data (whitebox and Blackbox testing)
2

Fortify Static Scanning

  • Run several different types of scans using Fortify
  • Practice memory tuning to optimize scanning
3

Scan Results in Audit Workbench (AWB)

  • Identify the findings in the Critical folder
  • Apply the appropriate validation method to remediate a given vulnerability in the Critical folder
  • Audit and suppress findings
4

Fortify SCA (Static Code Analyzer) Metrics

  • Describe the Scanning Process
  • Explain the function of each Analyzer
  • Recognize how the findings are placed within each risk folder
5

Fortify IDE Plugins

  • Configure and scan using the Fortify IDE plugins Visual Studio and Eclipse
6

Analysis Trace and Remediating Vulnerabilities

  • Properly read the analysis trace
  • Learn how to remediate vulnerabilities including:
    • SQL Injection
    • XSS
    • Log Forging
DAY 2 - DAST

7

WebInspect (WI) Application Exploits

  • Identify characteristics of Web-based application security defects
  • Recognize prevalent software attacks, such as
    • SQL Injection
    • Cross Site Scripting (XSS)
8

Dynamic Scanning with WI

  • Produce scans and create macros
  • Evaluate then remediate your scan results
9

Mobile Scanning with WI

  • Recognize WebInpsect Mobile Templates, Devices and Software
  • Recognize the steps for Native Mobile Scanning
10

Web Services Scanning

  • Describe Web Services (SOAP) scanning capabilities
  • Perform a Web services scan
11

Application and Scan Settings

  • Review the primary application and default scan setting options in WebInspect

Encarta Labs Advantage

  • One Stop Corporate Training Solution Providers for over 6,000 various courses on a variety of subjects
  • All courses are delivered by Industry Veterans
  • Get jumpstarted from newbie to production ready in a matter of few days
  • Trained more than 50,000 Corporate executives across the Globe
  • All our trainings are conducted in workshop mode with more focus on hands-on sessions

View our other course offerings by visiting https://www.encartalabs.com/course-catalogue-all.php

Contact us for delivering this course as a public/open-house workshop/online training for a group of 10+ candidates.

Top
Notice
X