FT120 – Fortify SAST and DAST for Developers

Course code: FT120

Fortify SAST and DAST for Developers is a two day training that explores how the Fortify product suite Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST) scans for security vulnerabilities. As a student you will learn about the threats to applications, as well as the operation and remediation through the Fortify solution. With 70% hands-on activities you will learn how to utilize the Fortify SCA (Static Code Analyzer) and WebInspect.

1 448 EUR

1 752 EUR including VAT

Selection of dates
onas
Do you have a question?
+420 731 175 867 edu@edutrainings.cz

Professional
and certified lecturers

Internationally
recognized certifications

Wide range of technical
and soft skills courses

Great customer
service

Making courses
exactly to measure your needs

Course dates

Starting date: Upon request

Type: In-person/Virtual

Course duration: 2 days

Language: en/cz

Price without VAT: 1 448 EUR

Register

Starting
date
Place
Type Course
duration
Language Price without VAT
Upon request In-person/Virtual 2 days en/cz 1 448 EUR Register
G Guaranteed course

Didn't find a suitable date?

Write to us about listing an alternative tailor-made date.

Contact

Target group

Software/Application Developers, Product Managers, Development Managers, Q/A Managers, Q/A Analysts, and Application Security Analysts

Course structure

Module 1: Application Security overview

  • Review the OWASP Top 10 2017
  • Recognize layers of Securing Data (whitebox and Blackbox testing)

Module 2: Fortify Static Scanning

  • Run several different types of scans using Fortify
  • Practice memory tuning to optimize scanning

Module 3: Scan Results in Audit Workbench (AWB)

  • Identify the findings in the Critical folder
  • Apply the appropriate validation method to remediate a given vulnerability in the Critical folder
  • Audit and suppress findings

Module 4: Fortify SCA (Static Code Analyzer) Metrics

  • Describe the Scanning Process
  • Explain the function of each Analyzer
  • Recognize how the findings are placed within each risk folder

Module 5: Fortify IDE Plugins

  • Configure and scan using the Fortify IDE plugins Visual Studio and Eclipse

Module 6: Analysis Trace and Remediating Vulnerabilities

  • Properly read the analysis trace
  • Learn how to remediate vulnerabilities

Module 7: WebInspect (WI) Application Exploits

  • Identify characteristics of Web-based application security defects
  • Recognize prevalent software attacks

Module 8: Dynamic Scanning with WI

  • Produce scans and create macros
  • Evaluate then remediate your scan results

Module 9: Mobile Scanning with WI

  • Recognize WebInpsect Mobile Templates, Devices and Software
  • Recognize the steps for Native Mobile Scanning

Module 10: Web Services and API Scanning

  • Describe Web Services (SOAP) scanning capabilities
  • Perform a Web services scan

Module 11: Application and Scan Settings

  • Review the primary application and default scan setting options in WebInspect

 

 

Prerequisites

To be successful in this course, you should have the following prerequisites or knowledge:

  • Basic programming skills (able to read Java, C/C++, or .NET)
  • Basic understanding of web technologies: HTTP Requests and Responses, HTML tags, JavaScript, and server-side dynamic content (JSP, ASP or similar)
  • Knowledge of Web and Application Development practices

Do you need advice or a tailor-made course?

onas

product support

ComGate payment gateway MasterCard Logo Visa logo