Webové stránky používají k poskytování služeb, personalizaci reklam a analýze návštěvnosti soubory cookie. Informace, jak tyto stránky používáte, jsou sdíleny se společností Google. Používáním souhlasíte s použitím souborů cookie. Více informací.

Rozumím

Kód školení: FTSCA250200

Fortify SCA and SSC V(ILT) with Exam

This course provides participants with demonstrations and hands-on activities using a practical, Fortify solutions-based approach to identify and mitigate today’s most common business security risks to applications. As a students, you will learn to scan, assess and secure applications using the Fortify Static Code Analyzer (SCA) and Software Security Center (SSC). This course includes hands-on activities to:

  • Setup applications in Fortify Software Security Center (SSC)
  • Successfully run static code application scans and analyze the scan results through multiple platforms including: Audit Workbench, Command Line, and Scan Wizard
  • Identify security vulnerabilities from Fortify scan results and Smart View option
  • Find, filter, categorize, group, and audit security vulnerabilities found in your code
  • Utilize the Fortify IDE Plugins including Visual Studio and Eclipse with Security Assistant
  • Manage applications in SSC, utilizing Audit Assistant and bug tracking

Obsah školení

Module 1: Fortify Architecture and Application Security Overview
 Identify the Fortify architectural structure and workflow
 Recognize the importance of application security in your Software Development Life Cycle (SDLC)


Module 2: Fortify SSC Setup

 Recognize the Application version and Administration options
 Create an application version and update SSC Rulepacks
 Integrate Audit Workbench scan results with SSC application versions


Module 3: Fortify SCA Analyzers Metrics


 Describe the automated scanning process
 Explain the function of each Analyzer Certified Professional+ EXAM Fortify SCA-SSC Certification Training
 Recognize how the findings are placed within each risk folder


Module 4: Fortify Static Scanning

 Define the features and usage of Fortify’s scanning options
 Recognize the different IDE plugins that integrate with
Fortify SCA Analysis
 Successfully run Fortify scans in several ways, using:
o Audit Workbench
o Scan Wizard
o Command Line
o Eclipse
o Visual Studio


Module 5: Auditing Fortify Scan Results


 Verify your scan results in Audit Workbench
 Identify the findings in the Critical folder
 Utilize Smart View for a visual representation of the dataflow issues in your code
 Recognize findings categories in the Critical folder
 Apply the appropriate validation method to remediate a given vulnerability
 Filter, Audit, and suppress issues to reduce noise
 Find information, i.e. Details and Recommendations, to fix security issues


Module 6: Data Validation

 Securely implement data validation
 Select the right data validation for a particular situation
 Extend data validation libraries


Module 7: Analysis Trace and Remediating Vulnerabilities


 Properly read the analysis trace
 Audit vulnerabilities for:
o SQL Injection
o XSS
o Log Forging
o Cross-Site Request Forgery (CSRF)


Module 8: Custom Rules

 Recognize how to use data flow cleanse rules to integrate data validation into Fortify
 Create a data validation rule


Module 9: Utilize Fortify SSC (Software Security Center), Audit and Report


 Effectively navigate the Fortify SSC (Software Security Center)
 Review scan results upload and audit issues using SSC capabilities
 Generate reports to show outstanding issues, progress on security goals and a summary of the vulnerabilities detected during a scan


Module 10: Bug Tracking Integration

 Utilize Bug tracking tool through the SSC and AWB


Module 11: Utilize Audit Assistant in SSC


 Recognize the value for utilizing Audit Assistant
 Define the Fortify Scan Analytics tenant Prediction Policies
 Configure your SSC to utilize Audit Assistant
 Submit training data, issues, and review the AA results

Předpokládané znalosti

To be successful in this course, you should have the following prerequisites or knowledge:
 Basic programming skills (able to read Java, C/C++, or .NET)
 Basic understanding of web technologies: HTTP Requests and Responses, HTML tags, JavaScript,
and server-side dynamic content (JSP, ASP or similar)
 Knowledge of Web and Application development practices
 Experience developing and/or managing software development for security
 Have an understanding of your organization’s compliance requirements

Cena školení

41.600,- Kč bez DPH
50.336,- Kč s DPH

Termíny školení

Momentálně nejsou vypsané žádné termíny kurzu. Napište nám o termín.

Virtuální kurz

Datum Jazyk kurzu Délka kurzu
17. května 2021 Angličtina 4 dny Registrovat

Alternativní termín

Nevyhovuje vám žádný z navrhovaných termínů? Napište nám o vypsání alternativního termínu.

Kontaktujte nás