Fortify SCA and SSC V(ILT) with Exam

This course provides participants with demonstrations and hands-on activities using a practical, Fortify solutions-based approach to identify and mitigate today’s most common business security risks to applications. As a students, you will learn to scan, assess and secure applications using the Fortify Static Code Analyzer (SCA) and Software Security Center (SSC). This course includes hands-on activities to:

• Setup applications in Fortify Software Security Center (SSC)
• Successfully run static code application scans and analyze the scan results through multiple platforms including: Audit Workbench, Command Line, and Scan Wizard
• Identify security vulnerabilities from Fortify scan results and Smart View option
• Find, filter, categorize, group, and audit security vulnerabilities found in your code
• Utilize the Fortify IDE Plugins including Visual Studio and Eclipse with Security Assistant
• Manage applications in SSC, utilizing Audit Assistant and bug tracking

Obsah školení

Module 1: Fortify Architecture and Application Security Overview
 Identify the Fortify architectural structure and workflow
 Recognize the importance of application security in your Software Development Life Cycle (SDLC)

Module 2: Fortify SSC Setup

 Recognize the Application version and Administration options
 Create an application version and update SSC Rulepacks
 Integrate Audit Workbench scan results with SSC application versions

Module 3: Fortify SCA Analyzers Metrics

 Describe the automated scanning process
 Explain the function of each Analyzer Certified Professional+ EXAM Fortify SCA-SSC Certification Training
 Recognize how the findings are placed within each risk folder

Module 4: Fortify Static Scanning

 Define the features and usage of Fortify’s scanning options
 Recognize the different IDE plugins that integrate with
Fortify SCA Analysis
 Successfully run Fortify scans in several ways, using:
o Audit Workbench
o Scan Wizard
o Command Line
o Eclipse
o Visual Studio

Module 5: Auditing Fortify Scan Results

 Verify your scan results in Audit Workbench
 Identify the findings in the Critical folder
 Utilize Smart View for a visual representation of the dataflow issues in your code
 Recognize findings categories in the Critical folder
 Apply the appropriate validation method to remediate a given vulnerability
 Filter, Audit, and suppress issues to reduce noise
 Find information, i.e. Details and Recommendations, to fix security issues

Module 6: Data Validation

 Securely implement data validation
 Select the right data validation for a particular situation
 Extend data validation libraries

Module 7: Analysis Trace and Remediating Vulnerabilities

 Properly read the analysis trace
 Audit vulnerabilities for:
o SQL Injection
o XSS
o Log Forging
o Cross-Site Request Forgery (CSRF)

Module 8: Custom Rules

 Recognize how to use data flow cleanse rules to integrate data validation into Fortify
 Create a data validation rule

Module 9: Utilize Fortify SSC (Software Security Center), Audit and Report

 Effectively navigate the Fortify SSC (Software Security Center)
 Review scan results upload and audit issues using SSC capabilities
 Generate reports to show outstanding issues, progress on security goals and a summary of the vulnerabilities detected during a scan

Module 10: Bug Tracking Integration

 Utilize Bug tracking tool through the SSC and AWB

Module 11: Utilize Audit Assistant in SSC

 Recognize the value for utilizing Audit Assistant
 Define the Fortify Scan Analytics tenant Prediction Policies
 Configure your SSC to utilize Audit Assistant
 Submit training data, issues, and review the AA results