Fortify-SAST-22.1-Fortify SCA and SSC

Kód kurzu: FTSCA250

This course provides participants with demonstrations and hands-on activities using a practical, Fortify solutions-based approach to identify and mitigate today’s most common business security risks to applications. As a students, you will learn to scan, assess and secure applications using the Fortify Static Code Analyzer (SCA) and Software Security Center (SSC).

This course includes hands-on activities to:

  • Setup applications in Fortify Software Security Center (SSC)
  • Successfully run static code application scans and analyze the scan results through multiple platforms including: Audit Workbench, Command Line, and Scan Wizard
  • Identify security vulnerabilities from Fortify scan results and Smart View option
  • Find, filter, categorize, group, and audit security vulnerabilities found in your code
  • Utilize the Fortify IDE Plugins including Visual Studio and Eclipse with Security Assistant
  • Manage applications in SSC, utilizing Audit Assistant and bug tracking
69 300 Kč

83 853 Kč s DPH

Nejbližší termín od 20.01.2025

Výběr termínů

Odborní
certifikovaní lektoři

Mezinárodně
uznávané certifikace

Široká nabídka technických
a soft skills kurzů

Skvělý zákaznický
servis

Přizpůsobení kurzů
přesně na míru

Termíny kurzu

Počáteční datum: 20.01.2025

Forma: Virtuální

Délka kurzu: 4 dny

Jazyk: en

Cena bez DPH: 69 300 Kč

Registrovat

Počáteční datum: 07.04.2025

Forma: Virtuální

Délka kurzu: 4 dny

Jazyk: en

Cena bez DPH: 69 300 Kč

Registrovat

Počáteční datum: 15.09.2025

Forma: Virtuální

Délka kurzu: 4 dny

Jazyk: en

Cena bez DPH: 69 300 Kč

Registrovat

Počáteční datum: Na vyžádání

Forma: Prezenční/Virtuální

Délka kurzu: 4 dny

Jazyk: en/cz

Cena bez DPH: 69 300 Kč

Registrovat

Počáteční
datum
Místo
konání
Forma Délka
kurzu
Jazyk Cena bez DPH
20.01.2025 Virtuální 4 dny en 69 300 Kč Registrovat
07.04.2025 Virtuální 4 dny en 69 300 Kč Registrovat
15.09.2025 Virtuální 4 dny en 69 300 Kč Registrovat
Na vyžádání Prezenční/Virtuální 4 dny en/cz 69 300 Kč Registrovat
G Garantovaný kurz

Nenašli jste vhodný termín?

Napište nám o vypsání alternativního termínu na míru.

Kontakt

Popis kurzu

Upon successful completion of this course, you should be able to:

  • Scan applications thoroughly and correctly using Fortify
  • Audit Fortify scan results to create a prioritized list of high-impact security findings
  • Correctly and efficiently validate security findings
  • Build a custom Data Flow Cleanse rule
  • Integrate and manage projects through the SSC to ensure good processes

Cílová skupina

This course is intended for application developers or security auditors who are new to or have been
using the Fortify SCA and SSC to develop secure applications. It is also useful for development managers and application security champions.

Struktura kurzu

Module 1: Fortify Architecture and Application Security Overview

  • Identify the Fortify architectural structure and workflow
  • Recognize the importance of application security in your Software Development Life Cycle (SDLC)

Module 2: Fortify SSC Setup

  • Recognize the Application version and Administration options
  • Create an application version and update SSC Rulepacks
  • Integrate Audit Workbench scan results with SSC application versions

Module 3: Fortify SCA Analyzers Metrics

  • Describe the automated scanning process
  • Explain the function of each Analyzer
  • Recognize how the findings are placed within each risk folder

Module 4: Fortify Static Scanning

  • Define the features and usage of Fortify’s scanning options
  • Recognize the different IDE plugins that integrate with Fortify SCA Analysis
  • Successfully run Fortify scans in several ways, using:
    o Audit Workbench
    o Scan Wizard
    o Command Line
    o Eclipse
    o Visual Studio

Module 5: Auditing Fortify Scan Results

  • Verify your scan results in Audit Workbench
  • Identify the findings in the Critical folder
  • Utilize Smart View for a visual representation of the dataflow issues in your code
  • Recognize findings categories in the Critical folder
  • Apply the appropriate validation method to remediate a given vulnerability
  • Filter, Audit, and suppress issues to reduce noise
  • Find information, i.e. Details and Recommendations, to fix security issues

Module 6: Data Validation

  • Securely implement data validation
  • Select the right data validation for a particular situation
  • Extend data validation libraries

Module 7: Analysis Trace and Remediating Vulnerabilities

  • Properly read the analysis trace
  • Audit vulnerabilities for:
    o SQL Injection
    o XSS
    o Log Forging
    o Cross-Site Request Forgery (CSRF)

Module 8: Custom Rules

  • Recognize how to use data flow cleanse rules to integrate data validation into Fortify
  • Create a data validation rule

Module 9: Utilize Fortify SSC (Software Security Center), Audit and Report

  • Effectively navigate the Fortify SSC (Software Security Center)
  • Review scan results upload and audit issues using SSC capabilities
  • Generate reports to show outstanding issues, progress on security goals and a summary of the vulnerabilities detected during a scan

Module 10: Bug Tracking Integration

  • Utilize Bug tracking tool through the SSC and AWB

Module 11: Utilize Audit Assistant in SSC

  • Recognize the value for utilizing Audit Assistant
  • Define the Fortify Scan Analytics tenant Prediction Policies
  • Configure your SSC to utilize Audit Assistant
  • Submit training data, issues, and review the AA results

Předpokládané znalosti

To be successful in this course, you should have the following prerequisites or knowledge:

  • Basic programming skills (able to read Java, C/C++, or .NET)
  • Basic understanding of web technologies: HTTP Requests and Responses, HTML tags, JavaScript, and server-side dynamic content (JSP, ASP or similar)
  • Knowledge of Web and Application development practices
  • Experience developing and/or managing software development for security
  • Have an understanding of your organization’s compliance requirements

Potřebujete poradit nebo upravit kurz na míru?

onas

produktová podpora

Platební brána ComGate Logo MasterCard Logo Visa