Cílová skupina
Tato část není lokalizována
Software/Application Developers, Product Managers, Development Managers, Q/A Managers, Q/A Analysts, and Application Security Analysts
Struktura kurzu
Tato část není lokalizována
Module 1: Application Security overview
- Review the OWASP Top 10 2017
- Recognize layers of Securing Data (whitebox and Blackbox testing)
Module 2: Fortify Static Scanning
- Run several different types of scans using Fortify
- Practice memory tuning to optimize scanning
Module 3: Scan Results in Audit Workbench (AWB)
- Identify the findings in the Critical folder
- Apply the appropriate validation method to remediate a given vulnerability in the Critical folder
- Audit and suppress findings
Module 4: Fortify SCA (Static Code Analyzer) Metrics
- Describe the Scanning Process
- Explain the function of each Analyzer
- Recognize how the findings are placed within each risk folder
Module 5: Fortify IDE Plugins
- Configure and scan using the Fortify IDE plugins Visual Studio and Eclipse
Module 6: Analysis Trace and Remediating Vulnerabilities
- Properly read the analysis trace
- Learn how to remediate vulnerabilities
Module 7: WebInspect (WI) Application Exploits
- Identify characteristics of Web-based application security defects
- Recognize prevalent software attacks
Module 8: Dynamic Scanning with WI
- Produce scans and create macros
- Evaluate then remediate your scan results
Module 9: Mobile Scanning with WI
- Recognize WebInpsect Mobile Templates, Devices and Software
- Recognize the steps for Native Mobile Scanning
Module 10: Web Services and API Scanning
- Describe Web Services (SOAP) scanning capabilities
- Perform a Web services scan
Module 11: Application and Scan Settings
- Review the primary application and default scan setting options in WebInspect
