Résumé du cours
This course provides participants with demonstrations and hands-on activities using a practical, solutions-based approach to identify and mitigate today’s most common business security risks to applications. As a students, you will learn to scan, assess and secure applications using the Fortify Static Code Analyzer (SCA) and Software Security Center (SSC). This course includes hands-on activities to :
- Successfully run static code application scans and analyze the scan results
- Identify security vulnerabilities from scan results and SmartView
- Find, categorize, and remediate security vulnerabilities found in the code
- Utilize the Fortify Plugins Eclipse and Security Assistant
- Manage applications, Audit Assistant, and bug tracking within the Software Security Center (SSC)
Moyens d'évaluation :
- Quiz pré-formation de vérification des connaissances (si applicable)
- Évaluations formatives pendant la formation, à travers les travaux pratiques réalisés sur les labs à l’issue de chaque module, QCM, mises en situation…
- Complétion par chaque participant d’un questionnaire et/ou questionnaire de positionnement en amont et à l’issue de la formation pour validation de l’acquisition des compétences
A qui s'adresse cette formation
This course is intended for application developers who are new to or have been using the Fortify SCA and/or SSC to develop secure applications. It is also useful for development managers, security-focused QA testers, and security experts.
Pré-requis
To be successful in this course, you should have the following prerequisites or knowledge:
- Basic programming skills (able to read Java, C/C++, or .NET)
- Basic understanding of web technologies: HTTP Requests and Responses, HTML tags, JavaScript,and server-side dynamic content (JSP, ASP or similar)
- Knowledge of Web and Application development practices
- Experience developing and/or managing software development for security
- Have an understanding of your organization’s compliance requirements
Objectifs
Upon successful completion of this course, you should be able to:
- Scan applications thoroughly and correctly in Fortify
- Assess raw scan results to create a prioritized list of high-impact security findings
- Correctly and efficiently remediate validated security findings
- Utilize the bug tracking capabilities
- Utilize the Audit Assistant feature in the SSC
- Manage projects to ensure good processes
Contenu
- Module 1: Application Security Overview
- Module 2: Scanning with Fortify
- Module 3: Audit Workbench (AWB) Scan Results
- Module 4: Fortify SCA (Static Code Analyzer)
- Module 5: Plugins (Eclipse and Jenkins)
- Module 6: Data Validation
- Module 7: Analysis Trace and Remediating Vulnerabilities
- Module 8: Custom Rules
- Module 9: Managing Project within SSC (Software Security Center)
- Module 10: Bug Tracking
- Module 11: Audit Assistant
Moyens Pédagogiques :