Course Overview
Get the Fortify security solution in 2 days. Fortify SAST and DAST for Developers is a two day training that explores how the Fortify product suite Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST) scans for security vulnerabilities. As a student you will learn about the threats to applications, as well as the operation and remediation through the Fortify solution. With 70% hands-on activities you will learn how to utilize the Fortify SCA (Static Code Analyzer) and WebInspect.
Who should attend
Software/Application Developers, Product Managers, Development Managers, Q/A Managers, Q/A Analysts, and Application Security Analysts
Prerequisites
To be successful in this course, you should have the following prerequisites or knowledge:
- Basic programming skills (able to read Java, C/C++, or .NET)
- Basic understanding of web technologies: HTTP Requests and Responses, HTML tags, JavaScript, and server-side dynamic content (JSP, ASP or similar)
- Knowledge of Web Application development and security practices
Course Objectives
Upon successful completion of this course, you should be able to:
- Identify application security and the Pernicious Kingdoms
- Successfully run static (SAST) and dynamic (DAST) scans
- Analyze the scan results using both Fortify (SAST) and WebInspect (DAST)
- Manage projects and audit issues using Audit Workbench
Course Content
- Module 1: Application Security overview
- Module 2: Fortify Static Scanning
- Module 3: Scan Results in Audit Workbench (AWB)
- Module 4: Fortify SCA (Static Code Analyzer) Metrics
- Module 5: Fortify IDE Plugins
- Module 6: Analysis Trace and Remediating Vulnerabilities
- Module 7: WebInspect (WI) Application Exploits
- Module 8: Dynamic Scanning with WI
- Module 9: Mobile Scanning with WI
- Module 10: Web Services and API Scanning
- Module 11: Application and Scan Settings