Course Overview
In this training you will learn how WebInspect automates DAST (Dynamic Application Security Testing). Security professionals and compliance auditors will practice how to efficiently scan Web applications, Web services, and REST API. Then, navigate the scan results to analyze the detected vulnerabilities to secure your applications. This course includes many practical hands-on exercises for the beginner and intermediate WebInspect user.
Who should attend
This course is intended for those whose primary responsibilities include:
- Evaluating your organization's application security posture, quality, and compliance
- Application development and dynamic testing
- Quality Assurance (QA) testing
Prerequisites
To be successful in this course, you should have the following prerequisites or knowledge.
- An understanding of basic Web communication protocols.
- Familiarity with some of the most common Web application vulnerabilities
Course Objectives
Upon successful completion of this course, you should be able to:
- Define how an attacker looks at a web application for exploitation
- Define HTTP protocol to search for vulnerabilities
- Recognize the functional characteristics and components of WebInspect
- Create comprehensive, manual, work-flow driven, REST API and Web services scans
- Create Web macros, custom scan policies and reports
- Analyze the scan results and investigate vulnerabilities
- Utilize the WebInspect’s Application settings, Scan settings and the security toolkit
Course Content
- Module 1: Application Security and OWASP Top 10
- Module 2: WebInspect Components and Concepts
- Module 3: Scanning and Macros
- Module 4: Mobile Scanning
- Module 5: HTTP for Security Testers
- Module 6: Scan Results
- Module 7: Managing Scan Policies
- Module 8: Reports
- Module 9: Web Services and REST API Scanning
- Module 10: Application and Default Scan Settings
- Module 11: Security Toolkit
Englisch