Skip to navigation (Press Enter)
Skip to search (Press Enter)
Skip to course offerings (Press Enter)
Skip to content (Press Enter)

+49 40 253346-10 Contact

FTSCA-250-200

Online Training

Duration
4 days

Price

3,000.— € (excl. tax)
3,570.— € (incl. 19% tax)

Dates and Booking

Request a date

Classroom Training

Duration
4 days

Price

Germany:
3,000.— € (excl. tax)
3,570.— € (incl. 19% tax)

Dates and Booking

Request a date

Onsite Training

Request onsite training

OpenText

Fortify-SCA and SSC (FTSCA-250-200) – Outline

Detailed Course Outline

Module 1: Fortify Architecture and Application Security Overview

Identify the Fortify architectural structure and workflow
Recognize the importance of application security in your Software Development Life Cycle (SDLC)

Module 2: Fortify SSC Setup

Recognize the Application version and Administration options
Create an application version and update SSC Rulepacks
Integrate Audit Workbench scan results with SSC application versions

Module 3: Fortify SCA Analyzers Metrics

Describe the automated scanning process
Explain the function of each Analyzer
Recognize how the findings are placed within each risk folder

Module 4: Fortify Static Scanning

Define the features and usage of Fortify’s scanning options
Recognize the different IDE plugins that integrate with Fortify SCA Analysis
Successfully run Fortify scans in several ways, using:

Audit Workbench
Scan Wizard
Command Line
Eclipse
Visual Studio

Module 5: Auditing Fortify Scan Results

Verify your scan results in Audit Workbench
Identify the findings in the Critical folder
Utilize Smart View for a visual representation of the dataflow issues in your code
Recognize findings categories in the Critical folder
Apply the appropriate validation method to remediate a given vulnerability
Filter, Audit, and suppress issues to reduce noise
Find information, i.e. Details and Recommendations, to fix security issues

Module 6: Data Validation

Securely implement data validation
Select the right data validation for a particular situation
Extend data validation libraries

Module 7: Analysis Trace and Remediating Vulnerabilities

Properly read the analysis trace
Audit vulnerabilities for:

SQL Injection
XSS
Log Forging
Cross-Site Request Forgery (CSRF)

Module 8: Custom Rules

Recognize how to use data flow cleanse rules to integrate data validation into Fortify
Create a data validation rule

Module 9: Utilize Fortify SSC (Software Security Center), Audit and Report

Effectively navigate the Fortify SSC (Software Security Center)
Review scan results upload and audit issues using SSC capabilities
Generate reports to show outstanding issues, progress on security goals and a summary of the vulnerabilities detected during a scan

Module 10: Bug Tracking Integration

Utilize Bug tracking tool through the SSC and AWB

Module 11: Utilize Audit Assistant in SSC

Recognize the value for utilizing Audit Assistant
Define the Fortify Scan Analytics tenant Prediction Policies
Configure your SSC to utilize Audit Assistant
Submit training data, issues, and review the AA results

Contact