Detailed Course Outline
Module 1: Application Security and OWASP Top 10
- Recognize an attackers point of view and exploits
- Define OWASP Top 10 and 7 Pernicious Kingdoms
- Identify the Software Development Life Cycle (SDLC)
Module 2: WebInspect Components and Concepts
- Define the components and features of WebInspect
- Be familiar with DAST and its challenges
- Recognize the importance of WebInspect Agent
Module 3: Scanning and Macros
- Create unauthenticated and authenticated scans
- Produce Login and Workflow macros
- Utilize pre-scan security tools
- Review Scan Performance and Errors
Module 4: Mobile Scanning
- Define OWASP Top 10 for mobile
- Apprehend scanning Mobile APIs
Module 5: HTTP for Security Testers
- Identify operational and syntactical characteristics of HTTP
- Distinguish 4 types of HTTP Data and explain each method of testing
Module 6: Scan Results
- Recognize the elements of the scan results page
- Navigate the scan results page
- Remediate vulnerabilities
- Retrieve log files
Module 7: Managing Scan Policies
- Understand the Compliance and Policy Manager
- Utilize the default and custom scan policies
Module 8: Reports
- Recognize WebInspect’s default Reports
- Creating Custom Reports
Module 9: Web Services and REST API Scanning
- Create a Web Services Scan
- Create a REST API Scan
Module 10: Application and Default Scan Settings
- Recognize the different settings for WebInspect and WebInspect Scans
Module 11: Security Toolkit
- Identify WebInspect’s standard and restricted tools