Szkolenia Micro Focus

Cel szkolenia

kod: FT01SP-172 | wersja: 17.2

This four part series takes you through the Fortify automated security solution for protecting your Organization’s Web applications through static testing, dynamic testing, Fortify Security Assistant plugin, and Fortify Software Security Center (SSC) management console, this training includes:

  • Fortify Static Application Security Testing (SAST): Learn the value of static application security testing, as well as the differences to static versus dynamic testing methods. Learn about the OWASP Top 10 2017 security vulnerabilities and how to utilize this list to protect Web Application. Practice scanning and analyzing static code in Fortify Audit Workbench and Scan Wizard, and the IDE plugins, Microsoft Visual Studio and Eclipse.
  • Fortify Dynamic Application Security Testing (DAST): Learn the weaknesses and strengths of static versus dynamic security testing, as well as the taxonomy of security errors and defects that open vulnerabilities on your Web applications and Web Services to attacks. Practice scanning and analyzing dynamic Web Application testing with WebInspect. Then practice configuring and scanning the Web Proxy tool provided through WebInspect for debugging and penetration testing.
  • Fortify Security Assistant Plugin: Learn to configure and inspect your static application code to avoid certain vulnerabilities as you write Java. Practice downloading Security Assistant from the Fortify Marketplace, as well as installing, configuring, and exploring the Security Assistant plugin through the Eclipse platform.
  • Fortify Software Security Center (SSC) overview: Learn how to manage and remediate application artifacts and scan results through the Fortify Software Security Center. Practice creating new version scan results, integrating scan versions from Fortify SSC to Audit Workbench, as well as synchronizing your project audits to Fortify SSC using the IDE plugins, Microsoft Visual Studio and Eclipse. 

Upon successful completion of this course, you should be able to:

  • Recognize the differences between static and dynamic security testing          
  • Recognize how applications get attacks based on the OWASP Top 10                                              
  • Scan applications thoroughly and correctly 
  • Effectively remediate validated vulnerability findings to issues
  • Integrate Projects to the Fortify SSC management platform

Audience/Job Roles

Application Developers using the Fortify Solution for static and dynamic security testing.

Plan szkolenia Rozwiń listę

  1. Fortify Static Application Security Testing (SAST)        
    • Layers of Securing Data
    • Testing Application
    • Application Security Development Process
    • Static (SAST) and Dynamic (DAST) Testing
    • Static Analysis Advantage
    • Static versus Dynamic Analysis of Vulnerability Findings
    • Static Application Analysis Basics
    • Advantages of Source Code Analysis
    • OWASP Top 10 and Fortify
    • GUIs for Automated Scanning
    • Scan Using Audit Workbench (AWB)**
    • Scan with the Fortify Scan Wizard**
    • Plugins Compatible with Fortify
    • Analyze Scan Results with Microsoft Visual Studio**
    • Analyze Scan Results with Eclipse**
  2. Fortify Dynamic Application Security Testing (DAST)
    • Strengths and Weaknesses to SAST and DAST
    • Taxonomy of Software Security Errors
    • 7 Pernicious Kingdoms *Plus One Security Defect
    • Attacks on an Application
    • What the Attacker Sees
    • DAST Architecture
    • WebInspect Rules and Procedures
    • WebInspect Challenges to DAST
    • WebInspect Macros
    • Create a Login Macro Using the Macro Recorder Tool**
    • Navigate the WebInspect Start Page and Run a Scan Using the Login Macro**
    • Review the Dynamic Scan Results Page**
    • WebInspect Web Proxy Tool
    • Use the Web Proxy Tool to Create a Workflow Macro**
  3. Fortify Security Assistant Plugin         
    • Fortify Security Assistant Overview
    • Finding Security Issues as you Write Java Code
    • Scanning Projects for Issues
    • Download Security Assistant from the Fortify Marketplace**
    • Install Security Assistant Plugin with Eclipse**
    • Configure and Inspect Projects with Security Assistant**
    • Utilize and Explore Issues with Security Assistant**
  4. Fortify Software Security Center (SSC) overview        
    • Fortify SSC Architecture
    • Security Management Workflow
    • SSC Browser-Based Platform
    • Create “New Version” Scan Results in SSC**
    • Audit Workbench (AWB) Collaboration from SSC to AWB
    • Integrate Scan Versions From SSC to AWB**
    • WebInspect Scan Results in SSC
    • Plugins Compatible for SSC Collaboration
    • Synchronize Audits to SSC Using Eclipse Plugin**
    • Synchronize Audits to SSC Using Microsoft Visual Studio**
Pobierz konspekt szkolenia w formacie PDF

Dodatkowe informacje

Wymagania wstępne

To be successful in this course, you should have the following prerequisites or knowledge.

  • Basic programming skills
  • Able to read Java, C/C++ or .Net
  • Basic understanding of web technologies: HTTP Requests and Responses, HTML tags, JavaScript, and server-side dynamic content (JSP, ASP or similar)
  • Computer desktop, browser and file system navigation skills
Poziom trudności
Czas trwania 1 dzień

The participants will obtain certificates signed by Micro Focus (course completion).


Authorized Micro Focus Trainer.

Pozostałe szkolenia Micro Focus | Fortify

Szkolenia powiązane tematycznie

Bezpieczeństwo IT

Testowanie oprogramowania

Formularz kontaktowy

Prosimy o wypełnienie poniższego formularza, jeśli chcą Państwo uzyskać więcej informacji o powyższym szkoleniu.

* pola oznaczone (*) są wymagane

Informacje o przetwarzaniu danych przez Compendium – Centrum Edukacyjne Spółka z o.o.



Zamawiana ilość:


Osoba kontaktowa

imię: *
nazwisko: *
adres *:
kod pocztowy *:
miasto *:
email: *
pola oznaczone gwiazdką (*) są wymagane
Zapisz się na szkolenie

Najbliższe szkolenia Micro Focus

Harmonogram szkoleń Micro Focus