Szkolenia Micro Focus

Cel szkolenia

kod: FT3E0034 | wersja: 18

This course introduces you to the basics of application security and the role of Fortify. You will learn how to exploit attacks, as well as formulate a threat model and risk assessment for your Application Development Life-Cycle for securing your organization’s applications. 

Upon successful completion of this course, you should be able to:

  • Recognize the basic concepts of application security                                                
  • Execute a variety of attacks against a web application to test vulnerabilities                 
  • Describe the role of Threat Models and Risk Assessments in achieving application security
  • Choose how to integrate typical security activities into a default secure SDLC
  • Apply the appropriate data validation method to remediate given issues

Audience/Job Roles

This course is intended for those whose primary responsibilities include:

  • Evaluating your organization's application security posture, quality, and compliance
  • Application development and/or security testing web applications

Plan szkolenia Rozwiń listę

  1. Introduction to Application Security
    • ABC Company Attack Scenario**      
    • Application Security in Relation to Computer Security             
    • Types of Application Security                              
    • Challenges in Application Security**               
    • SQL Injection: Attack**                         
    • SQL Injection: Remediation
  2. OWASP Top 10          
    • Vulnerabilities in Web applications                  
    • Group and display OWASP issues                      
    • A1 – Injection                             
    • A2 – Broken Authentication and Session Management           
    • A3 – Cross-Site Scripting                        
    • A4 – Insecure Direct Object References                         
    • A5 – Security Misconfiguration                          
    • A6 – Sensitive Data Exposure                              
    • A7 – Missing Function Level Access Control                  
    • A8 – Cross-Site Request Forgery                        
    • A9 – Using Known Vulnerable Components                 
    • A10 – Unvalidated Redirects and Forwards                   
    • Vulnerabilities in mobile applications              
  3. Exploring application security attacks
    • OWASP Tools Hidden Fields**                            
    • Exploit Hidden Fields*            
    • HTML Field Restrictions** 
    • Bypassing HTML Field Restrictions* 
    • SQL Injection**                         
    • Exploiting SQL Injection*      
    • Cross-Site Scripting**
  4. Data Validation          
    • Deciding Where to Implement Data Validation
    • Data Validation Types
    • Data Validation Techniques**
    • Example of Indirect Selection
    • Indirect Selection**
    • Indirect Selection - Trusting Server-Side Files               
    • Whitelists**
    • Whitelists for Standard Input Types 
    • Data Validation Library - OWASP ESAPI**
    • Blacklists**
    • Examples of Evading Blacklists
  5. Remediation - Security goals
    • Security Goals
    • Challenges in Security Goals**
    • The Concept of “Secure Enough”
    • Deciding What to Fix
    • Dangers of Requiring Proof of Exploitability**
  6. Remediation - Security activities        
    • Threat Models**
    • Developing a Threat Model**
    • Identifying the potential sources of a breach**
    • Determining Remediation Strategies
    • Risk Assessment**
    • Classifying Attacks Using STRIDE
    • Evaluating Attacks Using DREAD
    • Risk Assessment – Example**
    • Scope of Risk Assessment**
    • Tips on Presenting a Vulnerability**
  7. Remediation - Security tools 
    • Fortify Product Suite Overview Fortify  Scanners
    • Fortify Server
    • Fortify Interface Options**
    • Dangers of Misuse**
    • Application Security and Scanners
    • Default Secure SDLC
    • Requirements Phase**
    • Development Phase**
    • QA-SecurityGate Phase**
    • Deployment Phase**
  8. SDLC Integration overview
    • Default Secure SDLC
    • Phased Deployment**

    * Indicates a simulation (hands-on show me/try me)

    ** Indicates a scenario (practical examples)

Pobierz konspekt szkolenia w formacie PDF

Dodatkowe informacje

Wymagania

To be successful in this course, you should have the following prerequisites or knowledge:

  • Basic programming skills (able to read Java, C/C++, or .NET)
  • Knowledge of Web and Application development practices 
  • Experience developing and/or managing software development for security 
  • Have an understanding of your organization’s compliance requirements
Poziom trudności
Czas trwania 1 dzień
Certyfikat

The participants will obtain certificates signed by Micro Focus (course completion).

Prowadzący

Authorized Micro Focus Trainer.

Pozostałe szkolenia Micro Focus | Fortify

Szkolenia powiązane tematycznie

Bezpieczeństwo IT

Testowanie oprogramowania

Formularz kontaktowy

Prosimy o wypełnienie poniższego formularza, jeśli chcą Państwo uzyskać więcej informacji o powyższym szkoleniu.






* pola oznaczone (*) są wymagane

Informacje o przetwarzaniu danych przez Compendium – Centrum Edukacyjne Spółka z o.o.

840 PLN NETTO

FORMA SZKOLENIA

Zamawiana ilość:

Zamawiający

Osoba kontaktowa

imię: *
nazwisko: *
adres *:
kod pocztowy *:
miasto *:
email: *
telefon:
pola oznaczone gwiazdką (*) są wymagane
Zapisz się na szkolenie

Najbliższe szkolenia Micro Focus

Harmonogram szkoleń Micro Focus