Szkolenia Micro Focus

Cel szkolenia

kod: FT3E0035 | wersja: 18

This course introduces you to the basics of using the Fortify Static Code Analysis, Audit Workbench (AWB), Scan Wizard, Custom Rules Editor, and Software Security Center (SSC) products to help you achieve secure applications. With hands-on simulations, you will learn how to find and group issues, as well as remediate those issues. You will learn how to effectively administrate Fortify, produce a custom Data Validation rule, read the analysis trace, integrate the AWB with the SSC and manage the SSC for developers, and generate reports. 

Upon successful completion of this course, you should be able to:

  • Identify the required preconditions to scan and audit your code
  • Navigate through the AWB scan results using filters, searches, and recommendations
  • Read, assess, and fix issues using the Analysis Trace
  • Apply the appropriate data validation method to remediate given issues
  • Integrate the SSC to download and upload scanned applications to the AWB
  • Create reports from the SSC and the AWB

Audience/Job Roles

This course is intended for those whose primary responsibilities include:

  • Evaluating your organization's application security posture, quality, and compliance
  • Application development and/or security testing web applications

Plan szkolenia Rozwiń listę

  1. Administrating Fortify
    • Typical Fortify installation Auditing preconditions 
    • Scan methods
    • Scan from AWB using advanced scan*
    • Scan from the AWB Scan Wizard*
    • Scan from Command-Line*
  2. Audit Workbench (AWB)
    • Launch and review the AWB User Interface Viewing and investigating issues
    • Viewing functions 
    • AWB Audit Guide overview
    • Create an Audit Guide*
    • Using the Audit Workbench
    • Search options, modifiers, and advanced search
    • Find issues through Advanced search*
    • Auditing, suppressing and unsuppressing issues
    • Practice auditing and suppressing issues*
    • Practice finding suppressed issues*
    • Filtering, moving, and grouping issues
    • Practice hiding issues*
    • Practice moving issues*
    • Practice grouping issues*
  3. AWB Custom Data Validation Rules
    • Data Validation rules Custom Rule Wizard 
    • Import a rule into AWB
    • Create a data cleanse rule for input validation*
  4. Reading the AWB Analysis Trace
    • Analysis Trace overview Analysis Evidence panel
    • Reading the Analysis Trace
    • Analysis Trace icons
    • Fixing issues with the Analysis Trace
    • Fix an issue using the Analysis Trace*
  5. AWB Scan Results – Critical Folder
    • Issues in the Critical Folder
    • Command Injection
    • Cross-Site Scripting (XSS)
    • XSS Remediation
    • XSS Poor Validation
    • Password Management
    • Path Manipulation
    • Privacy Violation
    • SQL Injection
    • SQL Injection Remediation 
    • Review Issues in the Critical folder*
  6. AWB Scan Results – High Folder
    • Issues in the High folder
    • Access Control Database remediation and detection 
    • Command Injection  
    • Log Forging remediation
    • Weak Encryption
    • Unreleased Resource Database
    • Review Issues in the High Folder*
  7. AWB Scan Results – Medium & Low Folders
    • Medium Category Issues - Misconfiguration 
    • Low Category Issues - SQL Injection and Cross-Site Request Forgery (CSRF)
    • Review Issues in the Medium & Low folders*
  8. Integrating AWB with the Software Security Center (SSC)       
    • AWB Settings for SSC
    • Download a Scan from SSC
    • Verifying that a Scan was Successful
    • Uploading Your Analysis 
    • Download a Scan from the SSC*
    • Configure AWB and Download a Scan*
    • Download Rulepacks in AWB*
  9. SSC for Developers  
    • Scan Management 
    • SSC Legacy 4.30 UI
    • Download a Scanned File from the SSC*
    • Audit Issues and Upload to the SSC*
    • Project creation overview
    • Creating a Project in SSC
    • Create a Basic Remediation Project*
    • Rulepack Updates
    • Update Fortify Rulepacks in SSC*
  10. Creating Reports in SSC and AWB
    • SSC Reports
    • Creating a Report in SSC
    • Generate an issue Trending Report in SSC*
    • AWB Reports
    • Generate a Developer Workbook*

     * Indicates a simulation (hands-on show me/try me)

Pobierz konspekt szkolenia w formacie PDF

Dodatkowe informacje

Wymagania

To be successful in this course, you should have the following prerequisites or knowledge:

  • Basic programming skills (able to read Java, C/C++, or .NET)
  • Knowledge of Web and Application development practices 
  • Experience developing and/or managing software development for security 
  • Have an understanding of your organization’s compliance requirements
Poziom trudności
Czas trwania 1 dzień
Certyfikat

The participants will obtain certificates signed by Micro Focus (course completion).

Prowadzący

Authorized Micro Focus Trainer.

Pozostałe szkolenia Micro Focus | Fortify

Szkolenia powiązane tematycznie

Bezpieczeństwo IT

Testowanie oprogramowania

Formularz kontaktowy

Prosimy o wypełnienie poniższego formularza, jeśli chcą Państwo uzyskać więcej informacji o powyższym szkoleniu.






* pola oznaczone (*) są wymagane

Informacje o przetwarzaniu danych przez Compendium – Centrum Edukacyjne Spółka z o.o.

1680 PLN NETTO

FORMA SZKOLENIA

Zamawiana ilość:

Zamawiający

Osoba kontaktowa

imię: *
nazwisko: *
adres *:
kod pocztowy *:
miasto *:
email: *
telefon:
pola oznaczone gwiazdką (*) są wymagane
Zapisz się na szkolenie

Najbliższe szkolenia Micro Focus

Harmonogram szkoleń Micro Focus