Training Micro Focus

Training goals dlearning

code: FTSCAV250-180 | version: 18.0

This course provides participants with demonstrations and hands-on activities using a practical, solutions-based approach to identify and mitigate today’s most common business security risks to applications.  As a students, you will learn to scan, assess and secure applications using the Fortify Static Code Analyzer (SCA) and Software Security Center (SSC). This course includes hands-on activities to:

  • Identify security vulnerabilities within Fortify SCA
  • Exploit vulnerabilities in a sample application
  • Remediate security vulnerabilities, including the OWASP Top 10
  • Update and edit Rulepacks
  • Manage applications’ security issues with Fortify SSC

Upon successful completion of this course, you should be able to:

  • Scan applications thoroughly and correctly in Fortify
  • Assess raw scan results to create a prioritized list of high-impact security findings
  • Correctly and efficiently remediate validated security findings
  • Manage security goals to ensure good progress
  • Integrate Fortify products with current SDLC best practices

Audience/Job Roles

This course is intended for application developers who are new to or have been using the Fortify SCA and/or SSC to develop secure applications. It is also useful for development managers, security-focused QA testers, and security experts.

 

Conspect Show list

  1. Introduction to Application Security
    • Introduction to securing your applications
  2. OWASP Top 10 Vulnerabilities & Hands-On Hacking
    • Recognize the OWASP Top 10 vulnerabilities
  3. Introduction to Remediation
    • Perform a basic Threat Model and Risk Assessment
  4. Introduction to Fortify Administration
    • Installing Fortify
    • Recognize how Fortify scans
  5. Audit Workbench (AWB) Scan Results
    • Navigate Audit Workbench
  6. Fortify SCA (Static Code Analyzer)
    • Describe the Scanning Process
    • Explain the function of each Analyzer
  7. Plugins (Eclipse and Visual Studio)
    • Install and use the plugins Visual Studio and Eclipse
  8. Data Validation
    • Select the right data validation for a particular situation
    • Extend data validation libraries
  9. Analysis Trace and Remediating Vulnerabilities
    • Read the analysis trace
    • Remediate vulnerabilities
  10. Custom Rules
    • Build a rule
  11. Fortify SSC (Software Security Center)
    • Use the SSC to manage your applications
    • Run reports
Download conspect training as PDF

Additional information

Prerequisites

To be successful in this course, you should have the following prerequisites or knowledge:

  • Basic programming skills (able to read Java, C/C++, or .NET)
  • Basic understanding of web technologies: HTTP Requests and Responses, HTML tags, JavaScript, and server-side dynamic content (JSP, ASP or similar)
  • Knowledge of Web and Application development practices 
  • Experience developing and/or managing software development for security 
  • Have an understanding of your organization’s compliance requirements
Difficulty level
Duration 3 days
Certificate

The participants will obtain certificates signed by Micro Focus (course completion). 

This course prepares you also for such related Micro Focus certification exam: CSE Fortify SCA/SSC Practical Exam 

Trainer

Authorized Micro Focus Trainer.

Training thematically related

IT Security

Contact form

Please fill form below to obtain more info about this training.







* Fields marked with (*) are required !!!

Information on data processing by Compendium - Centrum Edukacyjne Spółka z o.o.

TRAINING PRICE FROM 2160 USD

  • In order to propose a date for this training, please contact the Sales Department

Upcoming Micro Focus training

Training schedule Micro Focus