Fortify-SAST-22.1-Fortify SCA and SSC

Kód kurzu: FTSCA250

This course provides participants with demonstrations and hands-on activities using a practical, Fortify solutions-based approach to identify and mitigate today’s most common business security risks to applications. As a students, you will learn to scan, assess and secure applications using the Fortify Static Code Analyzer (SCA) and Software Security Center (SSC).

This course includes hands-on activities to:

  • Setup applications in Fortify Software Security Center (SSC)
  • Successfully run static code application scans and analyze the scan results through multiple platforms including: Audit Workbench, Command Line, and Scan Wizard
  • Identify security vulnerabilities from Fortify scan results and Smart View option
  • Find, filter, categorize, group, and audit security vulnerabilities found in your code
  • Utilize the Fortify IDE Plugins including Visual Studio and Eclipse with Security Assistant
  • Manage applications in SSC, utilizing Audit Assistant and bug tracking
2 895 EUR

3 474 EUR s DPH

Najbližší termín od 20.01.2025

Výber termínov

Odborní
certifikovaní lektori

Mezinárodne
uznávané certifikácie

Široká ponuka technických
a soft skills kurzov

Skvelý zákaznicky
servis

Prispôsobenie kurzov
presne na mieru

Termíny kurzov

Počiatočný dátum: 20.01.2025

Forma: Virtuálna

Dĺžka kurzu: 4 dni

Jazyk: en

Cena bez DPH: 2 895 EUR

Registrovať

Počiatočný dátum: 07.04.2025

Forma: Virtuálna

Dĺžka kurzu: 4 dni

Jazyk: en

Cena bez DPH: 2 895 EUR

Registrovať

Počiatočný dátum: 15.09.2025

Forma: Virtuálna

Dĺžka kurzu: 4 dni

Jazyk: en

Cena bez DPH: 2 895 EUR

Registrovať

Počiatočný dátum: Na vyžiadanie

Forma: Prezenčná/Virtuálna

Dĺžka kurzu: 4 dni

Jazyk: en/cz

Cena bez DPH: 2 895 EUR

Registrovať

Počiatočný
dátum
Miesto
konania
Forma Dĺžka
kurzu
Jazyk Cena bez DPH
20.01.2025 Virtuálna 4 dni en 2 895 EUR Registrovať
07.04.2025 Virtuálna 4 dni en 2 895 EUR Registrovať
15.09.2025 Virtuálna 4 dni en 2 895 EUR Registrovať
Na vyžiadanie Prezenčná/Virtuálna 4 dni en/cz 2 895 EUR Registrovať
G Garantovaný kurz

Nenašli ste vhodný termín?

Napíšte nám o vypísanie alternatívneho termínu na mieru.

Kontakt

Popis kurzu

Upon successful completion of this course, you should be able to:

  • Scan applications thoroughly and correctly using Fortify
  • Audit Fortify scan results to create a prioritized list of high-impact security findings
  • Correctly and efficiently validate security findings
  • Build a custom Data Flow Cleanse rule
  • Integrate and manage projects through the SSC to ensure good processes

Cieľová skupina

This course is intended for application developers or security auditors who are new to or have been
using the Fortify SCA and SSC to develop secure applications. It is also useful for development managers and application security champions.

Štruktúra kurzu

Module 1: Fortify Architecture and Application Security Overview

  • Identify the Fortify architectural structure and workflow
  • Recognize the importance of application security in your Software Development Life Cycle (SDLC)

Module 2: Fortify SSC Setup

  • Recognize the Application version and Administration options
  • Create an application version and update SSC Rulepacks
  • Integrate Audit Workbench scan results with SSC application versions

Module 3: Fortify SCA Analyzers Metrics

  • Describe the automated scanning process
  • Explain the function of each Analyzer
  • Recognize how the findings are placed within each risk folder

Module 4: Fortify Static Scanning

  • Define the features and usage of Fortify’s scanning options
  • Recognize the different IDE plugins that integrate with Fortify SCA Analysis
  • Successfully run Fortify scans in several ways, using:
    o Audit Workbench
    o Scan Wizard
    o Command Line
    o Eclipse
    o Visual Studio

Module 5: Auditing Fortify Scan Results

  • Verify your scan results in Audit Workbench
  • Identify the findings in the Critical folder
  • Utilize Smart View for a visual representation of the dataflow issues in your code
  • Recognize findings categories in the Critical folder
  • Apply the appropriate validation method to remediate a given vulnerability
  • Filter, Audit, and suppress issues to reduce noise
  • Find information, i.e. Details and Recommendations, to fix security issues

Module 6: Data Validation

  • Securely implement data validation
  • Select the right data validation for a particular situation
  • Extend data validation libraries

Module 7: Analysis Trace and Remediating Vulnerabilities

  • Properly read the analysis trace
  • Audit vulnerabilities for:
    o SQL Injection
    o XSS
    o Log Forging
    o Cross-Site Request Forgery (CSRF)

Module 8: Custom Rules

  • Recognize how to use data flow cleanse rules to integrate data validation into Fortify
  • Create a data validation rule

Module 9: Utilize Fortify SSC (Software Security Center), Audit and Report

  • Effectively navigate the Fortify SSC (Software Security Center)
  • Review scan results upload and audit issues using SSC capabilities
  • Generate reports to show outstanding issues, progress on security goals and a summary of the vulnerabilities detected during a scan

Module 10: Bug Tracking Integration

  • Utilize Bug tracking tool through the SSC and AWB

Module 11: Utilize Audit Assistant in SSC

  • Recognize the value for utilizing Audit Assistant
  • Define the Fortify Scan Analytics tenant Prediction Policies
  • Configure your SSC to utilize Audit Assistant
  • Submit training data, issues, and review the AA results

Predpokladané znalosti

To be successful in this course, you should have the following prerequisites or knowledge:

  • Basic programming skills (able to read Java, C/C++, or .NET)
  • Basic understanding of web technologies: HTTP Requests and Responses, HTML tags, JavaScript, and server-side dynamic content (JSP, ASP or similar)
  • Knowledge of Web and Application development practices
  • Experience developing and/or managing software development for security
  • Have an understanding of your organization’s compliance requirements

Potrebujete poradiť alebo upraviť kurz na mieru?

pruduktová podpora