Course Overview
Fortify SAST is the Fortify SCA application security testing product suite is comprised of Software Security Center (SSC), Audit Workbench (AWB), Audit Assistant, and much more; along with Fortify plugins for your IDEs and Bug Tracking as supporting technologies that you can use in conjunction with Fortify SCA and SSC to secure your applications from potentially dangerous vulnerabilities before they go into production.
This course helps the user to configure and utilize SAST (Static Application Security Testing) into your application development work, as well as in your IDEs, and the SSC platform to include Security early in your development lifecycle. The focus is around providing simple steps to configure Fortify SCA and SSC in a lab environment to showcase the ease of use when statically scanning and auditing your applications for vulnerabilities.
Who should attend
This course is designed for security champions, administrators who are responsible for deploying and administrating Fortify within their environment; as well as for the Developers and Security Auditors who are taking the first steps toward leveraging the power of Fortify SAST.
Prerequisites
This course assumes some familiarity working with Fortify SSC and SCA, basic programming skills, the ability to read Java or .Net, have a basic understanding of web technologies: CI/CD DevOps, plus, having computer, browser, and file system navigation skills
Course Objectives
On completion of this course, participants should be able to:
- Use Fortify SCA/SSC to correlate, view, and respond to security incidents leveraging Fortify technologies to solve security problems in your applications based on defined topics
- Successfully complete the lessons below in an environment that acts as a production environment.
Course Content
Module 1:
- Fortify SCA and SSC Introduction
- Software Security Center (SSC) Administration
- Scan using Fortify Audit Workbench (AWB), Command-Line, and Scan Wizard
- Utilize Fortify SCA in IDEs (e.g., Eclipse, IntelliJ, Visual Studio (VS), VS Code)
Module 2:
- Collaborative audit your scan results in AWB and SSC
- Create and analyze your scan results with Filters
- Generate reports and create an Audit Guide
- Read the Analysis Trace
- Recognize noise reduction
- Create a Custom Rule
Module 3:
- Configure and utilize Audit Assistant
- Utilize Jira for bug tracking
Appendix:
Topics to be covered on your own and in class (as time allows):
- AppSec and SAST overviews
- Fortify SCA process flow in detail
English
Important notes for the booking of Open Text trainings
Please note that prepayment is required for participation in an Open Text training course. Participation in a training course is possible for 12 months after booking the course. Cancellations are excluded. For further information, please refer to our General Terms and Conditions.