Course Overview
This course provides participants with demonstrations and hands-on activities using a practical, Fortify solutions-based approach to identify and mitigate today’s most common business security risks to applications. As a students, you will learn to scan, assess and secure applications using the Fortify Static Code Analyzer (SCA) and Software Security Center (SSC). This course includes hands-on activities to:
- Setup applications in Fortify Software Security Center (SSC)
- Successfully run static code application scans and analyze the scan results through multiple platforms including: Audit Workbench, Command Line, and Scan Wizard
- Identify security vulnerabilities from Fortify scan results and Smart View option
- Find, filter, categorize, group, and audit security vulnerabilities found in your code
- Utilize the Fortify IDE Plugins including Visual Studio and Eclipse with Security Assistant
- Manage applications in SSC, utilizing Audit Assistant and bug tracking
Who should attend
This course is intended for application developers or security auditors who are new to or have been using the Fortify SCA and SSC to develop secure applications. It is also useful for development managers and application security champions.
Prerequisites
To be successful in this course, you should have the following prerequisites or knowledge:
- Basic programming skills (able to read Java, C/C++, or .NET)
- Basic understanding of web technologies: HTTP Requests and Responses, HTML tags, JavaScript, and server-side dynamic content (JSP, ASP or similar)
- Knowledge of Web and Application development practices
- Experience developing and/or managing software development for security
- Have an understanding of your organization’s compliance requirements
Course Objectives
Upon successful completion of this course, you should be able to:
- Scan applications thoroughly and correctly using Fortify
- Audit Fortify scan results to create a prioritized list of high-impact security findings
- Correctly and efficiently validate security findings
- Build a custom Data Flow Cleanse rule
- Integrate and manage projects through the SSC to ensure good processes
Course Content
- Module 1: Fortify Architecture and Application Security Overview
- Module 2: Fortify SSC Setup
- Module 3: Fortify SCA Analyzers Metrics
- Module 4: Fortify Static Scanning
- Module 5: Auditing Fortify Scan Results
- Module 6: Data Validation
- Module 7: Analysis Trace and Remediating Vulnerabilities
- Module 8: Custom Rules
- Module 9: Utilize Fortify SSC (Software Security Center), Audit and Report
- Module 10: Bug Tracking Integration
- Module 11: Utilize Audit Assistant in SSC