Fortify-SCA and SSC (FTSCA-250-200)

 

Course Overview

This course provides participants with demonstrations and hands-on activities using a practical, Fortify solutions-based approach to identify and mitigate today’s most common business security risks to applications. As a students, you will learn to scan, assess and secure applications using the Fortify Static Code Analyzer (SCA) and Software Security Center (SSC). This course includes hands-on activities to:

  • Setup applications in Fortify Software Security Center (SSC)
  • Successfully run static code application scans and analyze the scan results through multiple platforms including: Audit Workbench, Command Line, and Scan Wizard
  • Identify security vulnerabilities from Fortify scan results and Smart View option
  • Find, filter, categorize, group, and audit security vulnerabilities found in your code
  • Utilize the Fortify IDE Plugins including Visual Studio and Eclipse with Security Assistant
  • Manage applications in SSC, utilizing Audit Assistant and bug tracking

Who should attend

This course is intended for application developers or security auditors who are new to or have been using the Fortify SCA and SSC to develop secure applications. It is also useful for development managers and application security champions.

Prerequisites

To be successful in this course, you should have the following prerequisites or knowledge:

  • Basic programming skills (able to read Java, C/C++, or .NET)
  • Basic understanding of web technologies: HTTP Requests and Responses, HTML tags, JavaScript, and server-side dynamic content (JSP, ASP or similar)
  • Knowledge of Web and Application development practices
  • Experience developing and/or managing software development for security
  • Have an understanding of your organization’s compliance requirements

Course Objectives

Upon successful completion of this course, you should be able to:

  • Scan applications thoroughly and correctly using Fortify
  • Audit Fortify scan results to create a prioritized list of high-impact security findings
  • Correctly and efficiently validate security findings
  • Build a custom Data Flow Cleanse rule
  • Integrate and manage projects through the SSC to ensure good processes

Course Content

  • Module 1: Fortify Architecture and Application Security Overview
  • Module 2: Fortify SSC Setup
  • Module 3: Fortify SCA Analyzers Metrics
  • Module 4: Fortify Static Scanning
  • Module 5: Auditing Fortify Scan Results
  • Module 6: Data Validation
  • Module 7: Analysis Trace and Remediating Vulnerabilities
  • Module 8: Custom Rules
  • Module 9: Utilize Fortify SSC (Software Security Center), Audit and Report
  • Module 10: Bug Tracking Integration
  • Module 11: Utilize Audit Assistant in SSC

Prices & Delivery methods

Online Training

Duration
4 days

Price
  • 3,000.— €
Classroom Training

Duration
4 days

Price
  • Germany: 3,000.— €
 

Schedule

Instructor-led Online Training:   Course conducted online in a virtual classroom.

English

European Time Zones

Online Training Time zone: Central European Time (CET)
Online Training Time zone: Central European Summer Time (CEST)
Online Training 5 days Time zone: Central European Summer Time (CEST)
Online Training Time zone: Central European Summer Time (CEST)