• Fortify SCA (Static Code Analyzer) course + CSE

  • Course Description

    This course provides participants with demonstrations and hands-on activities using a practical,

    solutions-based approach to identify and mitigate today’s most common business security risks to

    applications. As a students, you will learn to scan, assess and secure applications using the Fortify Static

    Code Analyzer (SCA) and Software Security Center (SSC). This course includes hands-on activities to:

    Identify security vulnerabilities within Fortify SCA

    Exploit vulnerabilities in a sample application

    Remediate security vulnerabilities, including the OWASP Top 10

    Update and edit Rulepacks

    Manage applications’ security issues with Fortify SSC

    Audience/Job Roles

    This course is intended for application developers who are new to or have been using the Fortify SCA

    and/or SSC to develop secure applications. It is also useful for development managers, security-focused

    QA testers, and security experts.

    Course Objectives

    Upon successful completion of this course, you should be able to:

    Scan applications thoroughly and correctly in Fortify

    Assess raw scan results to create a prioritized list of high-impact security findings

    Correctly and efficiently remediate validated security findings

    Manage security goals to ensure good progress

  • Integrate Fortify products with current SDLC best practices

    Prerequisites/Recommended Skills

    To be successful in this course, you should have the following prerequisites or knowledge:

    Basic programming skills (able to read Java, C/C++, or .NET)

    Basic understanding of web technologies: HTTP Requests and Responses, HTML tags, JavaScript,

    and server-side dynamic content (JSP, ASP or similar)

    Knowledge of Web and Application development practices

    Experience developing and/or managing software development for security

    Have an understanding of your organization’s compliance requirements

    Certification Path

    CSE Fortify SCA/SSC Practical Exam ID: HP0-M214P

    Course Topics

    Modules Objectives

    Module 1: Introduction to Application Security Introduction to securing your applications

    Module 2: OWASP Top 10 Vulnerabilities &

    Hands-On Hacking

    Recognize the OWASP Top 10 vulnerabilities

    Module 3: Introduction to Remediation Perform a basic Threat Model and Risk

    Assessment

    Module 4: Introduction to Fortify

    Administration

    Installing Fortify

    Recognize how Fortify scans

    Module 5: Audit Workbench (AWB) Scan Results Navigate Audit Workbench

    Certified Software

    Expert (CSE)

    +