FTSCA250 – Fortify-SAST-Fortify SCA and SSC with exam – Inhouse - Inhouse von ExperTeach Gesellschaft für Netzwerkkompetenz mbH

This Instructor-Led (4 days) course provides hands-on activities using Fortify to identify and mitigate today's most common business security risks to applications.

You will learn to setup applications in Fortify Software Security Center (SSC). Successfully run static code application scans and analyze the scan results through multiple platforms including: Audit Workbench, Command Line, and Scan Wizard. Identify security vulnerabilities from Fortify scan results and Smart View option. Find, filter, categorize, group, and audit security vulnerabilities found in your code. Utilize the Fortify IDE Plugins in Visual Studio and Eclipse with Security Assistant. Finally, manage applications in SSC. On the last day of class (exam day), you can test your skills and become a Certified Professional for Fortify SCA. 

• Module 1: Fortify Architecture and Application Security Overview 
• Module 2: Fortify SSC Setup
• Module 3: Fortify SCA Analyzers Metrics
• Module 4: Fortify Static Scanning
• Module 5: Auditing Fortify Scan Results 
• Module 6: Data Validation 
• Module 7: Analysis Trace and Remediating Vulnerabilities
• Module 8: Custom Rules 
• Module 9: Utilize Fortify SSC (Software Security Center), Audit and Report
• Module 10: Bug Tracking Integration
• Module 11: Utilize Audit Assistant in SSC

To be successful in this course, you should have the following prerequisites or knowledge:

• Basic programming skills (able to read Java, C/C++, or .NET)
• Basic understanding of web technologies: HTTP Requests and Responses, HTML tags, JavaScript, and server-side dynamic content (JSP, ASP or similar)
• Knowledge of Web and Application development practices 
• Experience developing and/or managing software development for security
• Have an understanding of your organization’s compliance requirements

This course is intended for application developers or security auditors who are new to or have been using the Fortify SCA and SSC to develop secure applications. It is also useful for development managers and application security champions.