Detail kurzu
Fortify-DAST-WebInspect Dynamic Application Security Testing (DAST) with WebInspect with Exam
EDU Trainings s.r.o.
Popis kurzu
In this training you will learn how WebInspect automates DAST (Dynamic Application Security Testing).
Security professionals and compliance auditors will practice how to efficiently scan Web applications, Web services, and REST API. Then, navigate the scan results to analyze the detected vulnerabilities to secure your applications. This course includes many practical hands-on exercises for the beginner and intermediate WebInspect user. Upon successful completion of this course, you should be able to:
Define how an attacker looks at a web application for exploitation
Define HTTP protocol to search for vulnerabilities
Recognize the functional characteristics and components of WebInspect
Create comprehensive, manual, work-flow driven, REST API and Web services scans
Create Web macros, custom scan policies and reports
Analyze the scan results and investigate vulnerabilities
Utilize the WebInspect’s Application settings, Scan settings and the security toolkit
Security professionals and compliance auditors will practice how to efficiently scan Web applications, Web services, and REST API. Then, navigate the scan results to analyze the detected vulnerabilities to secure your applications. This course includes many practical hands-on exercises for the beginner and intermediate WebInspect user. Upon successful completion of this course, you should be able to:
Define how an attacker looks at a web application for exploitation
Define HTTP protocol to search for vulnerabilities
Recognize the functional characteristics and components of WebInspect
Create comprehensive, manual, work-flow driven, REST API and Web services scans
Create Web macros, custom scan policies and reports
Analyze the scan results and investigate vulnerabilities
Utilize the WebInspect’s Application settings, Scan settings and the security toolkit
Obsah kurzu
Module 1: Application Security and OWASP Top 10Recognize an attackers point of view and exploits
Define OWASP Top 10 and 7 Pernicious Kingdoms
Identify the Software Development Life Cycle (SDLC)
Module 2: WebInspect Components and Concepts
Define the components and features of WebInspect
Be familiar with DAST and its challenges
Recognize the importance of WebInspect Agent
Module 3: Scanning and Macros
Create unauthenticated and authenticated scans
Produce Login and Workflow macros
Utilize pre-scan security tools
Review Scan Performance and Errors
Module 4: Mobile Scanning
Define OWASP Top 10 for mobile
Apprehend scanning Mobile APIs
Module 5: HTTP for Security Testers
Identify operational and syntactical characteristics of HTTP
Distinguish 4 types of HTTP Data and explain each method of testing
Module 6: Scan Results
Recognize the elements of the scan results page
Navigate the scan results page
Remediate vulnerabilities
Retrieve log files
Module 7: Managing Scan Policies
Understand the Compliance and Policy Manager
Utilize the default and custom scan policies
Module 8: Reports
Recognize WebInspect’s default Reports
Creating Custom Reports
Module 9: Web Services and REST API Scanning
Create a Web Services Scan
Create a REST API Scan
Module 10: Application and Default Scan Settings
Recognize the different settings for WebInspect and WebInspect Scans
Module 11: Security Toolkit
Identify WebInspect’s standard and restricted tools
Cieľová skupina
This course is intended for those whose primary responsibilities include:Evaluating your organization’s application security posture, quality, and compliance
Application development and dynamic testing
Quality Assurance (QA) testing
Certifikát
Na dotaz.
Hodnotenie
Organizátor
Podobné kurzy
podľa názvu a lokality