Dynamic Application Security Testing (DAST) Essentials (2-7739) 24.4

 

Course Overview

In this course, you will explore how WebInspect automates DAST. You will conduct dynamic scans on sample web applications using Command Line Interface (CLI), REST APIs, and Macros, along with other WebInspect tools. Additionally, you will learn to navigate scan results to analyze detected vulnerabilities and secure your applications.

The course emphasizes simple steps to utilize WebInspect in a lab environment, highlighting the ease of dynamic scanning. You will also leverage Fortify DAST WebInspect to run, view, and respond to security incidents. By utilizing Fortify technologies, you will address customer business problems based on defined scenarios.

Highlights
  • Run basic WebInspect scans
  • Create macros, login, and workflow
  • Run basic API scans and an API Postman collection
  • Run scans through the command-line
  • Utilize WebInspect security tools
  • Create a custom WebInspect policy
Important notes for the booking of Open Text trainings

Please note that prepayment is required for participation in an Open Text training course. Participation in a training course is possible for 12 months after booking the course. Cancellations are excluded. For further information, please refer to our General Terms and Conditions.

Who should attend

This course is intended for:

  • Security Champions
  • Application Testers
  • Administrators responsible for utilizing WebInspect within their environment
  • AppSec Users taking their first steps toward leveraging the power of Fortify DAST WebInspect

Prerequisites

To be successful in this course, you should have the following prerequisites or knowledge:

  • Familiarity with WebInspect for at least one month
  • Basic programming skills
  • Ability to read HTTP(S) requests and responses
  • Basic understanding of web technologies, REST API, and command-line
  • Proficiency in navigating Windows desktop, browser, and file system

Course Objectives

On completion of this course, participants should be able to:

  • Use Fortify DAST WebInspect to run, view, and respond to security incidents leveraging Fortify technologies to solve customer business problems based on the defined scenarios.
  • Successfully complete the lessons below in an environment that acts as a production environment.

Course Content

Learning Scenario:

The course will follow your journey as a Security AppSec Tester. Your management has decided to purchase the Fortify DAST WebInspect solution to address the growing risks in application security and to empower users to effectively identify vulnerabilities in web applications.

As the security champion, you will become proficient with the Fortify DAST WebInspect technology in a lab environment that closely mirrors a production setting.

Chapter 01: DAST methodology, basic scans, scan results, macros, and reports
  • Explain how DAST crawls and audits an application
  • Learn the DAST licensing
  • Run a Smart Update
  • Learn the key concepts of DAST
  • Recognize the DAST User Interfaces (UI)
  • Discover where to find DAST help
  • Run a Guided scan
  • Create a Login macro
  • Run a scan using your Login macro
  • Generate DAST reports
Chapter 02: Additional DAST Scanning Methods and Macros
  • Create a Workflow macro while running a Workflow scan
  • Comprehend DAST Two-Factor (2F) authentication
  • Run a Manual scan
  • Run a List-Driven scan
  • Manage and schedule scans in DAST
  • Compare scan results
  • Use command-line to run scans
Chapter 03: API Scans, Postman Collections, Security Tools, and Scan Policy
  • Run REST API scans
  • Generate vulnerability report based on the scans
  • Run a SOAP Web Services scan
  • Run advanced API Postman Collection scans
  • Utilize the DAST security tools

Prices & Delivery methods

Online Training

Duration
3 days

Price
  • 2,400.— € (excl. tax)
    2,856.— € (incl. 19% tax)
Classroom Training

Duration
3 days

Price
  • Germany:
    2,400.— € (excl. tax)
    2,856.— € (incl. 19% tax)
 

Schedule

Guaranteed date:   We will carry out all guaranteed training regardless of the number of attendees, exempt from force majeure or other unexpected events, like e.g. accidents or illness of the trainer, which prevent the course from being conducted.
This computer icon in the schedule indicates that this date/time will be conducted as Instructor-Led Online Training.

English

European Time Zones

Online Training Course language: English Guaranteed date!
Online Training Course language: English
Online Training Course language: English