Fortify-SAST-22.1-Fortify SCA and SSC

Course code: FTSCA250

This course provides participants with demonstrations and hands-on activities using a practical, Fortify solutions-based approach to identify and mitigate today’s most common business security risks to applications. As a students, you will learn to scan, assess and secure applications using the Fortify Static Code Analyzer (SCA) and Software Security Center (SSC).

This course includes hands-on activities to:

  • Setup applications in Fortify Software Security Center (SSC)
  • Successfully run static code application scans and analyze the scan results through multiple platforms including: Audit Workbench, Command Line, and Scan Wizard
  • Identify security vulnerabilities from Fortify scan results and Smart View option
  • Find, filter, categorize, group, and audit security vulnerabilities found in your code
  • Utilize the Fortify IDE Plugins including Visual Studio and Eclipse with Security Assistant
  • Manage applications in SSC, utilizing Audit Assistant and bug tracking
2 895 EUR

3 503 EUR including VAT

The earliest date from 20.01.2025

Selection of dates
onas
Do you have a question?
+420 731 175 867 edu@edutrainings.cz

Professional
and certified lecturers

Internationally
recognized certifications

Wide range of technical
and soft skills courses

Great customer
service

Making courses
exactly to measure your needs

Course dates

Starting date: 20.01.2025

Type: Virtual

Course duration: 4 days

Language: en

Price without VAT: 2 895 EUR

Register

Starting date: 07.04.2025

Type: Virtual

Course duration: 4 days

Language: en

Price without VAT: 2 895 EUR

Register

Starting date: 15.09.2025

Type: Virtual

Course duration: 4 days

Language: en

Price without VAT: 2 895 EUR

Register

Starting date: Upon request

Type: In-person/Virtual

Course duration: 4 days

Language: en/cz

Price without VAT: 2 895 EUR

Register

Starting
date
Place
Type Course
duration
Language Price without VAT
20.01.2025 Virtual 4 days en 2 895 EUR Register
07.04.2025 Virtual 4 days en 2 895 EUR Register
15.09.2025 Virtual 4 days en 2 895 EUR Register
Upon request In-person/Virtual 4 days en/cz 2 895 EUR Register
G Guaranteed course

Didn't find a suitable date?

Write to us about listing an alternative tailor-made date.

Contact

Course description

Upon successful completion of this course, you should be able to:

  • Scan applications thoroughly and correctly using Fortify
  • Audit Fortify scan results to create a prioritized list of high-impact security findings
  • Correctly and efficiently validate security findings
  • Build a custom Data Flow Cleanse rule
  • Integrate and manage projects through the SSC to ensure good processes

Target group

This course is intended for application developers or security auditors who are new to or have been
using the Fortify SCA and SSC to develop secure applications. It is also useful for development managers and application security champions.

Course structure

Module 1: Fortify Architecture and Application Security Overview

  • Identify the Fortify architectural structure and workflow
  • Recognize the importance of application security in your Software Development Life Cycle (SDLC)

Module 2: Fortify SSC Setup

  • Recognize the Application version and Administration options
  • Create an application version and update SSC Rulepacks
  • Integrate Audit Workbench scan results with SSC application versions

Module 3: Fortify SCA Analyzers Metrics

  • Describe the automated scanning process
  • Explain the function of each Analyzer
  • Recognize how the findings are placed within each risk folder

Module 4: Fortify Static Scanning

  • Define the features and usage of Fortify’s scanning options
  • Recognize the different IDE plugins that integrate with Fortify SCA Analysis
  • Successfully run Fortify scans in several ways, using:
    o Audit Workbench
    o Scan Wizard
    o Command Line
    o Eclipse
    o Visual Studio

Module 5: Auditing Fortify Scan Results

  • Verify your scan results in Audit Workbench
  • Identify the findings in the Critical folder
  • Utilize Smart View for a visual representation of the dataflow issues in your code
  • Recognize findings categories in the Critical folder
  • Apply the appropriate validation method to remediate a given vulnerability
  • Filter, Audit, and suppress issues to reduce noise
  • Find information, i.e. Details and Recommendations, to fix security issues

Module 6: Data Validation

  • Securely implement data validation
  • Select the right data validation for a particular situation
  • Extend data validation libraries

Module 7: Analysis Trace and Remediating Vulnerabilities

  • Properly read the analysis trace
  • Audit vulnerabilities for:
    o SQL Injection
    o XSS
    o Log Forging
    o Cross-Site Request Forgery (CSRF)

Module 8: Custom Rules

  • Recognize how to use data flow cleanse rules to integrate data validation into Fortify
  • Create a data validation rule

Module 9: Utilize Fortify SSC (Software Security Center), Audit and Report

  • Effectively navigate the Fortify SSC (Software Security Center)
  • Review scan results upload and audit issues using SSC capabilities
  • Generate reports to show outstanding issues, progress on security goals and a summary of the vulnerabilities detected during a scan

Module 10: Bug Tracking Integration

  • Utilize Bug tracking tool through the SSC and AWB

Module 11: Utilize Audit Assistant in SSC

  • Recognize the value for utilizing Audit Assistant
  • Define the Fortify Scan Analytics tenant Prediction Policies
  • Configure your SSC to utilize Audit Assistant
  • Submit training data, issues, and review the AA results

Prerequisites

To be successful in this course, you should have the following prerequisites or knowledge:

  • Basic programming skills (able to read Java, C/C++, or .NET)
  • Basic understanding of web technologies: HTTP Requests and Responses, HTML tags, JavaScript, and server-side dynamic content (JSP, ASP or similar)
  • Knowledge of Web and Application development practices
  • Experience developing and/or managing software development for security
  • Have an understanding of your organization’s compliance requirements

Do you need advice or a tailor-made course?

onas

product support

ComGate payment gateway MasterCard Logo Visa logo