Overview

This course teaching a comprehensive DAST automated vulnerability scanning solution. In this training, security professionals and compliance auditors will learn how to quickly and easily scan and analyze the numerous Web applications and services throughout their organization with WebInspect. This course includes practical hands-on exercises for beginners and intermediate users.

Prerequisites

To be successful in this course, you should have the following prerequisites or knowledge.

  • An understanding of basic Web communication protocols.
  • Familiarity with some of the most common Web application vulnerabilities (i.e. OWASP Top 10)

Audience / Job Roles

This course is intended for those whose primary responsibilities include:

  • Evaluating your organization's application security posture, quality, and compliance
  • Application development and dynamic testing
  • Quality Assurance (QA) testing

Delegates will learn how to

  • Define how an attacker looks at a web application for exploitation
  • Install WebInspect licensing
  • Define HTTP protocol to search for vulnerabilities
  • Use WebInspect as a dynamic analysis security testing (DAST) tool
  • Recognize the functional characteristics and componentsof WebInspect
  • Create comprehensive, manual, mobile, and work-flow drivenscans for a target application
  • Create Web macros and reports
  • Use the Security Toolkit

Outline

Module 1: Application Security

  • Attackers Point of View
  • OWASP Top 10 and 7 Pernicious Kingdoms
  • Exploit Examples

Module 2: WebInspect Introduction

  • Theory of Operation
  • WebInspect Architectural Concepts
  • Installation & Licensing

Module 3: Scanning and Scan Results

  • Basic Scan Setting Control
  • Default Scanning
  • Understanding of Macro Features

Module 4: Mobile Scanning

  • Supported Devices
  • Methods of Scanning

Module 5: HTTP for Security Testers

  • HTTP Basics
  • Application Testing Challenges

Module 6: Managing Scan Policies

  • Compliance and Policy Manager
  • Default Scan Policies
  • Custom Scan Policies

Module 7: Reports

  • Default Reports
  • Creating Custom Reports
  • Exporting Reports & Scans

Module 8: Web Services Scanning

  • Web Services Scanning

Module 9: Application and Scan Settings

  • Concepts and Terminology
  • One time Scans
  • Scheduling Scans

Module 10: Security Toolkit

  • Standard Tools
  • Restricted Tools
  • Third Party Tool Integration