Course Description
This course is designed to give a basic proficiency in the use of AppScan Standard to scan web sites for vulnerabilities.
Audience
Beginning AppScan users
Prerequisites
Before taking this course, make sure that you have the following skills:
- Familiarity with web application targeted attacks
- Familiarity with web site technologies
- Familiarity with basic internet protocols
Objective
When you finish this course, you should be able to perform the following tasks:
- Explain the capabilities of Security AppScan Standard
- Describe the potential risks of conducting an automated security scan
- Configure and run a security scan
- Compare manual and automatic exploration
- Describe the process of analyzing scan results and using issue management
- Review scan results, filter false positives, prioritize issues, and communicate them to your stakeholders
- Optimize your scan configuration and use advanced techniques to scan your web applications
- Explain scan logs and messages, export a scan log, and troubleshoot scans
- Create reports that are based on discovered security issues
- Extend the functions by using the Security AppScan Standard Software Development Kit (SDK) and eXtensions Framework (AXF)
- Troubleshoot Security AppScan Standard
Course Outline
- AppScan Standard Overview
- Installation and setup
- Preparing for your scan
- Configuring your first scan
- Reviewing the results
- Reporting
- Logging in and managing sessions
- Optimizing your scan
- Glass box scanning
- Content-based scanning
- Content-based scanning
- Reviewing scan coverage
- Scanning web services
- Extending AppScan Standard
- Troubleshooting AppScan
