This is a lab-intensive, hands-on tool-oriented AppScan / security training course, essential for experienced enterprise developers and security personnel who need to work with AppScan. This course assumes that students already have a solid understanding of web application vulnerabilities and defenses. This course digs deep into sound processes and practices for using the IBM Rational AppScan tool to test, analyze, and evaluate the security and effectiveness of defenses associated with your web applications. Throughout this course, students thoroughly examine the use of AppScan to test and analyze new or existing web applications. Students will repeatedly analyze vulnerable and defended assets associated with fully-functional web applications. This hands-on approach drives home the mechanics of how to secure web applications using AppScan in the most practical of terms. The course then goes into the advanced features and capabilities of AppScan, showing what they are and how to effectively use them. This includes applying AppScan to specific vulnerabilities and application configurations and scenarios. Many of these are accompanied by a hands-on lab that shows the issues as well as how AppScan responds to effective solutions and defenses for these vulnerabilities.
Familiarity with web applications and the web is required and real world programming experience is highly recommended. Ideally students should have approximately 6 months to a year of web development working knowledge.
3 Days/Lecture & Lab
This is an intermediate -level web application course, designed for students who wish to get up and running on developing well defended web applications.