This is a lab-intensive, hands-on AppScan / web security training course, essential for experienced enterprise developers, testers, and stakeholders who need to deploy secure web applications. In addition to teaching the basics about web security and vulnerabilities, this course digs deep into sound processes and practices that apply to the entire software development lifecycle. The IBM Rational AppScan tool is then used to show how it can be used to facilitate the secure web applications. Throughout this course, students thoroughly examine best practices for defensively coding web applications, including the use of AppScan to test and analyze new or existing web applications. Students will repeatedly attack and test vulnerable and defended assets associated with fully-functional web applications. This hands-on approach drives home the mechanics of how to secure web applications using AppScan in the most practical of terms. The course then explores the advanced features and capabilities of AppScan, showing what they are and how to effectively use them. This includes applying AppScan to specific vulnerabilities and application configurations and scenarios. Many of these are accompanied by a hands-on lab that shows the issues as well as how AppScan responds to effective solutions and defenses for these vulnerabilities.
Familiarity with web applications and the web is required and real world programming experience is highly recommended. Ideally students should have approximately 6 months to a year of web development working knowledge.
3 Days/Lecture & Lab
This is an intermediate -level web application course, designed for students who wish to get up and running on developing and deploying well-defended web applications. This course may be customized to suit your team's unique objectives.