Dynamic Application Security Testing (DAST) with WebInspect (WI250) – Details

Detaillierter Kursinhalt

Module 1: Application Security and OWASP Top 10
  • Recognize an attackers point of view and exploits
  • Define OWASP Top 10 and 7 Pernicious Kingdoms
  • Identify the Software Development Life Cycle (SDLC)
Module 2: WebInspect Components and Concepts
  • Define the components and features of WebInspect
  • Be familiar with DAST and its challenges
  • Recognize the importance of WebInspect Agent
Module 3: Scanning and Macros
  • Create unauthenticated and authenticated scans
  • Produce Login and Workflow macros
  • Utilize pre-scan security tools
  • Review Scan Performance and Errors
Module 4: Mobile Scanning
  • Define OWASP Top 10 for mobile
  • Apprehend scanning Mobile APIs
Module 5: HTTP for Security Testers
  • Identify operational and syntactical characteristics of HTTP
  • Distinguish 4 types of HTTP Data and explain each method of testing
Module 6: Scan Results
  • Recognize the elements of the scan results page
  • Navigate the scan results page
  • Remediate vulnerabilities
  • Retrieve log files
Module 7: Managing Scan Policies
  • Understand the Compliance and Policy Manager
  • Utilize the default and custom scan policies
Module 8: Reports
  • Recognize WebInspect’s default Reports
  • Creating Custom Reports
Module 9: Web Services and REST API Scanning
  • Create a Web Services Scan
  • Create a REST API Scan
Module 10: Application and Default Scan Settings
  • Recognize the different settings for WebInspect and WebInspect Scans
Module 11: Security Toolkit
  • Identify WebInspect’s standard and restricted tools