WebInspect

WebInspect


HPE WEBINSPECT – 1 and 2 DAY TRAINING

LOCATION: Onsite or online via live virtual training

GOAL: Using a combination of manual and automated investigative techniques, students will learn to perform comprehensive web application security assessments and identify unique web application security vulnerabilities, including source disclosure, hidden content, SQL Injection, cross-site scripting (XSS) and various forms of parameter manipulation.

OBJECTIVES: Identify and validate application vulnerabilities using HPE WebInspect and the HPE Security Toolkit.
Course length: 1 day classes remove several exercises and will cover less of the security and HTTP fundamentals. This class is designed for experienced application security testers who are already very familiar with dynamic / manual application testing

Course length: 1 day classes remove several exercises and will cover less of the security and HTTP fundamentals. This class is designed for experienced application security testers who are already very familiar with dynamic / manual application testing

AGENDA

Day 1

{}  Application Security Brief

{}  WebInspect Installation and Licensing

{}  Introduction to WebInspect

{}  Guided Scan Demo/Exercise

{}  HTTP for Application Security

{}  Security Toolkit Part 1 Demo/Exercise

{}  WebInspect Introduction

{}  Guided Scan (OOB Experience) Demo/Exercise

{}  HTTP for Security Testers / Security Toolkit

{}  HTTP Editor, Web Proxy etc. Demo/Exercise

Day 2

{}  Basic Scanning Modes Demo/Exercise

{}  Scan Settings Demo/Exercise

{}  Authenticated Scanning Demo/Exercise

{}  Scan Policies and Policy Manager Demo/Exercise

{}  Work Flow Scans Demo/Exercise

{}  Special Use Cases Demo/Exercise

{}  Vulnerability Validation and Reporting Demo/Exercise

{}  Security Toolkit Part 2 Demo/Exercise