Click to collapse section Community Description ▼ Click to expand section Community Description ▶ Community Description
Web application security issues continue to be a top priority.
The only real solution is to build security into Web applications from
the start. Secure coding practices and developer security tools help to
preempt these issues through early discovery. IBM® Rational® AppScan®
Source Edition integrates Web application security testing into
development, and Web-based education tools help non-security experts
find, understand, and fix security issues. This workshop show you how
to use the IBM Rational AppScan family in various stages of the
development lifecycle to achieve these goals.
During this workshop you go through a complete cycle of finding, remediating, and retesting several security issues in a sample application. You'll hear about additional capabilities and more advanced features of the solutions. The workshop includes a brief introduction to Web application security and secure coding practices in general.
In this half-day workshop, learn about:
- Web application security risk
- Commonly used Web attacks
- The importance of identifying and mitigating web application risks and vulnerabilities early in the SDLC
- Black box vs white box scanning
- Load Eclipse or RAD with Altoro
- Demonstrate code changes that can introduce new vulnerabilities
- Scan the code and find the vulnerabilities
- Understand the risk and exposure associated with the disclosed vulnerabilities
- Change the code to remediate the vulnerabilities
- Rescan to verify risk mitigation