- Day 1
On Day 1, participants will be given a refresher on application security from both a product agnostic and an AppSpider Pro focused perspective. We’ll also run practical labs focused on installation basics, as well as run- ning authenticated and unauthenticated scans.
• Lecture – Introduction to the AppSpider Pro Architecture and Installation
• Lecture – AppSec 101
• Lecture – AppSec with AppSpider Pro
• Activity – Unauthenticated Crawl Scan
• Lecture – Web App 101
• Lecture – Scan Configuration Basics
• Activity – Unauthenticated Attack Scan
• Lecture – Authenticated Scanning
• Activity – Form Authentication Crawl Scan
• Activity – Macro Recording
• Activity – Full Attack Scan with Authentication
- Day 2
The second day will continue to focus on operationalizing AppSpider Pro and will cover administering the tool. Ensuring how to leverage the data that is gathered and how to validate the authenticity of it will be key focus areas, along with exploring advanced scanning techniques. Labs will involve running API scans, vulnerability validation, and an administrative overview of AppSpider Pro.
• Lecture – Reporting Best Practices
• Lecture – Vulnerability Validation Methodologies
• Activity – Vulnerability Validation
• Lecture – Administrative Overview
• Lecture – Troubleshooting Best Practices
• Lecture – Scanning an API
• Activity – Manual API Assessment
• Activity – Running an API Scan
• Activity – Leveraging the Swagger Utility
• Activity – Running an Advanced API Scan
• Lecture – Utilizing Additional Tools