Interested in automating your app security scanning and retrieving comprehensive reports for easy analysis? Say hello to AppSpider Pro with this two-day interactive course, packed with tips and tricks to help you successfully run app security tests using AppSpider Pro. Whether you’re just getting started with application security or are migrating from a different AppSec solution, our experts will help you master the essentials, including installation requirements and scan configuration, and introduce you to best practices and common troubleshooting techniques to put your team on the fast track to more secure applications.
For flexible and accessible learning, this course is offered both virtually and on-site at your facility. The virtual class is hosted remotely on a Rapid7 lab and features simulated exercises against multiple scenario-driven target environments. Customers who participate in on-site trainings will apply their learned skills in hands-on scenarios in their own environment.
All participants will have access to the AppSpider Pro Certified Specialist Exam as part of their training program; go from being the student to the master and leverage the knowledge gained from class to become certified.
Prerequisites
Ideally, attendees should have the following:
Experience with Windows® Operating System
Basic knowledge of network protocols
Basic knowledge of vulnerability management systems
Course objectives
What You'll Learn
Introduction to AppSpider
Architecture
Prerequisites and install options
Enterprise environment compatibility
Installation process
AppSec with AppSpider
AppSec basics
Using AppSpider for AppSec
Web scanning basics
Operation of AppSpider
Scan configuration
Authenticated scanning
Reporting
Vulnerability validation
Scanning APIs
Leveraging additional tools
Administration
User access
Environment configuration
Troubleshooting
Day 1
On Day 1, you will be given a refresher on application security from both a product-agnostic and AppSpider Pro-focused perspective. We’ll also run practical labs focused on installation basics, as well as running authenticated and unauthenticated scans.
AppSpider Pro Architecture and Installation
AppSec 101
AppSec with AppSpider Pro
Unauthenticated Crawl Scan
Web App 101
Scan Configuration Basics
Unauthenticated Attack Scan
Authenticated Scanning
Form Authentication Crawl Scan
Macro Recording
Full Attack Scan with Authentication
Day 2
Day 2 will focus on ensuring how to leverage the data that is gathered and how to validate its authenticity, along with exploring advanced scanning techniques. Labs will involve running API scans, vulnerability validation, and an administrative overview of AppSpider Pro.
Reporting Best Practices
Vulnerability Validation Methodologies
Vulnerability Validation
Administrative Overview
Troubleshooting Best Practices
Scanning an API
Manual API Assessment
Running an API Scan
Leveraging the Swagger Utility
Running an Advanced API Scan
Utilizing Additional Tools