Fortify Integration & User Experience Fortify Partner - - PowerPoint PPT Presentation

fortify integration user experience fortify partner
SMART_READER_LITE
LIVE PREVIEW

Fortify Integration & User Experience Fortify Partner - - PowerPoint PPT Presentation

Jan 13, 2023 204 likes •529 views

Fortify Integration & User Experience Fortify Partner Integration Integration with both Fortify on Demand and Software Security Center (v18.2). Get Training provides Fortify User with real-time interactive training in Secure

slide-1
SLIDE 1

Fortify Integration & User Experience

slide-2
SLIDE 2
  • Integration with both Fortify on

Demand and Software Security Center (v18.2).

  • “Get Training” provides Fortify

User with real-time interactive training in Secure Code Warrior.

  • Mappings implemented to direct

User to specific content.

Fortify Partner Integration

ULR connects directly to vulnerability subcategory & language / framework

User is anonymous by default

slide-3
SLIDE 3

Fortify Partner Integration - Prospects vs. Customers

ULR connects directly to vulnerability subcategory & language / framework

User is Anonymous by default

When User clicks on “Get Training” they will connect directly in their SCW account and all training and metrics are saved.

For Prospects & SCW Customers Not Logged In For SCW Customers For SCW Customers

User known is logged into SCW and session is still valid (in another tab for example) User “identified” & asked to Log In

slide-4
SLIDE 4

The URL will be pre-configured however each customer installation will need to click the ‘Enable Training’ checkbox in order to receive SCW Training.

First Enable AppSec Training in SSC for Customer

slide-5
SLIDE 5
  • Drill down into

Applications -> Releases and choose an issue to view.

  • Choose the

“Recommendations” tab

  • From the

Recommendations tab, scroll down to “Interactive Training” and click the “Launch Training” link

Accessing SCW from FoD

slide-6
SLIDE 6
  • In the Audit view of a Security issue in SSC, the “Get Training” link will
  • pen training module on the issue if it is mapped from Fortify to SCW

Accessing SCW from SSC

slide-7
SLIDE 7

FOD & SSC Users who are also SCW Users can now Login first to complete exercise and add to their SCW Training Statistics vs. be anonymous.

New Microsite Landing Page

New Login Popup if system recognizes you have an SCW Account. Cancel here

  • therwise
slide-8
SLIDE 8

Cross Site Scripting / Java

  • https://integration-api.securecodewarrior.com/partner?id=Microfocus&mappingKey=Cross-SiteScripting:

ExternalLinks:java&redirect=true

Cross Site Scripting - Reflective / Java

  • https://integration-api.securecodewarrior.com/partner?id=Microfocus&mappingKey=Cross-SiteScripting:

Reflected:java&redirect=true

Injection - SQL / Java

  • https://integration-api.securecodewarrior.com/partner?id=Microfocus&mappingKey=SQLInjection:Persis

tence:java&redirect=true

Cross Site Scripting - DOM-based / Javascript

  • https://integration-api.securecodewarrior.com/partner?id=Microfocus&mappingKey=Cross-SiteScripting:

DOM:javascript&redirect=true

Cross Site Scripting - Persistent / JavaScript

  • https://integration-api.securecodewarrior.com/partner?id=Microfocus&mappingKey=Cross-SiteScripting:

Persistent:javascript&redirect=true

Mapping and Interactive Demo

slide-9
SLIDE 9

FOD & SSC Users have immediate access to targeted on-demand training in Secure Code Warrior as a value added freemium offering.

New Microsite Landing Page

Enter Name to Personalize Your View of Leaderboard

slide-10
SLIDE 10

FOD & SSC Users have immediate access to targeted on-demand training in Secure Code Warrior as a value added freemium offering.

New Microsite Landing Page

  • Pre-set language
  • User can change
  • Leaderboard

Go to Interactive Training

  • Your Name
  • User selections will

error if no challenge is available

slide-11
SLIDE 11

If User chooses to change the pre-set Language / Framework, the selections will vary according to the Vulnerability Category selected.

Changing Languages

  • Languages / Frameworks

which align to specific vulnerabilities are context sensitive.

slide-12
SLIDE 12

Stage 1 - “Locate the Vulnerability”

  • 1st of a 2-stage

Challenge

  • Code blocks are

pre-marked for you to choose

  • Pay attention to

specific Category and Subcategory

  • And # of vulnerable

blocks to choose (or have been chosen)

Expand Screen To next file with selection To next block in file Settings Help and Support

Real-world language/framework specific code snippets to help the User learn how to Locate, Identify & Fix the Vulnerability.

slide-13
SLIDE 13

Stage 1 - “Locate the Vulnerability”

Expand Screen

Expand Screen to more easily view full code set.

slide-14
SLIDE 14

Can You Locate the Vulnerability?

To next block in file

Review & make Selection

Challenges the User to THINK...Can they can recognize the Vulnerability? Applied Learning = Learn by doing!

? ? ?

Click “Next” once selection is made

Minimize Window

?

slide-15
SLIDE 15

When First You Don’t Succeed...Retry and Learn

“Retry” or “Reveal Answer”

Immediate feedback with chance to “Retry”.

  • Incorrect selection
slide-16
SLIDE 16

Access Hints as Help to Learn More

Hints designed to build context-based knowledge about the Vulnerability to apply as the User works to complete the Challenge.

  • 3-5 min micro learning

asset from SCW Learning Library (video or presentation)

  • Creates awareness &

understanding

  • Overview & deeper dive

explanation on “How to find” this vulnerability

  • Download additional info

(PPT, Google Slides or PDF)

  • Volume control (videos)
  • Expand Screen
  • Closed captions

(English, Spanish, Chinese)

Click for more Hints Click “Hint” for Help to learn more

slide-17
SLIDE 17

More Hints to Continue to Learn

Hints designed to build context-based knowledge about the Vulnerability to apply as the User works to complete the Challenge.

  • Deeper dive explanation
  • n “How to find” this

vulnerability “Close” to return to challenge Or get another Hint

slide-18
SLIDE 18

Try Again to Locate the Vulnerability

Pushes to User’s thinking to retry and learn from trial and error.

Review & make new Selection Click “Next” once selection is made

slide-19
SLIDE 19

Success...Vulnerability Located!

Feedback reinforces learning experience whether a User may have guessed or used all the hints. Learn at every step.

“Continue” to next stage

  • Feedback on “why

the answer was right”

slide-20
SLIDE 20

Stage 2 - “Identify the Solution” to Fix the Code

  • Advance to second

stage to “Identify the Solution”

Pushing User thinking to the next level by now asking them to identify the

  • ptimal most secure fix for this vulnerability.

Click “View Solutions” to start

slide-21
SLIDE 21

Do You Know the Most Secure Optimal Fix?

  • Review 4 different

potential solutions and test or build your skill to know which is the

  • ptimal most

secure fix for the vulnerability

Settings

Continues to challenge the User to see if they know how best to fix the code …don’t be fooled by different techniques, there is only 1 right solution.

Review solutions & compare

  • Differences between selections
slide-22
SLIDE 22

Choose the View Most Familiar to You

Inline diff view

Click “Accept”

  • nce selection

is made

User settings allow Users to complete the Challenge in the view most familiar to

  • them. Building muscle memory on the journey to become a secure coder.

Compare solutions against each other

  • Differences between selections
slide-23
SLIDE 23

Immediate Response with Feedback to Learn From

Feedback reinforces learning experience whether a User may have guessed or used all the hints. Learn at every step.

  • Incorrect solution
  • Feedback on “why”

solution is not correct

  • Including incorrect

techniquest Click “Retry”

  • r Reveal

Answer

slide-24
SLIDE 24

Access Hints for Help to Learn More

Hints designed to build context-based knowledge about the Vulnerability to apply as the User works to complete the Challenge.

Close or click for more Hints

  • An incorrect solution

is removed and you learn why that was the wrong technique

  • r approach

Click “Hint” for Help to learn more

slide-25
SLIDE 25

Solution Correct & Challenge Complete!

Feedback reinforces learning experience. Breakdown of points to highlight where User needed help or was incorrect.

  • Challenge Complete
  • Correct Solution with

Feedback on why that is the optimal, most secure solution

  • Points breakdown

“Continue” to move forward

slide-26
SLIDE 26

Your Statistics for Completing the Challenge

  • Advanced on the

Leaderboard “Try another category” randomly assigned Sign up for a Free Trial

  • My metrics for

completing this challenge

  • As an Anonymous

User results are not saved

Metric view of User’s “My Statistics” highlighting User’s results. As an Anonymous User results are not saved.

slide-27
SLIDE 27

Engage & Sign Up for a Trial

Click to Sign Up now

For Tier 1 / 2 Accounts, we should get our sales teams aligned to provide a proper company trial experience

slide-28
SLIDE 28

FOD & SSC Users have immediate access to targeted on-demand training in Secure Code Warrior as a value added freemium offering.

Access Learning Library

Go to SCW Learning

slide-29
SLIDE 29

Full access to all videos and presentations, with links to additional details to help build Awareness and Understanding of the fundamentals of Application Security.

“Feed Your Brain” in the Learning Resources Library

  • Learning Resources for

User to browse

  • Security Fundamentals
  • Application Security

Weaknesses Search by Topic

slide-30
SLIDE 30

Full access to all videos and presentations, with links to additional details to help build Awareness and Understanding of the fundamentals of Application Security.

“Feed Your Brain” in the Learning Resources Library

  • Search results to take

you to the desired topic.

slide-31
SLIDE 31