Saltworks Security was created to empower businesses to design, build and operate secure software applications. Our secure software development lifecycle (SDLC) tools and best practices consulting directly supports popular, rapid application development frameworks.

This straightforward, real-world approach helps our clients save time and money by setting clear expectations, benchmarks, and milestones for all stakeholders—from developers to security staff to senior management.

  • Facebook - Black Circle
  • LinkedIn - Black Circle
  • Twitter - Black Circle

Email: sales@saltworks.io

Call: 678.426.5160

Metro-Atlanta office:

114 TownPark Drive

Kennesaw, GA 30144

New office in Murfreesboro, TN coming in early 2020

Implement

Everything You Need to Hit the Ground Running

Our team of experts are program acceleration specialists. We will tool your DevOps pipeline to support your customized security plan. Today’s market demands won’t let software development wait for security to catch up. We have the expertise and experience to take your program from planning to reality quickly, efficiently and predictably.

We’ll implement customized solutions to seamlessly incorporate security activities across your software development lifecycle, leveraging automation wherever possible. Our thoughtful approach to implementing secure design and coding practices that meet the demands of a continuous development environment will improve security outcomes and minimize release disruption. For example, we have created customized build server and defect tracking integrations for past customers.

Integrated Secure Design & Coding Practices

Testing & Validation

Security testing is used to identify security weaknesses in applications both before and after production. Testing is also helpful for validating security practices are being followed and evaluating their effectiveness. From static analysis to penetration testing, Saltworks manages the full scope of solution and tool evaluation, procurement and deployment. Additionally, we are a Platinum Micro Focus Partner and have more than 17 years of experience helping companies with WebInspect implementations.

Training & Socialization

Saltworks will work closely with your team to put in place training and education initiatives that deliver the right mix of knowledge and skills to successfully administer and complete security activities across the development lifecycle. Further, our consultants will work closely with developers to make sure that planned application security initiatives and practices support rather than impede their objectives and workflows.

Learn more about our in-house training programs

MICRO FOCUS FORTIFY – ALL COURSE TRAINING

Spend a week with us and learn how to develop and maintain a secure SDLC using Micro Focus’s powerful suite of security tools: Micro Focus WebInspect, Micro Focus Fortify, and Micro Focus Fortify On Demand.

Saltworks Security offers a multi-course discount when all three courses are purchased together.

MICRO FOCUS WEBINSPECT

LOCATION: Onsite or online via live virtual training

 

GOAL: Using a combination of manual and automated investigative techniques, students will learn to perform comprehensive web application security assessments and identify unique web application security vulnerabilities, including source disclosure, hidden content, SQL Injection, cross-site scripting (XSS) and various forms of parameter manipulation.

 

OBJECTIVES: Identify and validate application vulnerabilities using Micro Focus WebInspect and the Micro Focus Security Toolkit.

Course length: 1 day classes remove several exercises and will cover less of the security and HTTP fundamentals. This class is designed for experienced application security testers who are already very familiar with dynamic / manual application testing

AGENDA

Day 1

{}  Application Security Brief

{}  WebInspect Installation and Licensing

{}  Introduction to WebInspect

{}  Guided Scan Demo/Exercise

{}  HTTP for Application Security

{}  Security Toolkit Part 1 Demo/Exercise

{}  WebInspect Introduction

{}  Guided Scan (OOB Experience) Demo/Exercise

{}  HTTP for Security Testers / Security Toolkit

{}  HTTP Editor, Web Proxy etc. Demo/Exercise

Day 2

{}  Basic Scanning Modes Demo/Exercise

{}  Scan Settings Demo/Exercise

{}  Authenticated Scanning Demo/Exercise

{}  Scan Policies and Policy Manager Demo/Exercise

{}  Work Flow Scans Demo/Exercise

{}  Special Use Cases Demo/Exercise

{}  Vulnerability Validation and Reporting Demo/Exercise

{}  Security Toolkit Part 2 Demo/Exercise

MICRO FOCUS FORTIFY (ONPREMISE)

LOCATION:
Onsite or online via live virtual training

OBJECTIVES
This course will cover the key topics needed to successfully integrate Micro Focus Fortify into a Secure SDLC program.

ADMINISTRATION
Administration of Micro Focus Fortify including:

{}  Technology overview – understanding the components of a fully implemented Micro Focus Fortify solution.

{}  Installation and configuration of the Software Security Center (SSC)

{}  Integration of the SSC into corporate LDAP (AD) authentication systems.

{}  Attribute definitions

{}  Creating and managing projects

{}  Creating and managing users

TEMPLATES AND FILTERS
A critical aspect of successfully implementing Micro Focus Fortify is to properly configure templates and  filters so that they do not display vulnerabilities that are not applicable to a particular project.  This class will devote a considerable amount of time to addressing how to create effective filters.

SCANNING
{}  Scanning applications from a command line using Source Code Analysis (SCA)

{}  Integrating SCA into a build environment such as Ant and TFS

MICRO FOCUS FORTIFY (ONDEMAND)

LOCATION
Onsite or online via live virtual training

OBJECTIVES
This course will cover the key topics needed to successfully integrate Micro Focus Fortify On Demand into a Secure SDLC program, including static, dynamic, and mobile applications.

ADMINISTRATION
{}  Managing users

{}  Configuring projects

{}  Uploading projects for static assessment

{}  Initiating dynamic scans

{}  Initiating mobile scans

{}  Implementing Build integration

USER TRAINING
{}  Understanding scan results

{}  Reporting false positives and ensuring they are not re-reported

{}  Integrating FOD into development environments such as Eclipse & Visual Studio