Test 000-057: AppScan Source Edition

Section 1 - AppScan Source Edition Overview and Sales (35%)

1. Explain the critical role of application security
2. Explain the differences between static and dynamic analysis
3. Understand different deployment and workflow configurations
4. Know the main components of AppScan Source Edition
5. List features and characteristics of AppScan Source Edition
6. Understand scenarios for which AppScan Source is the ideal solution
7. Explain the different professional service offerings
8. Understand the competitive landscape and the advantages AppScan source has over major competitors
9. Know the best way to respond to client questions

Section 2 - Essential Technical Knowledge of AppScan Source Edition (40%)

1. Install AppScan Source
2. Configure AppScan Source
3. Scan your application using AppScan Source for Security
4. Use filters, validators, and custom rules to ensure actionable results
5. Understand AppScan Source terminology
6. Understand the vulnerability matrix
7. Know the purposes of different views in AppScan Source
8. Obtain Remediation information and support to fix vulnerabilities

Section 3 - Web Application Security Essentials (15%)

1. Understand the basics of Web application security
2. Understand WASC Threat Classes
3. Understand the OWASP Top 10 Web application security vulnerabilities
4. Identify common attack types
5. Understand threat modeling

Section 4 - Delivering Security-Rich Web Applications (10%)

1. Understand the Web application lifecycle
2. Ensure security at all layers (eagle's view, single transaction, session, application, etc.)
3. Secure the Web application environment
4. Secure third-party tools