About TEAM Mentor

Accessing and Reading Content

Installation

Administration

Editing Content

Eclipse for Fortify plugin

HP Fortify SCA UI Integration

Using the Jade Fail Safe Version

Quick Start Guide


Signing Up

Depending on how your administrator had set up your instance of TEAM Mentor you may need to create an account.

Security Innovation allows 7 days of free access to https://www.TEAMMentor.net - a full version of TEAM Mentor.
To create a TEAM Mentor account, click "Sign Up" in the top menu.




Fill in the information on the form, and click Sign Up.

Note that while creating your account you will be required to use a complex password that must fulfill the following requirements:

  • At least 8 characters in length
  • Have at least one decimal
  • Have at least one letter
  • Have at least one non-alphanumeric character

Here’s additional detail on what are considered alphanumeric and non-alphanumeric characters:

  • Alphanumeric characters (word characters): a-z; A-Z; 0-9; _ (underscore); space
  • Non-alphanumeric (symbols): `!@#$%^&*()+-_=[]\{}|;’:”,./<>?





Accessing TEAM Mentor

To access TEAM Mentor content, click the Login link in the top right corner.




Enter your user account credentials. After successfully authenticating, you will be able to access TEAM Mentor content.




If you have forgotten your password, click on the Forgot your password? link, fill in your email address and then a password reset email will be sent to you. The list of available articles based on your search or filtering criteria is show in the middle in the middle.




Using TEAM Mentor


User Interface

The main interface consists of the navigation menu, the search bar and the work space. The default work space contains subject matter directory on the left hand side and filters on the right hand side. You can use them interchangeably to quickly access the content you need.



Searching

The simplest way to use TEAM Mentor is by searching. Simply type your query in the search bar anywhere in the application. As you type you can choose to click on one of the search predictions, if available, or type your full query




Once the search results are shown you can further narrow down the search by using one or more filters on the right or subject areas on the left. The numbers next to the filters represent the number of articles each filter selects. You can easily remove any filter by clicking on the "X" next to it.





Icons next to the articles correspond to filters on the right. Making it easier to identify articles at a glance.



Browsing

Browsing is useful when you would like to discover the information we have. Start by ether selecting a subject of interest on the left, or a filter on the right. You may continue to select ether filters or subjects of interest until you find a list of articles that you would like to read. Then simply open the article by clicking on its title.


Go back to the list by using your browsers "Back" button. Some people also prefer to open articles in separate tabs, by right-clicking on the article title and selecting "Open in new tab"


Numbers next to each subject on the left represent the number of articles that exists for that subject. When you select a subject of interest. You drill down further into specific sub-topics in that subject. Narrowing down the list of articles. Bread crumb navigation on top, shows exactly where you are in the taxonomy.





At any time you may select a filter on the right to narrow down the displayed list of articles further.




You may also start your navigation with selecting one or more filter. Once selected, subject directory on the left updates, showing only available topics for the filter(s)


As you can see, the combination of the topics and filters creates a powerful browsing mechanism that allows you to reach the desired articles quickly and intuitively.



Example #1 – Find Information about securing connection strings

On the "Search" page, type secure connection strings and hit <enter> or click the search icon.




The search query returns a number of results. We can look through those or narrow down results using filters. Let’s look for Java specific guidance by selecting the Java filter




You can further narrow down the search results or simply open the most relevant article displayed on top by clicking on the title.





Example #2 – Discover Authentication Best Practices for .NET

Now let’s practice browsing our guidance. In this example, we will identify the authentication best practices for .NET. First lets select .NET filter on the index page and then select "Authentication" from the subject directory.






The query returns a number of relevant results.




We can further narrow down the list of articles by selecting a sub-category from the subject directory.






Further narrow this down to show just How To articles by checking How To in the Type filter list:




As you can see, with just a few clicks we filtered down massive library of knowledge to something very relevant to what we were looking for.




Example #3 – Finding Information on a Vulnerability (XSS Example)

One example of how you can use TEAM Mentor is to look for information you need regarding specific software vulnerabilities. This may be because you wish to avoid this vulnerability in your code, you have been assigned to fix a vulnerability, or are just looking for information on the topic. To do this, after you have successfully authenticated, Search for XSS (in this example) on the search page.




Select "Vulnerability" type in the Filters list..




You are presented with a small number of relative articles. You may look through the list to find the one that appeals the most.




Or you may want to filter even further by specific technology you are using. In this example we pick PHP.




Open the article and read for specific information on how to fix the vulnerability.




Sharing information on vulnerability

You may wish to share this information once you found it for collaboration on a fix, testing, or using the information to avoid that vulnerability in your code. Once you have opened a vulnerability (of any other) article you would like to share, click on the "Share" icon. Then copy the sharable link and email, IM or send it by other means to anyone you would like to share it with.





Saving information on vulnerability

If you would like to save an article for later reference, after you’ve opened the article in full view, simply use your browser’s bookmarking feature to bookmark the article. The URL of articles do not change, so when you use the bookmark you will be taken right to the article. If you are not logged in, you will have to log in to see the article



Save or Share Your Results

If you created a complex query and would like to share the resulting list of articles, or reuse the same filter later, simply bookmark or email the URL of the page you are on. The URL always reflects the state of the application, therefore it is easy to save or share what you are seeing with anyone else.

Search and filter, or browse, to the list of articles that you like.




Then use your browser to bookmark the URL, which saves the state for future re-use. When you click on the bookmark, it will open TEAM Mentor with the same search and filters and thus display the same set of articles.

You can also send the same URL to anyone that has access to TEAM Mentor. When they click on the URL, they will see the same set of articles. This makes collaboration on fixing security defects as easy as sending an IM or email between colleges.