When applications rely on untrusted input data to make security decisions without canonicalizing it, attackers could exploit these weaknesses to perform malicious actions. For instance, they could bypass checks for restricted resources, traverse file system directories, and redirect file system operations to unintended resources, which could cause significant damage to your organization.
This Defending C Applications Skill Lab provides a virtual environment that contains a vulnerable application and its complete source code. It trains developers to identify and mitigate canonicalization vulnerabilities before negatively impacting your organization.
Learning Objectives
In this lab, learners will gain practical experience testing for a Path Traversal vulnerability and implementing appropriate mitigations such as:
- Resolving path traversal characters.
- Removing extraneous duplicate characters.
- Resolving embedded environment variables.
- Anchoring to a fixed location.
Framework Connections
The materials within this course focus on the NICE Framework Task, Knowledge, and Skill statements identified within the indicated NICE Framework component(s):