Inclusion of Sensitive Information in source code comments is a type of vulnerability that allows malicious actors who are able to view the source code to recover that sensitive information, such as credentials or information about the infrastructure, and leverage it for attacks. This lab involves mitigating the issue in vulnerable code that contains authentication credentials.
Learning Objectives
On successful completion of this course, learners should have the knowledge and skills required to:
- Find and fix the vulnerable block of code and fix it using the appropriate industry best practices without making any unnecessary changes to the code or the system
- Apply industry best practices to mitigate the use of hard-coded secrets
Framework Connections
The materials within this course focus on the NICE Framework Task, Knowledge, and Skill statements identified within the indicated NICE Framework component(s):
Specialty Areas
- Risk Management
- Software Development