• Online, Self-Paced

Inclusion of Sensitive Information in source code comments is a type of vulnerability that allows malicious actors who are able to view the source code to recover that sensitive information, such as credentials or information about the infrastructure, and leverage it for attacks. This lab involves mitigating the issue in vulnerable code that contains authentication credentials.

Learning Objectives

On successful completion of this course, learners should have the knowledge and skills required to:

  • Find and fix the vulnerable block of code and fix it using the appropriate industry best practices without making any unnecessary changes to the code or the system
  • Apply industry best practices to mitigate the use of hard-coded secrets

Framework Connections

The materials within this course focus on the Knowledge Skills and Abilities (KSAs) identified within the Specialty Areas listed below. Click to view Specialty Area details within the interactive National Cybersecurity Workforce Framework.

Feedback

If you would like to provide feedback for this course, please e-mail the NICCS SO at NICCS@hq.dhs.gov.