• Online, Self-Paced

Security Misconfiguration is not limited in scope to the application code itself. Improperly secured operating systems, web server applications, and databases all contribute to the overall attack surface.
This lab presents a challenge in the Insta Friends cyber range that exploits an Integer Overflow vulnerability in its Messaging functionality, which in turn reveals a Security Misconfiguration vulnerability.

Learning Objectives

On successful completion of this course, learners should have the knowledge and skills required to:

  • Understand how probing an application’s use of numeric object IDs can reveal a variety of vulnerabilities, including Integer Overflow
  • Recognize how Security Misconfiguration can disclose sensitive information about an application’s implementation, including whether the application Uses Components with Known Vulnerabilities

Framework Connections

The materials within this course focus on the Knowledge Skills and Abilities (KSAs) identified within the Specialty Areas listed below. Click to view Specialty Area details within the interactive National Cybersecurity Workforce Framework.

Feedback

If you would like to provide feedback for this course, please e-mail the NICCS SO at NICCS@hq.dhs.gov.