Improper Privilege Management occurs when software does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor. This course introduces ways to identify and mitigate this security weakness, referenced as CWE-269 by the 2020 CWE Top 25.
On successful completion of this course, learners should have the knowledge and skills to:
- Manage the setting, management, and handling of privileges
- Explicitly manage trust zones in the software
- Follow the principle of least privilege when assigning access rights to entities in a software system
- Ensure requirement that multiple conditions be met before permitting access to a system resource