LAB 220 - Defending Against Hard-Coded Secrets

Course Details

Course Number: LAB 220

Course Duration: 5 minutes

Course CPE Credits:

NICE Specialty Areas

Risk Management (RSK)
Securely Provision (SP)
Software Development (DEV)

Related Subject Matter

CWE
OWASP ASVS
OWASP Web
Skill Labs
Web

Foreign Languages Available:

English

Course Overview

Inclusion of Sensitive Information in source code comments is a type of vulnerability that allows malicious actors who are able to view the source code to recover that sensitive information, such as credentials or information about the infrastructure, and leverage it for attacks. This lab involves mitigating the issue in vulnerable code that contains authentication credentials.

In this lab, the learner will use an IDE to fix a Hard-coded Secret vulnerability in the code of a static web page without making any unnecessary changes to the code or the system.

Ready to Demo this course? Questions? Contact Us!