LAB 201 – Defending Java Applications Against Canonicalization


Course Overview

When applications make security decisions based on untrusted input data that has not been canonicalized, malicious users can use these weaknesses to perform malicious actions, such as traversing file system directories, bypassing checks for restricted resources, and redirecting file system operations to unintended resources that may result in severe damages to your organization. Secure coding mitigations include resolving path traversal characters, removing extraneous duplicate characters, resolving embedded environment variables, and anchoring to a fixed location. This Defending Java Applications Against Canonicalization Skill Lab uses an interactive simulation to assess developers’ ability to identify and mitigate canonicalization vulnerabilities before they negatively impact your organization.

After completing this lab, the learner will understand how to fix canonicalization issues in Java applications by correctly converting filesystem paths constructed based on user input to canonical forms before validation. The learner will also receive hands-on experience testing for Path Traversal vulnerabilities, which is necessary to identify the vulnerable code and the solution.

Looking To Learn More?

Request more information on our courses and labs.

Course Details

Course Number: LAB 201

Course Duration: 5 minutes

Course CPE Credits: .1

Platform

Standard

Technology

Type

Foreign Languages Available:

  • English