SDT 317 - Testing for Improper Control of Generation of Code
When user input can influence dynamically generated code to influence program flow or execute arbitrary code the attack is often referred to as code injection. This course introduces ways to identify and mitigate this security weakness, referenced as CWE-94 by the 2020 CWE Top 25.
- Recognizing the impact of this vulnerability
- Understanding various forms of this attack and their similarities
- Techniques for finding Hard-Coded credentials in source code
- Application of mitigation techniques for limiting the impact
- Leveraging various tools used to test for code injection vulnerabilities