Did you know Cybrary has FREE video training? Join more than 2,500,000 IT and cyber security professionals, students, career changers, and more, growing their careers on Cybrary.
This lesson begins with the following definition: Risky Resource management category identifies weaknesses related to improper handling of system resources by software; such as handling which includes creation, usage transfer or destruction. Participants also receive an explanation of CWE-22 Path Traversal; which is a manipulation of the URL to execute or reveal and access the contents of files, directories or information. In addition, CWE-494 download of code without integrity check. The instructor also discusses possible attacks in this category: • Malware payload delivery • Path Manipulation • Information disclosure/leakage • Denial of Service (e.g., exhaustion of resource). Finally, the instructor presented a case study about a breach in the Department of Homeland Security (DHS) in which hackers got access to the contents of a WordPress configuration on their server. WordPress is open to vulnerabilities because of all the add ins and hackers were able to do a path transversal.