Video Description

This lesson begins with the following definition: Risky Resource management category identifies weaknesses related to improper handling of system resources by software; such as handling which includes creation, usage transfer or destruction. Participants also receive an explanation of CWE-22 Path Traversal; which is a manipulation of the URL to execute or reveal and access the contents of files, directories or information. In addition, CWE-494 download of code without integrity check. The instructor also discusses possible attacks in this category: • Malware payload delivery • Path Manipulation • Information disclosure/leakage • Denial of Service (e.g., exhaustion of resource). Finally, the instructor presented a case study about a breach in the Department of Homeland Security (DHS) in which hackers got access to the contents of a WordPress configuration on their server. WordPress is open to vulnerabilities because of all the add ins and hackers were able to do a path transversal.

Course Modules

Secure Coding