LAB 203 – Defending C# Applications Against Canonicalization

Course Overview


When applications make security decisions based on untrusted input data that has not been canonicalized, malicious users can use these weaknesses to perform malicious actions, such as traversing file system directories, bypassing checks for restricted resources, and redirecting file system operations to unintended resources that may result in severe damages to your organization. Secure coding mitigations include resolving path traversal characters, removing extraneous duplicate characters, resolving embedded environment variables, and anchoring to a fixed location. This Defending C# Applications Against Canonicalization Issues Skill Lab uses an interactive simulation to train developers to identify and mitigate canonicalization vulnerabilities before they negatively impact your organization.

After completing this lab, the learner will understand how to fix canonicalization issues in C# applications by correctly converting filesystem paths constructed based on user input to canonical forms before validation. The learner will also receive hands-on experience testing for Path Traversal vulnerabilities, which is necessary to identify the vulnerable code and the solution.

Looking To Learn More?

Request more information on our courses and labs.

* required

Course Details

Course Number: LAB 203
Course Duration: 5 minutes
Course CPE Credits: .1

NICE Work Role Category

TechnologyStandardPlatformType

Available Languages

  • English