LAB 201 – Defending Java Applications Against Canonicalization

Course Overview

When applications make security decisions based on untrusted input data that has not been canonicalized, malicious users can use these weaknesses to perform malicious actions, such as traversing file system directories, bypassing checks for restricted resources, and redirecting file system operations to unintended resources that may result in severe damages to your organization. Secure coding mitigations include resolving path traversal characters, removing extraneous duplicate characters, resolving embedded environment variables, and anchoring to a fixed location. This Defending Java Applications Against Canonicalization Skill Lab uses an interactive simulation to assess developers’ ability to identify and mitigate canonicalization vulnerabilities before they negatively impact your organization.

After completing this lab, the learner will understand how to fix canonicalization issues in Java applications by correctly converting filesystem paths constructed based on user input to canonical forms before validation. The learner will also receive hands-on experience testing for Path Traversal vulnerabilities, which is necessary to identify the vulnerable code and the solution.