SDT 317 – Testing for Improper Control of Generation of Code

Course Overview

When user input can influence dynamically generated code to influence program flow or execute arbitrary code the attack is often referred to as code injection. This course introduces ways to identify and mitigate this security weakness, referenced as CWE-94 by the CWE Top 25.

Topics include:

• Recognizing the impact of this vulnerability
• Understanding various forms of this attack and their similarities
• Techniques for finding Hard-Coded credentials in source code
• Application of mitigation techniques for limiting the impact
• Leveraging various tools used to test for code injection vulnerabilities