In this course, you will learn how to identify and mitigate CWE-829: Inclusion of Functionality from Untrusted Control Sphere. Coverage includes techniques for spotting CWE-829 weaknesses through code review and testing. Secure coding best practices are included, as well as descriptions of technology and platform-specific weaknesses as appropriate.
On successful completion of this course, learners should have the knowledge and skills to:
- Identify Inclusion of Functionality from Untrusted Control Sphere vulnerabilities
- Recognize the potential impact of this vulnerability
- Apply coding best practices to avoid it
- Find Inclusion of Functionality from Untrusted Control Sphere vulnerabilities in your application’s source code
- Test your application to detect it
If you would like to provide feedback for this course, please e-mail the NICCS SO at NICCS@hq.dhs.gov.