Security Innovation’s quarterly update to the CMD+CTRL training catalog is aimed at providing our customers with the most up-to-date training, focused on current technology and threat trends to help prevent vulnerabilities and protect data across multiple development languages and platforms. This latest release is focused on providing education and training for technology and management teams using both traditional and modern application development methods.
Whether your organization is looking to create professional-grade applications with advanced functionality using low-code/no-code, apply secure coding best practices for high-level programming languages such as TypeScript, Java, Python, and C#, or address common mistakes for low-level languages like C, C++, and Node.js, our training has got you covered.
This content release includes:
- 5 New Courses focused on vulnerabilities within TypeScript, Low-Code/No-Code, and C/C+ applications
- 16 IDE Code Correct Skill Labs to find and correct Open Redirect, Weak Password Reset, Unrestricted Upload of File with Dangerous Type, Server-side Request Forgery (SSRF), Hard-coded Credentials, Code Injection, Cross-Site Request Forgery (CSRF), and Path Traversal vulnerabilities
- 3 MITRE ATT&CK® Skill Labs leveraging post exploitation techniques
Want more details? Below you’ll find more information on the specific content released on May 15, 2024. For a full list of this quarter’s new content, download the infographic.
Courses
This release of CMD+CTRL courses will provide learners with a comprehensive understanding of the latest challenges faced by organizations that use TypeScript, Low-code/No-Code, and C/C++ to implement secure coding best practices, safeguard data, and reduce risk.
Skill Labs
CMD+CTRL Labs help to transform new concepts into tangible skills through hands-on, realistic examples of real-world threat scenarios. Skill Labs provide learners with an active training experience, complementing Courses and Learn Labs and reenforcing the skills they’ve learned.
Each lab will be accessible only via CMD+CTRL Base Camp. All labs are hosted via a secure Virtual Machine to give learners the tools to respond to and fix software security issues in a safe, simulated environment. These new secure coding labs require the use of an IDE to both find and correct insecure code based on the following vulnerabilities:
Open Redirect
Cyber attackers can take advantage of open redirect vulnerabilities to trick users into visiting a harmful website. This can happen when a user clicks on a link that looks legitimate, but the application redirects the user's browser to a URL based on unvalidated GET request parameters. It is important for applications to properly validate incoming data to prevent this type of attack.
Open Redirect Skill Labs teach learners to defend applications against open redirect vulnerabilities by receiving hands-on experience testing for these vulnerabilities and implementing a suitable mitigation.
Weak Password Reset
Attackers can directly manipulate the password reset or recovery feature by guessing the answer to the security question or by using social engineering techniques to trick the user into revealing their answers. Once attackers have access to the user account, they can steal sensitive information, modify data, or even use the account for illegal activities.
Learners will take a hands-on approach to practice implementing more secure password reset functionality using multi-factor or out-of-band authentication to reduce risk of weak password reset vulnerabilities and protect user accounts from being compromised.
TypeScript
In an era where secure coding practices are paramount, understanding the nuances of TypeScript becomes crucial. Secure coding in TypeScript entails identifying potential vulnerabilities and implementing preventive measures to mitigate risks such as XSS, SQL injection, and CSRF attacks. TypeScript's features, like Static Typing, Code Analysis, and improved Readability, play a pivotal role in securing applications against such vulnerabilities.
TypeScript Skill Labs teach learners to defend applications against vulnerabilities within the CWE Top 25 and receive hands-on experience implementing effective mitigations for vulnerabilities like Code Injection, Path Traversal, Server-side Request Forgery (SSRF), and others.
Path Traversal
Attackers can exploit applications that rely on untrusted input data to make security decisions without canonicalizing it. For instance, they could bypass checks for restricted resources, traverse file system directories, and redirect file system operations to unintended resources, which could cause significant damage to your organization.
These Skill Labs teach learners to defend applications against Path Traversal vulnerabilities and receive hands-on experience implementing effective mitigations.
MITRE ATT&CK® Skill Labs
We also introduced three NEW tool-based MITRE ATT&CK® labs designed to provide learners with a collection of tools to detect and exploit known vulnerabilities. Expanding our library of tool-integrated skill labs focused on Infrastructure and Web Application Vulnerability Scanning, Exploitation and Post-Exploitation Frameworks, and Web Attack Proxies.
Looking for more? Check out our entire course catalog or contact us to learn more.
