Loading Course Schedule...
PT20463
Training Summary
This four-day course provides a detailed explanation of common programming errors in C and C++ and describes how these errors can lead to code that is vulnerable to exploitation. The course concentrates on security issues intrinsic to the C and C++ programming languages and associated libraries. The intent is for this course to be useful to anyone involved in developing secure C and C++ programs regardless of the specific application.
We teach developers to identify common security flaws including:
- Buffer overflows
- Integer overflow
- Dangerous compiler optimizations
- Race conditions
- Memory management errors
- Logical errors
- Invalid assumptions
Prerequisites
The course assumes basic C and C++ programming skills, but does not assume an in-depth knowledge of software security. The ideas presented apply to various development environments, but the examples are specific to Microsoft Visual Studio and Linux/GCC and the 32-bit Intel Architecture. Material in this presentation was derived from the Addison-Wesley books Secure Coding in C and C++ and The CERT C Secure Coding Standard.
Duration
4 Days/Lecture & Lab
Audience
This course will be useful to anyone involved in developing secure C and C++ programs regardless of the specific application.
Course Topics
- Improve the overall security of any C or C++ application
- Thwart buffer overflows and stack-smashing attacks that exploit insecure string manipulation logic
- Dangerous compiler optimizations and how to avoid and detect them
- Avoid vulnerabilities and security flaws resulting from the incorrect use of dynamic memory management functions
- Eliminate integer-related problems: integer overflows, sign errors, and truncation errors
- Correctly use formatted output functions without introducing format-string vulnerabilities
- Avoid I/O vulnerabilities, including race conditions
- Optional: Writing data race-free code using C11, C++11, Cilk Plua C++11,CilkPlus, and OpenMP