Secure Coding in C and C++

Secure Coding in C and C++
The course concentrates on security issues intrinsic to the C and C++ programming languages and associated libraries. The intent is for this course to be useful to anyone involved in developing secure C and C++ programs regardless of the specific application.
Duration
8 hours
Course type
Online
Language
English
Article
PTRN-028_ONL
Duration
8 hours
Location
Online
Language
English
Code
PTRN-028_ONL
Szkolenie dla #uczestników# lub większej liczby osób? Dostosuj treningi dla Twoich konkretnych potrzeb
Secure Coding in C and C++
Duration
8 hours
Location
Online
Language
English
Code
PTRN-028_ONL
€ ... *
Szkolenie dla #uczestników# lub większej liczby osób? Dostosuj treningi dla Twoich konkretnych potrzeb

Description

Producing secure programs requires secure designs because there have always been problems in developing safe c++ programs. However, even the best designs can lead to insecure programs if developers are unaware of the many security pitfalls inherent in C and C++ programming. This course provides a detailed explanation of common programming errors in C and C++ and describes how these errors can lead to code that is vulnerable to exploitation. The course concentrates on security issues intrinsic to the C and C++ programming languages and associated libraries. The intent is for this course to be useful to anyone involved in developing secure C and C++ programs regardless of the specific application.

The ideas presented apply to various development environments, but the examples are specific to Microsoft Visual Studio and Linux/GCC and the 32-bit Intel Architecture (IA-32). The material for this presentation was derived from the Addison-Wesley books Secure Coding in C and C++ and The CERT C Secure Coding Standard.

Robert C. Seacord is the secure coding technical manager in the CERT Division of Carnegie Mellon University’s Software Engineering Institute (SEI). Robert is also an adjunct professor in the School of Computer Science and the Information Networking Institute at Carnegie Mellon University. He is the author of eight books, including The CERT C Secure Coding Standard, Second Edition and Secure Coding in C and C++, Second Edition. He represents Carnegie Mellon University (CMU) at the ISO/IEC JTC1/SC22/WG14 international standardization working group for the C programming language.

Course date:
November, 26-27 (4 hours per day).

Course format:
Online
certificate
Po ukończeniu kursu na formularzu Luxoft Training
wydawany jest certyfikat

Objectives

Participants should come away from this course with a working knowledge of common programming errors that lead to software vulnerabilities, how these errors can be exploited and effective mitigation strategies for preventing the introduction of these errors. In particular, participants will learn how to:
  • improve the overall security of any C or C++ application
  • thwart buffer overflows and stack-smashing attacks that exploit insecure string manipulation logic
  • c++ vulnerability
  • eliminate integer-related problems: integer overflows, sign errors and truncation errors
Moreover, this course encourages programmers to adopt security best practices and develop a security mindset that can help protect software from tomorrow's attacks, not just today's.

Target Audience

Software architects and software developers.

Prerequisites

Participants should have basic C and C++ programming skills but they do not need to have an in-depth knowledge of software security.

Roadmap

Strings (Nov 26)
  • Common errors using null-terminated byte strings
  • Common errors using basic_string
  • String Vulnerabilities
  • Mitigation Strategies

Integers (Nov 27)
  • Integer Data Types
  • Integer Conversions
  • Integer Operations
  • Integer Vulnerabilities
  • Mitigation Strategies
Nadal masz pytania?
Połącz sięz nami