Producing secure programs requires secure designs because there have always been problems in developing safe c++ programs. However, even the best designs can lead to insecure programs if developers are unaware of the many security pitfalls inherent in C and C++ programming. This course provides a detailed explanation of common programming errors in C and C++ and describes how these errors can lead to code that is vulnerable to exploitation. The course concentrates on security issues intrinsic to the C and C++ programming languages and associated libraries. The intent is for this course to be useful to anyone involved in developing secure C and C++ programs regardless of the specific application.
The ideas presented apply to various development environments, but the examples are specific to Microsoft Visual Studio and Linux/GCC and the 32-bit Intel Architecture (IA-32). The material for this presentation was derived from the Addison-Wesley books Secure Coding in C and C++ and The CERT C Secure Coding Standard.
Robert C. Seacord is the secure coding technical manager in the CERT Division of Carnegie Mellon University’s Software Engineering Institute (SEI). Robert is also an adjunct professor in the School of Computer Science and the Information Networking Institute at Carnegie Mellon University. He is the author of eight books, including The CERT C Secure Coding Standard, Second Edition and Secure Coding in C and C++, Second Edition. He represents Carnegie Mellon University (CMU) at the ISO/IEC JTC1/SC22/WG14 international standardization working group for the C programming language.
Course date:
November, 26-27 (4 hours per day).
Course format:
Online