1601 Broadway, New York, NY 10019 B2 TRAINING
May 09, 2018 10:00 AM - 04:00 PM(America/New_York)
20180509T1000 20180509T1600 America/New_York Secure Coding in C and C++

Secure Coding Training in C and C++ provides a detailed explanation of common programming errors in C and C++ and describes how these errors can lead to code that is vulnerable to exploitation. This course concentrates on security issues intrinsic to the C and C++ programming languages and associated libraries. We teach developers to identify common security flaws including:

Buffer overflows Integer overflow Dangerous compiler optimizations Race conditions Memory management errors Logical errors Invalid assumptions

For each of these security flaws, we demonstrate specific remediation techniques as well as general secure coding practices that help prevent the introduction of vulnerabilities. This course will be useful to anyone involved in developing secure C and C++ programs regardless of the specific application.

Learning Objectives

Participants should come away from the course with a working knowledge of common programming errors that lead to software vulnerabilities, how these errors can be exploited, and effective mitigation strategies for preventing the introduction of these errors. In particular, participants will learn how to:

Improve the overall security of any C or C++ application Thwart buffer overflows and stack-smashing attacks that exploit insecure string manipulation logic Dangerous compiler optimizations and how to avoid and detect them Avoid vulnerabilities and security flaws resulting from the incorrect use of dynamic memory management functions Eliminate integer-related problems: integer overflows, sign errors, and truncation errors Correctly use formatted output functions without introducing format-string vulnerabilities Avoid I/O vulnerabilities, including race conditions

Moreover, the course ...

1601 Broadway, New York, NY 10019 B2 HACK NYC 2018 events@magegroupe.com
1 attendees saved this session

Secure Coding Training in C and C++ provides a detailed explanation of common programming errors in C and C++ and describes how these errors can lead to code that is vulnerable to exploitation. This course concentrates on security issues intrinsic to the C and C++ programming languages and associated libraries. We teach developers to identify common security flaws including:

  • Buffer overflows
  • Integer overflow
  • Dangerous compiler optimizations
  • Race conditions
  • Memory management errors
  • Logical errors
  • Invalid assumptions

For each of these security flaws, we demonstrate specific remediation techniques as well as general secure coding practices that help prevent the introduction of vulnerabilities. This course will be useful to anyone involved in developing secure C and C++ programs regardless of the specific application.

Learning Objectives

Participants should come away from the course with a working knowledge of common programming errors that lead to software vulnerabilities, how these errors can be exploited, and effective mitigation strategies for preventing the introduction of these errors. In particular, participants will learn how to:

  • Improve the overall security of any C or C++ application
  • Thwart buffer overflows and stack-smashing attacks that exploit insecure string manipulation logic
  • Dangerous compiler optimizations and how to avoid and detect them
  • Avoid vulnerabilities and security flaws resulting from the incorrect use of dynamic memory management functions
  • Eliminate integer-related problems: integer overflows, sign errors, and truncation errors
  • Correctly use formatted output functions without introducing format-string vulnerabilities
  • Avoid I/O vulnerabilities, including race conditions

Moreover, the course encourages programmers to adopt security best practices and develop a security mindset that can help protect software from tomorrow’s attacks, not just today’s.

Prerequisites

The course assumes basic C and C++ programming skills, bu does not assume an in-depth knowledge of software security.  The ideas presented apply to various development environments, but the examples are specific to Microsoft Visual Studio and Linux/GCC and the 32-bit Intel Architecture. Material in this presentation was derived from the Addison-Wesley books Secure Coding in C and C++ and The CERT C  Coding Standard, Second Edition.  

Required Equipment

Students must bring a personal computer equipped with the following:

  • 4GB or greater of free hard disk space
  • USB port
  • Adobe Reader
  • Oracle VM VirtualBox
  • A Zip decompression utility, such as WinZip or 7-zip

Students are also encouraged to bring their own C and C++ programming language development environments (compiler, editor, etc.), such as Microsoft Visual Studio, Xcode, GCC, or Clang.

Materials Provided

Participants will also receive course and reference materials including slide PDFs. The Secure Coding in C and C++, Second Edition and The CERT® C Coding Standard, Second Edition: 98 Rules forDeveloping Safe, Reliable, and Secure Systems books authored by Robert C. Seacord and published by Addison-Wesley are recommended but not provided.

Technical Director
,
NCC Group
No moderator for this session!
Attendees public profile is disabled.
Upcoming Sessions
282 visits

FAQ

 Code of Conduct  Press Releases
 Get Involved   Report ISSUE / BUG
Tickets  

The Critical Infrastructure Association of America, Inc. is a 501(c)6 Not for Profit. The mission of Critical Infrastructure Association of America is to create a membership-based, trade association of like-minded cybersecurity and closely related industry professionals that work in the field of cybersecurity. The goal is to share best practices, establish and maintain high operational standards and to educate and interact with those in the cybersecurity community within public, private and governmental sectors.