Secure Coding Training in C and C++ provides a detailed explanation of common programming errors in C and C++ and describes how these errors can lead to code that is vulnerable to exploitation. This course concentrates on security issues intrinsic to the C and C++ programming languages and associated libraries. We teach developers to identify common security flaws including:
Buffer overflows Integer overflow Dangerous compiler optimizations Race conditions Memory management errors Logical errors Invalid assumptionsFor each of these security flaws, we demonstrate specific remediation techniques as well as general secure coding practices that help prevent the introduction of vulnerabilities. This course will be useful to anyone involved in developing secure C and C++ programs regardless of the specific application.
Learning Objectives
Participants should come away from the course with a working knowledge of common programming errors that lead to software vulnerabilities, how these errors can be exploited, and effective mitigation strategies for preventing the introduction of these errors. In particular, participants will learn how to:
Improve the overall security of any C or C++ application Thwart buffer overflows and stack-smashing attacks that exploit insecure string manipulation logic Dangerous compiler optimizations and how to avoid and detect them Avoid vulnerabilities and security flaws resulting from the incorrect use of dynamic memory management functions Eliminate integer-related problems: integer overflows, sign errors, and truncation errors Correctly use formatted output functions without introducing format-string vulnerabilities Avoid I/O vulnerabilities, including race conditionsMoreover, the course ...
1601 Broadway, New York, NY 10019 B2 HACK NYC 2018 events@magegroupe.comSecure Coding Training in C and C++ provides a detailed explanation of common programming errors in C and C++ and describes how these errors can lead to code that is vulnerable to exploitation. This course concentrates on security issues intrinsic to the C and C++ programming languages and associated libraries. We teach developers to identify common security flaws including:
For each of these security flaws, we demonstrate specific remediation techniques as well as general secure coding practices that help prevent the introduction of vulnerabilities. This course will be useful to anyone involved in developing secure C and C++ programs regardless of the specific application.
Learning Objectives
Participants should come away from the course with a working knowledge of common programming errors that lead to software vulnerabilities, how these errors can be exploited, and effective mitigation strategies for preventing the introduction of these errors. In particular, participants will learn how to:
Moreover, the course encourages programmers to adopt security best practices and develop a security mindset that can help protect software from tomorrow’s attacks, not just today’s.
Prerequisites
The course assumes basic C and C++ programming skills, bu does not assume an in-depth knowledge of software security. The ideas presented apply to various development environments, but the examples are specific to Microsoft Visual Studio and Linux/GCC and the 32-bit Intel Architecture. Material in this presentation was derived from the Addison-Wesley books Secure Coding in C and C++ and The CERT C Coding Standard, Second Edition.
Required Equipment
Students must bring a personal computer equipped with the following:
Students are also encouraged to bring their own C and C++ programming language development environments (compiler, editor, etc.), such as Microsoft Visual Studio, Xcode, GCC, or Clang.
Materials Provided
Participants will also receive course and reference materials including slide PDFs. The Secure Coding in C and C++, Second Edition and The CERT® C Coding Standard, Second Edition: 98 Rules forDeveloping Safe, Reliable, and Secure Systems books authored by Robert C. Seacord and published by Addison-Wesley are recommended but not provided.
Code of Conduct | Press Releases |
Get Involved | Report ISSUE / BUG |
Tickets |
The Critical Infrastructure Association of America, Inc. is a 501(c)6 Not for Profit. The mission of Critical Infrastructure Association of America is to create a membership-based, trade association of like-minded cybersecurity and closely related industry professionals that work in the field of cybersecurity. The goal is to share best practices, establish and maintain high operational standards and to educate and interact with those in the cybersecurity community within public, private and governmental sectors.