The training explains in details the mechanisms underlying typical C/C++ security relevant programming bugs – the common security vulnerabilities. The root causes of the problems are explained through a number of easy-to-understand source code examples, which at the same time make clear how to find and correct these problems in practice. The real strength of the course lays in numerous hands-one exercises, which help the participants understand how easy it is to exploit these vulnerabilities by the attackers.
The course also gives an overview of practical protection methods that can be applied at different levels (hardware components, the operating system, programming languages, the compiler, the source code or in production) to prevent the occurrence of the various bugs, to detect them during development and before market launch, or to prevent their exploitation during system operation. Through exercises specially tailored to these mitigation techniques participants can learn how simple – and moreover cheap – it is to get rid of various security problems.
Audience
§ C/C++ Developers
§ Software Architects
§ Testers
Course Objectives
Participants attending this course will:
§ Understand basic concepts of security, IT security and secure coding
§ Realize the severe consequences of unsecure buffer handling
§ Understand the architectural protection techniques and their weaknesses
§ Learn about typical coding mistakes and how to avoid them
§ Be informed about recent vulnerabilities in various platforms, frameworks and libraries
§ Get sources and further readings on secure coding practices
Prerequisites
Advanced C/C++ development
Outline
§ IT security and secure coding
§ x86 machine code, memory layout and stack operations
§ Buffer overflow
§ Common coding errors and vulnerabilities
§ Principles of security and secure coding
§ Knowledge sources