Free OWASP Top 10 CBT

Language agnostic. Complete at your own pace.
Real exploit concepts around web application threats, vulnerabilities & strategies to mitigate them.

At your own pace, 1 hour narration

At your own pace, 1 hour narration

Intermediate Level

Intermediate Level

C/C++ Developers

C/C++ Developers

CBT Training Available

CBT Training Available

Course Overview

Students will gain valuable insight in to developing secure C/C++ applications.

This class will prepare students to develop secure applications in C or C++. Students will learn to define and identify secure code, differentiate between secure coding methods, employ secure code in practice, and design and judge effectiveness of secure coding practice. Students completing this class will find their secure coding abilities materially sharpened.

The course focuses on learning by demonstrations. Throughout the course, vulnerability categories are explained, followed by examples of real world examples in popular applications. Risk is analyzed, and defense techniques are identified for each vulnerability presented.

Course Outline

Introduction

  • What is information security?
  • What is software security?
  • Terms
  • Software security trends
  • Security ROI
  • Learning objectives
  • What is a vulnerability?

2. Memory Organization

  • Memory space layout
    • Environment
    • Argument
    • Stack
    • Function call examples
    • Heap
    • .bss / .data / .text

3. Pointers

  • Pointer arithmetic
  • Bad pointer arithmetic examples
    • Loop
    • Off by one
    • Excessive increment
  • Vulnerabilities prevention

4. Buffer Overflows

  • Buffer overflow examples
    • Data manipulation
    • Escalation of privileges
    • Denial of service
    • Arbitrary code execution
    • Step-by-step demo
  • Buffer overflow impact and causes
  • Buffer overflow prevention

5. Format Strings

  • Printf examples
  • Conversion specifiers
  • Format string vulnerabilities examples
  • Format string causes
  • Format string defense

6. System calls

  • System calls examples
  • Performance problems
  • Reliability problems
  • Security problems
  • System calls issue prevention techniques

Download Datasheet

Download Datasheet

Security Compass training courses are offered using a variety of delivery methods. Download the data sheet to learn more.

Public Classes

Security Compass offers this course as a public class. Contact us for a schedule of all our upcoming public training classes.