SC
Training
Defending C/C++ Applications

Defending C/C++ Applications

Related Training

Related Services

At your own pace, 1 hour narration

At your own pace, 1 hour narration

Intermediate Level

Intermediate Level

C/C++ Developers

C/C++ Developers

CBT Training Available

CBT Training Available

Course Overview

Students will gain valuable insight in to developing secure C/C++ applications.

This class will prepare students to develop secure applications in C or C++. Students will learn to define and identify secure code, differentiate between secure coding methods, employ secure code in practice, and design and judge effectiveness of secure coding practice. Students completing this class will find their secure coding abilities materially sharpened.

The course focuses on learning by demonstrations. Throughout the course, vulnerability categories are explained, followed by examples of real world examples in popular applications. Risk is analyzed, and defense techniques are identified for each vulnerability presented.

Course Outline

Introduction

  • What is information security?
  • What is software security?
  • Terms
  • Software security trends
  • Security ROI
  • Learning objectives
  • What is a vulnerability?

2. Memory Organization

  • Memory space layout
    • Environment
    • Argument
    • Stack
    • Function call examples
    • Heap
    • .bss / .data / .text

3. Pointers

  • Pointer arithmetic
  • Bad pointer arithmetic examples
    • Loop
    • Off by one
    • Excessive increment
  • Vulnerabilities prevention

4. Buffer Overflows

  • Buffer overflow examples
    • Data manipulation
    • Escalation of privileges
    • Denial of service
    • Arbitrary code execution
    • Step-by-step demo
  • Buffer overflow impact and causes
  • Buffer overflow prevention

5. Format Strings

  • Printf examples
  • Conversion specifiers
  • Format string vulnerabilities examples
  • Format string causes
  • Format string defense

6. System calls

  • System calls examples
  • Performance problems
  • Reliability problems
  • Security problems
  • System calls issue prevention techniques

Download Datasheet

Download Datasheet

Security Compass training courses are offered using a variety of delivery methods. Download the data sheet to learn more.

Public Classes

Security Compass offers this course as a public class. Contact us for a schedule of all our upcoming public training classes.

Free OWASP Top 10 CBT

We're offering our OWASP Top 10 course CBT online for free. Register now and take the course today.

Get Course