Add to my Schedule
Type : Paid Buy Ticket
1601 Broadway, New York, NY 10019 B2 May 09, 2018 TRAINING 10:00 AM - 04:00 PM

Secure Coding Training in C and C++ provides a detailed explanation of common programming errors in C and C++ and describes how these errors can lead to code that is vulnerable to exploitation. This course concentrates on security issues intrinsic to the C and C++ programming languages and associated libraries. We teach developers to identify common security flaws including:

  • Buffer overflows
  • Integer overflow
  • Dangerous compiler optimizations
  • Race conditions
  • Memory management errors
  • Logical errors
  • Invalid assumptions

For each of these security flaws, we demonstrate specific remediation techniques as well as general secure coding practices that help prevent the introduction of vulnerabilities. This course will be useful to anyone involved in developing secure C and C++ programs regardless of the specific application.

Learning Objectives

Participants should come away from the course with a working knowledge of common programming errors that lead to software vulnerabilities, how these errors can be exploited, and effective mitigation strategies for preventing the introduction of these errors. In particular, participants will learn how to:

  • Improve the overall security of any C or C++ application
  • Thwart buffer overflows and stack-smashing attacks that exploit insecure string manipulation logic
  • Dangerous compiler optimizations and how to avoid and detect them
  • Avoid vulnerabilities and security flaws resulting from the incorrect use of dynamic memory management functions
  • Eliminate integer-related problems: integer overflows, sign errors, and truncation errors
  • Correctly use formatted output functions without introducing format-string vulnerabilities
  • Avoid I/O vulnerabilities, including race conditions

Moreover, the course encourages programmers to adopt security best practices and develop a security mindset that can help protect software from tomorrow’s attacks, not just today’s.

Prerequisites

The course assumes basic C and C++ programming skills, bu does not assume an in-depth knowledge of software security.  The ideas presented apply to various development environments, but the examples are specific to Microsoft Visual Studio and Linux/GCC and the 32-bit Intel Architecture. Material in this presentation was derived from the Addison-Wesley books Secure Coding in C and C++ and The CERT C  Coding Standard, Second Edition.  

Required Equipment

Students must bring a personal computer equipped with the following:

  • 4GB or greater of free hard disk space
  • USB port
  • Adobe Reader
  • Oracle VM VirtualBox
  • A Zip decompression utility, such as WinZip or 7-zip

Students are also encouraged to bring their own C and C++ programming language development environments (compiler, editor, etc.), such as Microsoft Visual Studio, Xcode, GCC, or Clang.

Materials Provided

Participants will also receive course and reference materials including slide PDFs. The Secure Coding in C and C++, Second Edition and The CERT® C Coding Standard, Second Edition: 98 Rules forDeveloping Safe, Reliable, and Secure Systems books authored by Robert C. Seacord and published by Addison-Wesley are recommended but not provided.

Secure Coding in C and C++
Presented by : Prof. Robert Seacord
Secure Coding Training in C and C++ provides a detailed explanation of common programming errors in C and C++ and describes how these errors can lead to code that is vulnerable to exploitation. This course concentrates on security issues intrinsic to the C and C++ programming languages and associated libraries. We teach developers to identify common security flaws including: Buffer overflows Integer overflow Dangerous compiler optimizations Race conditions Memory management errors Logical errors Invalid assumptions For each of these security flaws, we demonstrate specific remediation techniques as well as general secure coding practices that help prevent the introduction of vulnerabilities. This course will be useful to anyone involved in developing secure C and C++ programs regardless of the specific application. Learning Objectives Participants should come away from the course with a working knowledge of common programming errors that lead to software vulnerabilities, how these errors can be exploited, and effective mitigation strategies for preventing the introduction of these errors. In particular, participants will learn how to: Improve the overall security of any C or C++ application Thwart buffer overflows and stack-smashing attacks that exploit insecure string manipulation logic Dangerous compiler optimizations and how to avoid and detect them Avoid vulnerabilities and security flaws resulting from the incorrect use of dynamic memory management functions Eliminate integer-related problems: integer overflows, sign errors, and truncation errors Correctly use formatted output functions without introducing format-string vulnerabilities Avoid I/O vulnerabilities, including race conditions Moreover, the course encourages programmers to adopt security best practices and develop a security mindset that can help protect software from tomorrow’s attacks, not just today’s. Prerequisites The course assumes basic C and C++ programming skills, bu does not assume an in-depth knowledge of software security.  The ideas presented apply to various development environments, but the examples are specific to Microsoft Visual Studio and Linux/GCC and the 32-bit Intel Architecture. Material in this presentation was derived from the Addison-Wesley books Secure Coding in C and C++ and The CERT C  Coding Standard, Second Edition.   Required Equipment Students must bring a personal computer equipped with the following: 4GB or greater of free hard disk space USB port Adobe Reader Oracle VM VirtualBox A Zip decompression utility, such as WinZip or 7-zip Students are also encouraged to bring their own C and C++ programming language development environments (compiler, editor, etc.), such as Microsoft Visual Studio, Xcode, GCC, or Clang. Materials Provided Participants will also receive course and reference materials including slide PDFs. The Secure Coding in C and C++, Second Edition and The CERT® C Coding Standard, Second Edition: 98 Rules forDeveloping Safe, Reliable, and Secure Systems books authored by Robert C. Seacord and published by Addison-Wesley are recommended but not provided.

Speakers
NCC Group
Technical Director
Moderators
No moderator for this session!

Discussions


Discussion not started yet.

FAQ

 Code of Conduct  Press Releases
 Get Involved   Report ISSUE / BUG
Tickets  

The Critical Infrastructure Association of America, Inc. is a 501(c)6 Not for Profit. The mission of Critical Infrastructure Association of America is to create a membership-based, trade association of like-minded cybersecurity and closely related industry professionals that work in the field of cybersecurity. The goal is to share best practices, establish and maintain high operational standards and to educate and interact with those in the cybersecurity community within public, private and governmental sectors.