Add to my Schedule
Type : Paid Buy Ticket
Winter Garden May 09, 2018 TRAINING 09:00 AM - 06:00 PM
20180509T0900 20180509T1800 America/New_York Secure Coding in C and C++ Secure Coding Training in C and C++ provides a detailed explanation of common programming errors in C and C++ and describes how these errors can lead to code that is vulnerable to exploitation. This c... Winter Garden HACK NYC 2018 events@magegroupe.com

Secure Coding Training in C and C++ provides a detailed explanation of common programming errors in C and C++ and describes how these errors can lead to code that is vulnerable to exploitation. This course concentrates on security issues intrinsic to the C and C++ programming languages and associated libraries. We teach developers to identify common security flaws including:

  • Buffer overflows
  • Integer overflow
  • Dangerous compiler optimizations
  • Race conditions
  • Memory management errors
  • Logical errors
  • Invalid assumptions

For each of these security flaws, we demonstrate specific remediation techniques as well as general secure coding practices that help prevent the introduction of vulnerabilities. This course will be useful to anyone involved in developing secure C and C++ programs regardless of the specific application.

Learning Objectives

Participants should come away from the course with a working knowledge of common programming errors that lead to software vulnerabilities, how these errors can be exploited, and effective mitigation strategies for preventing the introduction of these errors. In particular, participants will learn how to:

  • Improve the overall security of any C or C++ application
  • Thwart buffer overflows and stack-smashing attacks that exploit insecure string manipulation logic
  • Dangerous compiler optimizations and how to avoid and detect them
  • Avoid vulnerabilities and security flaws resulting from the incorrect use of dynamic memory management functions
  • Eliminate integer-related problems: integer overflows, sign errors, and truncation errors
  • Correctly use formatted output functions without introducing format-string vulnerabilities
  • Avoid I/O vulnerabilities, including race conditions

Moreover, the course encourages programmers to adopt security best practices and develop a security mindset that can help protect software from tomorrow’s attacks, not just today’s.

Prerequisites

The course assumes basic C and C++ programming skills, bu does not assume an in-depth knowledge of software security.  The ideas presented apply to various development environments, but the examples are specific to Microsoft Visual Studio and Linux/GCC and the 32-bit Intel Architecture. Material in this presentation was derived from the Addison-Wesley books Secure Coding in C and C++ and The CERT C  Coding Standard, Second Edition.  

Required Equipment

Students must bring a personal computer equipped with the following:

  • 4GB or greater of free hard disk space
  • USB port
  • Adobe Reader
  • Oracle VM VirtualBox
  • A Zip decompression utility, such as WinZip or 7-zip

Students are also encouraged to bring their own C and C++ programming language development environments (compiler, editor, etc.), such as Microsoft Visual Studio, Xcode, GCC, or Clang.

Materials Provided

Participants will also receive course and reference materials including slide PDFs. The Secure Coding in C and C++, Second Edition and The CERT® C Coding Standard, Second Edition: 98 Rules forDeveloping Safe, Reliable, and Secure Systems books authored by Robert C. Seacord and published by Addison-Wesley are recommended but not provided.

Secure Coding in C and C++
Presented by : Prof. Robert Seacord
Secure Coding Training in C and C++ provides a detailed explanation of common programming errors in C and C++ and describes how these errors can lead to code that is vulnerable to exploitation. This course concentrates on security issues intrinsic to the C and C++ programming languages and associated libraries. We teach developers to identify common security flaws including: Buffer overflows Integer overflow Dangerous compiler optimizations Race conditions Memory management errors Logical errors Invalid assumptions For each of these security flaws, we demonstrate specific remediation techniques as well as general secure coding practices that help prevent the introduction of vulnerabilities. This course will be useful to anyone involved in developing secure C and C++ programs regardless of the specific application. Learning Objectives Participants should come away from the course with a working knowledge of common programming errors that lead to software vulnerabilities, how these errors can be exploited, and effective mitigation strategies for preventing the introduction of these errors. In particular, participants will learn how to: Improve the overall security of any C or C++ application Thwart buffer overflows and stack-smashing attacks that exploit insecure string manipulation logic Dangerous compiler optimizations and how to avoid and detect them Avoid vulnerabilities and security flaws resulting from the incorrect use of dynamic memory management functions Eliminate integer-related problems: integer overflows, sign errors, and truncation errors Correctly use formatted output functions without introducing format-string vulnerabilities Avoid I/O vulnerabilities, including race conditions Moreover, the course encourages programmers to adopt security best practices and develop a security mindset that can help protect software from tomorrow’s attacks, not just today’s. Prerequisites The course assumes basic C and C++ programming skills, bu does not assume an in-depth knowledge of software security.  The ideas presented apply to various development environments, but the examples are specific to Microsoft Visual Studio and Linux/GCC and the 32-bit Intel Architecture. Material in this presentation was derived from the Addison-Wesley books Secure Coding in C and C++ and The CERT C  Coding Standard, Second Edition.   Required Equipment Students must bring a personal computer equipped with the following: 4GB or greater of free hard disk space USB port Adobe Reader Oracle VM VirtualBox A Zip decompression utility, such as WinZip or 7-zip Students are also encouraged to bring their own C and C++ programming language development environments (compiler, editor, etc.), such as Microsoft Visual Studio, Xcode, GCC, or Clang. Materials Provided Participants will also receive course and reference materials including slide PDFs. The Secure Coding in C and C++, Second Edition and The CERT® C Coding Standard, Second Edition: 98 Rules forDeveloping Safe, Reliable, and Secure Systems books authored by Robert C. Seacord and published by Addison-Wesley are recommended but not provided.

Speakers
NCC Group
Technical Director

Discussions


Discussion not started yet.