Course description
Secure Coding in C and C++
Your application written in C and C++ works as intended, so you are done, right? But did you consider feeding in incorrect values? 16Gbs of data? A null? An apostrophe? Negative numbers, or specifically -232? Because that’s what the bad guys will do – and the list is far from complete.
Handling security needs a healthy level of paranoia, and this is what this course provides: a strong emotional engagement by lots of hands on labs and stories from real life, all to substantially improve code hygiene. Mistakes, consequences and best practices are our blood, sweat and tears.
All this is put in the context of C and C++, and extended by core programming issues, discussing security pitfalls of these languages.
So that you are prepared for the forces of the dark side.
So that nothing unexpected happens.
Nothing.
This training is available for corporate teams and can be offered virtually to suit your company's needs. Get in touch to learn more!
Do you work at this organisation and want to update this page?
Is there out-of-date information about your organisation or courses published here? Fill out this form to get in touch with us.
Upcoming start dates
Suitability - Who should attend?
Audience
C/C++ developers
Preparedness
General C/C++ development
Objective list
- Getting familiar with essential cyber security concepts
- Handling security challenges in your C and C++ code
- Identify vulnerabilities and their consequences
- Learn the security best practices in C and C++
Training Course Content
Table of contents
Day 1
> Cyber security basics
Consequences of insecure software
> Buffer overflow
Assembly basics and calling conventions
Memory management vulnerabilities
Best practices and some typical mistakes
Day 2
> Memory management hardening
Securing the toolchain
> Common software security weaknesses
Security features
Code quality
Day 3
> Common software security weaknesses
Input validation
Time and state
> Wrap up
Secure coding principles
And now what?
See full Table of Contents in the downloadable brochure.
Reviews
Average rating 4.8
No idea what could be improved. I'll definitely check my GCC command line arguments, but I got some other things I need to write on a post-it and stick to my screen.
Good approach, from big picture to the core problems and to-do's. Good explained examples. My next priority? Checking inputs.
Three things I am taking away from this outstanding class: 1. take time for reflection/summarizing, 2. check out our code for vulnerabilities, 3. discuss what to do next short t...