This course provides a detailed explanation of common programming errors in C and C++ and describes how these errors can lead to code that is vulnerable to exploitation. The course concentrates on security issues intrinsic to the C and C++ programming languages and associated libraries. The intent is for this course to be useful to anyone involved in developing secure C and C++ programs regardless of the specific application.
It is recommended that participants have a basic to intermediate understanding of the C/C++/C# programming language. Software security knowledge or experience is not required.
C and C++ Software Developers
Participants should come away from this course with a working knowledge of common programming errors that lead to software vulnerabilities, how these errors can be exploited, and effective mitigation strategies for preventing the introduction of these errors. In particular, participants will learn how to
• improve the overall security of any C or C++ application
• thwart buffer overflows and stack-smashing attacks that exploit insecure string manipulation logic
• avoid vulnerabilities and security flaws resulting from the incorrect use of dynamic memory management functions
• eliminate integer-related problems: integer overflows, sign errors, and truncation errors
• correctly use formatted output functions without introducing format-string vulnerabilities
• avoid I/O vulnerabilities, including race conditions
• Secure Coding in C and C++
• The CERT C++ Coding Standard
• C Coding Guidelines