Securing Applications in C/C++

Size: px

Start display at page:

Download "Securing Applications in C/C++"

Esther Hunter
5 years ago
Views:

1 Securing Applications in C/C++ Application Security Training Datasheet Security Compass Application Security Training Datasheet. Securing Applications in C/C++ 1

2 It has long been discussed that identifying and resolving software vulnerabilities at an early stage is one of the best ways to reduce the costs, and risks present in any software application. Security Compass Application Security Training Datasheet. Securing Applications in C/C++ 2

3 Intermediate Level C/C++ Developers CBT Only Securing Applications in C/C++ COURSE OVERVIEW Students will gain valuable insight in to developing secure C or C++ applications. This course will prepare students to develop secure applications in C or C++. Students will learn to define and identify secure code, differentiate between secure coding methods, employ secure code in practice, and design and judge effectiveness of secure coding practice. Students completing this class will find their secure coding abilities materially sharpened. The course focuses on learning by demonstrations. Throughout the course, vulnerability categories are explained, followed by examples of real world examples in popular applications. Risk is analyzed, and defense techniques are identified for each vulnerability presented. LEARNING OBJECTIVES Express the vulnerabilities and exploits facing modern applications including common weaknesses when programming with C/C++ Learn and implement defensive coding methods in C/C++ and the tools that can help support secure coding Hands-on experience in writing secure code and adding security controls into vulnerable source code examples COURSE DETAILS Audience C/C++ application developers QA Computer Based Training (CBT) Approximately 1 hour narration. All computer based training courses are SCORM-compliant consisting of Flash, HTML, JavaScript, and audio files. Security Compass Application Security Training Datasheet. Securing Applications in C/C++ 3

4 Outline, at a glance 1. Introduction What is information security? What is software security? Terms Software security trends Security ROI Learning objectives What is a vulnerability? 2. Memory Organization Memory space layout o Environment o Argument o Stack o Function call examples o Heap o.bss/.data/.text 5. Format Strings Printf examples Conversion specifiers Format string vulnerability examples Format string causes Format string defense 6. System Calls System call examples Performance problems Reliability problems Security problems System call issue prevention techniques 3. Pointers Pointer arithmetic Bad pointer arithmetic examples o Loop o Off by one o Excessive increment Vulnerabilities prevention 4. Buffer Overflows Buffer overflow examples o Data manipulation o Escalation of privileges o Denial of service o Arbitrary code execution o Step-by-step demo Buffer overflow impact and causes Buffer overflow prevention Security Compass Application Security Training Datasheet. Securing Applications in C/C++ 4

5 What can we do for you? We understand application security. We breathe it. We strive to provide you with the best training experience for your staff. Our experience helping our clients research and manage real world security risks allows us to drive our training material with the latest threats and vulnerabilities seen in every day engagements. What does that mean? It means that your staff is ready to respond to with forward thinking concepts to securing your business most sensitive applications. Here to help. Reach out to Security Compass advisors who can help. Oliver Ng Director of Training ext. 125 Sahba Kazerooni Director of Professional Services ext. 103 Security Compass Application Security Training Datasheet. Securing Applications in C/C++ 5

TRAINING CURRICULUM 2017 Q2

TRAINING CURRICULUM 2017 Q2 Index 3 Why Security Compass? 4 Discover Role Based Training 6 SSP Suites 7 CSSLP Training 8 Course Catalogue 14 What Can We Do For You? Why Security Compass? Role-Based Training