Embedded/Connected Device Secure Coding. 4-Day Course Syllabus

Similar documents
C and C++ Secure Coding 4-day course. Syllabus

.NET Secure Coding for Client-Server Applications 4-Day hands on Course. Course Syllabus

Course 834 EC-Council Certified Secure Programmer Java (ECSP)

Implementing Cisco Network Security (IINS) 3.0

"Charting the Course to Your Success!" Securing.Net Web Applications Lifecycle Course Summary

Connecting Securely to the Cloud

Students should have an understanding and a working knowledge in the following topics, or attend these courses as a pre-requisite:

CSWAE Certified Secure Web Application Engineer

CISSP CEH PKI SECURITY + CEHv9: Certified Ethical Hacker. Upcoming Dates. Course Description. Course Outline

COURSE OUTCOMES OF M.Sc(IT)

CIS 21 Final Study Guide. Final covers ch. 1-20, except for 17. Need to know:

C Programming. Course Outline. C Programming. Code: MBD101. Duration: 10 Hours. Prerequisites:

Mobile Malfeasance. Exploring Dangerous Mobile Code. Jason Haddix, Director of Penetration Testing

Textbook Charles Petzold, Programming Windows, 5th edition, Microsoft Press. References - other textbooks or materials none

Students should have an understanding and a working knowledge in the following topics, or attend these courses as a pre-requisite:

Ethical Hacker Foundation and Security Analysts Course Semester 2

AURA ACADEMY Training With Expertised Faculty Call Us On For Free Demo

Stack Overflow. Faculty Workshop on Cyber Security May 23, 2012

The Android security jungle: pitfalls, threats and survival tips. Scott

Buffer Overflow Defenses

20486-Developing ASP.NET MVC 4 Web Applications

Secure Coding in C and C++

Securing IoT devices with STM32 & STSAFE Products family. Fabrice Gendreau Secure MCUs Marketing & Application Managers EMEA Region

Engineering Your Software For Attack

Certified Ethical Hacker (CEH)

Hacker Academy Ltd COURSES CATALOGUE. Hacker Academy Ltd. LONDON UK

Trustzone Security IP for IoT

Information Security: Principles and Practice Second Edition. Mark Stamp

Computer Security Course. Midterm Review

Application. Security. on line training. Academy. by Appsec Labs

T Hands-on 2. User-mode debuggers OllyDbg

Certified Secure Web Application Engineer

Buffer overflow background

ETHICAL HACKING & COMPUTER FORENSIC SECURITY

Here to take you beyond. ECEP Course syllabus. Emertxe Information Technologies ECEP course syllabus

A Developer's Guide to Security on Cortex-M based MCUs

Ethical Hacking and Prevention

Securing Applications in C/C++

COMPUTER NETWORK SECURITY

MBFuzzer - MITM Fuzzing for Mobile Applications

Smart Grid Embedded Cyber Security: Ensuring Security While Promoting Interoperability

Managed. Code Rootkits. Hooking. into Runtime. Environments. Erez Metula ELSEVIER. Syngress is an imprint of Elsevier SYNGRESS

Security of Embedded Hardware Systems Insight into Attacks and Protection of IoT Devices

TRAINING CURRICULUM 2017 Q2

PostScript: Danger Ahead?!

Why bother? Default configurations Buffer overflows Authentication mechanisms Reverse engineering Questions?

Verification & Validation of Open Source

Why bother? Default configurations Buffer overflows Authentication mechanisms Reverse engineering Questions?

Active Systems Management

Foreword by Katie Moussouris... Acknowledgments... xvii. Introduction...xix. Chapter 1: The Basics of Networking... 1

Black Hat Webcast Series. C/C++ AppSec in 2014

Implementing Secure Software Systems on ARMv8-M Microcontrollers

Outline. What is TCP protocol? How the TCP Protocol Works SYN Flooding Attack TCP Reset Attack TCP Session Hijacking Attack

SINGLE COURSE. NH9000 Certified Ethical Hacker 104 Total Hours. COURSE TITLE: Certified Ethical Hacker

The Attacker s POV Hacking Mobile Apps. in Your Enterprise to Reveal Real Vulns and Protect the Business. Tony Ramirez

Renesas Synergy MCUs Build a Foundation for Groundbreaking Integrated Embedded Platform Development

Advanced Diploma on Information Security

NUC505 ICP Programming Tool User Guide

CASP CompTIA Advanced Security Practitioner Study Guide: (Exam CAS-001)

CSE Traditional Operating Systems deal with typical system software designed to be:

Hunting Security Bugs

CS System Security 2nd-Half Semester Review

2779 : Implementing a Microsoft SQL Server 2005 Database

Tennessee. Business Technology Course Code Web Design Essentials. HTML Essentials, Second Edition 2010

Evaluating the Security Risks of Static vs. Dynamic Websites


Course 831 Certified Ethical Hacker v9

EC-Council Certified Network Defender (CND) Duration: 5 Days Method: Instructor-Led

Training Program Catalog SECURITY INNOVATION

Computer Systems A Programmer s Perspective 1 (Beta Draft)

BLACK HAT USA 2013 ADD A CLASS REQUEST FORM INSTRUCTIONS

Honours/Master/PhD Thesis Projects Supervised by Dr. Yulei Sui

Web Application & Web Server Vulnerabilities Assessment Pankaj Sharma

Evilsploit A Universal Hardware Hacking Toolkit. By, Chui Yew Leong, Wan Ming Ming

PostScript: Danger Ahead?!

Course 831 EC-Council Certified Ethical Hacker v10 (CEH)

Black Box Debugging of Embedded Systems

Ch 1: The Mobile Risk Ecosystem. CNIT 128: Hacking Mobile Devices. Updated

"Charting the Course to Your Success!" MOC A Developing High-performance Applications using Microsoft Windows HPC Server 2008

Sample Exam IT-Security Foundation

EC-Council V9 Exam

Cloud FastPath: Highly Secure Data Transfer

Addressing Future Challenges in the Development of Safe and Secure Software Components The MathWorks, Inc. 1

Agenda. Security and Standard C Libraries. Martyn Lovell Visual C++ Libraries Microsoft Corporation

Certified Ethical Hacker

Department of Computer & Information Sciences. CSCI-342: Introduction to Information Security Syllabus

Developing ASP.NET MVC 4 Web Applications

When Hardware Attacks. Marc Witteman

Mobile Payment Application Security. Security steps to take while developing Mobile Application s. SISA Webinar.

CS 571 Operating Systems. Midterm Review. Angelos Stavrou, George Mason University

Introduction to Computer Systems

typedef void (*type_fp)(void); int a(char *s) { type_fp hf = (type_fp)(&happy_function); char buf[16]; strncpy(buf, s, 18); (*hf)(); return 0; }

Virtual File System -Uniform interface for the OS to see different file systems.

Drone /12/2018. Threat Model. Description. Threats. Threat Source Risk Status Date Created

Software Development Fundamentals (SDF)

Having learned basics of computer security and data security, in this section, you will learn how to develop secure systems.

The GenCyber Program. By Chris Ralph

T he key to building a presence in a new market

Scrutinizing WPA2 Password Generating Algorithms in Wireless Routers

Survey of Cyber Moving Targets. Presented By Sharani Sankaran

Transcription:

Embedded/Connected Device Secure Coding 4-Day Course Syllabus

Embedded/Connected Device Secure Coding 4-Day Course Course description Secure Programming is the last line of defense against attacks targeted toward our systems. This course shows you how to identify security flaws & implement security countermeasures in different areas of the software development lifecycle and apply these skills to improve the overall quality of the products and applications. Using sound programming techniques and best practices, in addition to understanding and practicing the capabilities of the potential hacker, as shown in this course, you can produce high-quality code that stands up to attacks. The course covers major security principles in C/C++, software, and hardware vulnerabilities caused be unsecure coding and practices. The course also cover common tools and techniques used against embedded/connected devices. The objectives of the course are to acquaint students with security concepts and terminology, and to provide them with a solid foundation for developing software using the best practices in C/C++. By course completion, students should be proficient in secure programming and have learnt the basics of security analysis and design. Students should then be able to develop, design and maintain a secure product, using security methods and techniques for the C/C++ language and in the IoT world. Target audience Members of the software development team: C / C++ Developers Designers & Architects Prerequisites Before attending this course, students should be familiar with: C/C++ language Background in memory management Background in OS mechanisms

Day 1 Information gathering Course topics Device Unpacking PCB Analysis Data Sheets FCC Serial and Connections Identifying Inputs Bus Pirate GoodFET Getting Console/Shell Debug Using Logic Analyzer Signal Monitoring Digital Decoding JTAG Overview Jtagulator OpenOCD JTAG Debugging Availability Application/OS crash CPU/Memory starvation Resource starvation Triggering high network bandwidth User level DOS Concurrency & Race conditions Race window/objects Mutual Exclusion Deadlock Time of Check/Time of Use (TOCTOU) Files as Locks and temporary files Symbolic link attacks Using atomic operations

Day 2 Buffer Overflows and Code Injections Stack Overflows attacks Heap overflows attacks Array indexing attacks Format strings attacks Secure vs. Insecure API s Stack guards Compiler checks Better ways to manipulate strings and buffers Integer Overflows Integer / Double overflows Integer conversion rules Signed and unsigned problems Safe integer usage Enforcing limits on integer values Preventing lost or misinterpreted data due to conversion Using secure integer libraries Safe API Banned APIs Real-World Risks Using safe API s The n Functions Detecting Dangerous APIs Alternatives StrSafe Secure Memory Usage Secure memory handling Erasing Data Secure pointer usage Memory Dumps Use smart pointers for resource management Ensure pointer arithmetic Avoid null pointer dereferencing Ensure sensitive data is not paged to disk

Day 3 Network Security Network attacks Insecure Services Application Layer Threats and attacks Traffic sniffing Traffic manipulations Man-in-the-Middle Avoiding Server Socket Hijacking Firewall Friendly application Cryptography Introduction to cryptography Symmetric encryption Asymmetric encryption ECC Transport Level encryption Storage Level encryption The problem with Crypto in IoT Lightweight cryptography Secure Coding Tips Prefer Streams to C-Style Input and Output Avoid defining macros Do not ignore values returned by functions or methods Secure defaults and initializations Security principles Hardcoded secrets Static Code Tools Integrating security into the development lifecycle

Day 4 Flash & Chip Manipulations Using a Device Programmer Connecting using SPI and I2C In-circuit Connection Pulling off the Chip Dumping the Content of a Chip Patching Flash Content Uploading a Modified Binary to Chip Firmware Analysis Getting the Device Firmware binwalk Reversing the Binary with IDA Patching Bypassing Limitations Uploading Modified Firmware Anti-Reversing Eliminate symbolic info Obfuscate the program Code Encryption Use anti-debugger tricks Code Checksums Confusing a Disassembler Inlining and Outlining sensitive code Interleaving Code

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback