8409  Reviews star_rate star_rate star_rate star_rate star_half

C and C++ Secure Coding

Ascendient Learning's C and C++ Secure Coding training teaches developers the common security weaknesses that allow hackers to attack systems and the best practices needed to prevent these attacks....

Read More
By Request
Contact Us For Pricing
Duration 3 days
Course Code SEC-126
Available Formats Classroom

Overview

Ascendient Learning's C and C++ Secure Coding training teaches developers the common security weaknesses that allow hackers to attack systems and the best practices needed to prevent these attacks. Attendees learn core programming issues of C and C++ and identify potential security pitfalls and solutions.

Note: To ensure ample one-on-one engagement with the instructor, this class is capped at 12 people, overriding Ascendient Learning’s default cap of 15.

Skills Gained

All attendees will:

  • Handle security challenges in your C and C++ code
  • Identify vulnerabilities and their consequences
  • Learn the security best practices in C and C++

Prerequisites

All students must have C/C++ development experience.

Course Details

Training Materials

All Secure Coding training attendees receive comprehensive courseware.

Software Requirements

Attendees will not need to install any software on their computers for this class. The class will be conducted in a remote environment that Ascendient Learning will provide; students will only need a local computer with a web browser and a stable Internet connection. Any recent version of Microsoft Edge, Mozilla Firefox, or Google Chrome will work well.

Outline

  • Cybersecurity Basics
    • What is security?
    • Threat and risk
    • Cybersecurity threat types
    • Consequences of insecure software
    • Constraints and the market
    • The dark side
  • Buffer Overflow
    • Assembly basics and calling conventions
      • x64 assembly essentials
      • Registers and addressing
      • Most common instructions
      • Calling conventions on x64
    • Memory management vulnerabilities
      • Memory management and security
      • Vulnerabilities in the real world
    • Buffer security issues
      • Buffer overflow on the stack
      • Buffer overflow on the heap
      • Pointer manipulation
      • Some typical mistakes leading to BoF
    • BoF protection best practices
      • Safe and unsafe functions
      • base_string and std::string
      • Some less-known dangerous functions
      • Lab – Fixing buffer overflow
      • Securing the toolchain
      • Compiler options and instrumentation
      • Stack smashing protection
      • Runtime protection
      • Address Space Layout Randomization (ASLR)
      • Non-executable memory areas
  • Common Software Security Weaknesses
    • Input validation
      • Input validation principles
    • Injection
      • Injection principles
      • Injection attacks
      • Code injection
    • Integer handling problems
      • Representing signed numbers
      • Integer visualization
      • Integer overflow
      • Lab – Integer overflow
      • Signed / unsigned confusion
      • Lab – Signed / unsigned confusion
      • Integer truncation
      • Lab – Integer truncation
      • Case study – Wannacry
      • Best practices
    • Other numeric problems
      • Division by zero
      • Working with floating-point numbers
    • Files and streams
      • Path traversal
      • Path traversal-related examples
      • Lab – Path traversal
      • Link and shortcut following
      • Virtual resources
      • Path traversal best practices
    • Format string issues
      • The problem with printf()
      • Lab – Exploiting format string
  • Time and State
    • Race conditions
      • Race condition in object data members
      • File race condition
      • Potential race condition
  • Common Software Security Weaknesses
    • Security features
      • Authentication
      • Password management
    • Errors
      • Error and exception handling principles
      • Error handling
      • Exception handling
    • Code quality
      • Type mismatch
      • Lab – Type mismatch
      • Function return values
      • Unreleased resource
      • Object-oriented programming pitfalls
      • Memory and pointers
  • Wrap Up
    • Secure coding principles
      • Principles of robust programming by Matt Bishop
      • Secure design principles of Saltzer and Schröder
    • And now what?
      • Further sources and readings
      • C and C++ resources
Read Less

Schedule

Upcoming Course Dates

There are currently no scheduled dates for this course. If you are interested in this course, contact us with the form below.

Contact Information

FAQ

Does the course schedule include a Lunchbreak?

Classes typically include a 1-hour lunch break around midday. However, the exact break times and duration can vary depending on the specific class. Your instructor will provide detailed information at the start of the course.

What languages are used to deliver training?

Most courses are conducted in English, unless otherwise specified. Some courses will have the word "FRENCH" marked in red beside the scheduled date(s) indicating the language of instruction.

What does GTR stand for?

GTR stands for Guaranteed to Run; if you see a course with this status, it means this event is confirmed to run. View our GTR page to see our full list of Guaranteed to Run courses.

Does Ascendient Learning deliver group training?

Yes, we provide training for groups, individuals and private on sites. View our group training page for more information.

What does vendor-authorized training mean?

As a vendor-authorized training partner, we offer a curriculum that our partners have vetted. We use the same course materials and facilitate the same labs as our vendor-delivered training. These courses are considered the gold standard and, as such, are priced accordingly.

Is the training too basic, or will you go deep into technology?

It depends on your requirements, your role in your company, and your depth of knowledge. The good news about many of our learning paths, you can start from the fundamentals to highly specialized training.

How up-to-date are your courses and support materials?

We continuously work with our vendors to evaluate and refresh course material to reflect the latest training courses and best practices.

Are your instructors seasoned trainers who have deep knowledge of the training topic?

Ascendient Learning instructors have an average of 27 years of practical IT experience and have also served as consultants for an average of 15 years. To stay current, instructors spend at least 25 percent of their time learning new, emerging technologies and courses.

Do you provide hands-on training and exercises in an actual lab environment?

Lab access is dependent on the vendor and the type of training you sign up for. However, many of our top vendors will provide lab access to students to test and practice. The course description will specify lab access.

Will you customize the training for our company’s specific needs and goals?

We will work with you to identify training needs and areas of growth.  We offer a variety of training methods, such as private group training, on-site of your choice, and virtually. We provide courses and certifications that are aligned with your business goals.

How do I get started with certification?

Getting started on a certification pathway depends on your goals and the vendor you choose to get certified in. Many vendors offer entry-level IT certification to advanced IT certification that can boost your career. To get access to certification vouchers and discounts, please contact info@ascendientlearning.com.

Will I get access to content after I complete a course?

You will get access to the PDF of course books and guides, but access to the recording and slides will depend on the vendor and type of training you receive.

How do I request a W9 for Ascendient Learning?

View our filing status and how to request a W9.

Reviews

Easy to use and exactly what I was looking for. Value for money was exceptional.

The platform is very intuitive and easy to navigate. Great tool for learning

The tool provided to practice the course teachings is very functional and easy to use.

Fantastic and great training. Tons of hands-on labs to really make you understand the material being thought.

Brandon was a great instructor. The virtual course materials and labs provided were very informative.