C++ Secure Coding

C/C++ still drive most of the applications that power our computing The C++ Secure Coding training course is designed to introduce programmers to the vulnerabilities that creep into these applications and how to defend against them. The course will start by exploring how security relates to applications and then jumps right into imagining what can go wrong at any point during the program execution. These issues are addressed by exploring common coding vulnerabilities that occur during software development, that the programmer may or may not be aware of. Exploring the results of vulnerabilities and protecting against them is reinforced by the hands-on labs. Specific issues surrounding cryptography, client authentication, and overflow conditions will be addressed. How the application of object-oriented design principles, the CERT, and security design principles are addressed, as well as how the computer architecture and operating system architecture help and sometimes fail to protect applications.

Course Summary

Purpose: 
Programmers will have an understanding of how to develop secure code, adapt existing code to be more secure, and address CERT coding standards in C++ where required.
Audience: 
Experienced C++ programmers looking to learn how to write secure code
Skill Level: 
Learning Style: 

Workshops are instructor-led lab-intensives focused on the practical application of technologies through the facilitation of a project-related lab. Workshops are just the opposite of Seminars. They deliver the highest level of knowledge transfer of any format. Think wide (breadth) and deep (depth).

Workshop help
Duration: 
2 Days
Productivity Objectives: 
  • Describe the design and coding of secure applications using C++
  • Address the common coding vulnerabilities in the C++ environment
  • Imagine what can go wrong and know how to mitigate the issues

What You'll Learn

In the C++ Secure Coding training course you’ll learn:

  • Security
    • Types of attacks: denial of service and data mining
    • Vectors of attack: network, libraries, malware
    • Defense in depth
    • Classification of security flaws
  • What Could Possibly go Wrong?
    • Always ask: what happens if this fails?
    • What happens if the application crashes?
    • What happens if an exception is thrown?
    • Network problems?
    • Operating system crashes?
    • Protections failure (firewall, physical security, etc)
    • What about programs launched from the application?
    • Where does the application fail to?
    • Fail securely
  • Coding Vulnerabilities
    • Input validation: XML injection, SQL injection, path traversal, log forging
    • Race Conditions: time-of-check to time-of-use. memory corruption
    • Time and state
    • Variable parameters
    • Error and exception handling
    • Automatic and controlled data conversions
    • Memory locking, threads, and semaphores
    • File Handling
  • Cryptography
    • Symmetric-key
    • Asymmetric-key
    • Hashing
    • The dependency of randomization
    • Password and key management
    • Passwords and keys in memory
  • Client Authentication
    • Web – basic
    • Web – digest
    • Biometrics
    • Cryptographic
    • Two-factor authentication
  • Data Overflow
    • Buffer overflow
    • Array indexing
    • Stack overflow & Stack smashing
    • Overflow and index on the heap and the stack
  • Security Design Principles
    • Fail-safes
    • Mediation: did the data change since last checked?
    • Separation of privileges
    • Least privilege
    • Psychological Acceptability
  • CERT and Design Principles
    • CERT C++ coding standards
    • Addressing CERT requirements
    • Object-oriented design principles and design patterns
    • Testing, unit testing, and test-driven-development
  • Intel Architecture
    • Processors, registers, memory
    • Function calling conventions
    • Stack frame & non-executable (NX) memory areas
    • Recursion
    • Address space layout randomization
  • Third-Party Code
    • Any code that is not your own, including other internal groups
    • Package management
    • Vetting third-party code: source, reverse compilers
    • Monitoring network connections

Get Custom Training Quote

We'll work with you to design a custom C++ Secure Coding training program that meets your specific needs. A 100% guaranteed plan that works for you, your team, and your budget.

Learn More

Chat with one of our Program Managers from our Boulder, Colorado office to discuss various training options.

DevelopIntelligence has been in the technical/software development learning and training industry for nearly 20 years. We’ve provided learning solutions to more than 48,000 engineers, across 220 organizations worldwide.

About Develop Intelligence
Di Clients
Need help finding the right learning solution?   Call us: 877-629-5631