- Onboard For Tech Teams
- Reduce initial time to productivity.
- Increase employee tenure.
- Plug-and-play into HR onboarding and career pathing programs.
- Customize for ad-hoc and cohort-based hiring approaches.
- Upskill For Tech Teams
- Upgrade and round out developer skills.
- Tailor to tech stack and specific project.
- Help teams, business units, centers of excellence and corporate tech universities.
- Reskill For Tech Teams
- Offer bootcamps to give employees a running start.
- Create immersive and cadenced learning journeys with guaranteed results.
- Supplement limited in-house L&D resources with all-inclusive programs to meet specific business goals.
- Design For Tech Teams
- Uplevel your existing tech learning framework.
- Extend HR efforts to provide growth opportunities within the organization.
- Prepare your team for an upcoming tech transformation.
Get your team started on a custom learning journey today!
Our Boulder, CO-based learning experts are ready to help!
Course Summary
The C++ Secure Coding training course is designed to introduce programmers to the vulnerabilities that creep into these applications and how to defend against them.
The course will start by exploring how security relates to applications and then jumps right into imagining what can go wrong at any point during the program execution. These issues are addressed by exploring common coding vulnerabilities that occur during software development, that the programmer may or may not be aware of. Next, the course explores the results of vulnerabilities, and protecting against them is reinforced by the hands-on labs. Specific issues surrounding cryptography, client authentication, and overflow conditions will be addressed. The course concludes with a lesson on how the application of object-oriented design principles, the CERT, and security design principles are addressed, as well as how the computer architecture and operating system architecture help and sometimes fail to protect applications.
- Productivity Objectives:
- Describe the design and coding of secure applications using C++
- Address the common coding vulnerabilities in the C++ environment
- Imagine what can go wrong and know how to mitigate the issues
Request Information
Get your team upskilled or reskilled today. Chat with one of our experts to create a custom training proposal. Fully customized at no additional cost.
If you are not completely satisfied with your training class, we'll give you your money back.
about our training
-
Real-World Content
Project-focused demos and labs using your tool stack and environment, not some canned "training room" lab.
-
Expert Practitioners
Industry experts with 15+ years of industry experience that bring their battle scars into the classroom.
-
Experiential Learning
More coding than lecture, coupled with architectural and design discussions.
-
Fully Customized
One-size-fits-all doesn't apply to training teams. That's where we come in!
What You'll Learn
In the C++ Secure Coding training course, you'll learn:
- Security
- Types of attacks: denial of service and data mining
- Vectors of attack: network, libraries, malware
- Defense in depth
- Classification of security flaws
- What Could Possibly Go Wrong?
- Always ask: what happens if this fails?
- What happens if the application crashes?
- What happens if an exception is thrown?
- Network problems?
- Operating system crashes?
- Protections failure (firewall, physical security, etc)
- What about programs launched from the application?
- Where does the application fail to?
- Fail securely
- Coding Vulnerabilities
- Input validation: XML injection, SQL injection, path traversal, log forging
- Race Conditions: time-of-check to time-of-use. memory corruption
- Time and state
- Variable parameters
- Error and exception handling
- Automatic and controlled data conversions
- Memory locking, threads, and semaphores
- File Handling
- Cryptography
- Symmetric-key
- Asymmetric-key
- Hashing
- The dependency of randomization
- Password and key management
- Passwords and keys in memory
- Client Authentication
- Web – basic
- Web – digest
- Biometrics
- Cryptographic
- Two-factor authentication
- Data Overflow
- Buffer overflow
- Array indexing
- Stack overflow & Stack smashing
- Overflow and index on the heap and the stack
- Security Design Principles
- Fail-safes
- Mediation: did the data change since last checked?
- Separation of privileges
- Least privilege
- Psychological Acceptability
- CERT and Design Principles
- CERT C++ coding standards
- Addressing CERT requirements
- Object-oriented design principles and design patterns
- Testing, unit testing, and test-driven-development
- Intel Architecture
- Processors, registers, memory
- Function calling conventions
- Stack frame & non-executable (NX) memory areas
- Recursion
- Address space layout randomization
- Third-Party Code
- Any code that is not your own, including other internal groups
- Package management
- Vetting third-party code: source, reverse compilers
- Monitoring network connections
Real-world content
Project-focused demos and labs using your tool stack and environment, not some canned "training room" lab.
Expert Practitioners
Industry experts that bring their battle scars into the classroom.
Experiential Learning
More coding than lecture, coupled with architectural and design discussions.
Fully Customized
One-size-fits-all doesn't apply to training teams. That's where we come in!
Elite Instructor Program
We recently launched our internal Elite Instructor Program. The community driven instructor program is designed to support instructors in transforming students’ lives by consistently showing a world-class level of engagement, ability, and teaching prowess. Reach out today to learn more about our instructors.
Customized Technical Learning Solutions to Help Attract and Retain Talented Developers
Let DI help you design solutions to onboard, upskill or reskill your software development organization. Fully customized. 100% guaranteed.
DevelopIntelligence leads technical and software development learning programs for Fortune 500 companies. We provide learning solutions for hundreds of thousands of engineers for over 250 global brands.
“I appreciated the instructor’s technique of writing live code examples rather than using fixed slide decks to present the material.”
VMwareAbout Us
LET’S DISCUSS
DevelopIntelligence has been in the technical/software development learning and training industry for nearly 20 years. We’ve provided learning solutions to more than 48,000 engineers, across 220 organizations worldwide.
Resources
Thank you for everyone who joined us this past year to hear about our proven methods of attracting and retaining tech talent.
- Boulder, Colorado Headquarters: 980 W. Dillon Road, Louisville, CO 80027
© 2013 - 2022 DevelopIntelligence LLC - Privacy Policy