• Onboard For Tech Teams

    • Reduce initial time to productivity.
    • Increase employee tenure.
    • Plug-and-play into HR onboarding and career pathing programs.
    • Customize for ad-hoc and cohort-based hiring approaches.

    Learn more
  • Upskill For Tech Teams

    • Upgrade and round out developer skills.
    • Tailor to tech stack and specific project.
    • Help teams, business units, centers of excellence and corporate tech universities.

    Learn more
  • Reskill For Tech Teams

    • Offer bootcamps to give employees a running start.
    • Create immersive and cadenced learning journeys with guaranteed results.
    • Supplement limited in-house L&D resources with all-inclusive programs to meet specific business goals.

    Learn more
  • Design For Tech Teams

    • Uplevel your existing tech learning framework.
    • Extend HR efforts to provide growth opportunities within the organization.
    • Prepare your team for an upcoming tech transformation.

    Learn more

C++ Secure Coding

Get your team started on a custom learning journey today!

Our Boulder, CO-based learning experts are ready to help!

Get A Quote!

Course Summary

Home > Courses >Secure Coding Training >Secure Programming >C++ Secure Coding

The C++ Secure Coding training course is designed to introduce programmers to the vulnerabilities that creep into these applications and how to defend against them. 

The course will start by exploring how security relates to applications and then jumps right into imagining what can go wrong at any point during the program execution. These issues are addressed by exploring common coding vulnerabilities that occur during software development, that the programmer may or may not be aware of. Next, the course explores the results of vulnerabilities, and protecting against them is reinforced by the hands-on labs. Specific issues surrounding cryptography, client authentication, and overflow conditions will be addressed. The course concludes with a lesson on how the application of object-oriented design principles, the CERT, and security design principles are addressed, as well as how the computer architecture and operating system architecture help and sometimes fail to protect applications.

Purpose
Learn how to develop secure code, adapt existing code to be more secure, and address CERT coding standards in C++ where required.
Audience
Experienced C++ programmers looking to learn how to write secure code.
Role
Software Developer
Skill Level
Intermediate
Style
Targeted Topic - Workshops
Duration
2 Days
Related Technologies
Download
imgprinter
  • Productivity Objectives:
    • Describe the design and coding of secure applications using C++
    • Address the common coding vulnerabilities in the C++ environment
    • Imagine what can go wrong and know how to mitigate the issues
Learn About Virtual Training

Request Information

Get your team upskilled or reskilled today. Chat with one of our experts to create a custom training proposal. Fully customized at no additional cost.

100secure

If you are not completely satisfied with your training class, we'll give you your money back.

secure100 secure100 secure100 secure100

about our training

  • keywordicon1
    Real-World Content

    Project-focused demos and labs using your tool stack and environment, not some canned "training room" lab.

  • keywordicon2
    Expert Practitioners

    Industry experts with 15+ years of industry experience that bring their battle scars into the classroom.

  • keywordicon3
    Experiential Learning

    More coding than lecture, coupled with architectural and design discussions.

  • keywordicon4
    Fully Customized

    One-size-fits-all doesn't apply to training teams. That's where we come in!

What You'll Learn

In the C++ Secure Coding training course, you'll learn:

  • Security
    • Types of attacks: denial of service and data mining
    • Vectors of attack: network, libraries, malware
    • Defense in depth
    • Classification of security flaws
  • What Could Possibly Go Wrong?
    • Always ask: what happens if this fails?
    • What happens if the application crashes?
    • What happens if an exception is thrown?
    • Network problems?
    • Operating system crashes?
    • Protections failure (firewall, physical security, etc)
    • What about programs launched from the application?
    • Where does the application fail to?
    • Fail securely
  • Coding Vulnerabilities
    • Input validation: XML injection, SQL injection, path traversal, log forging
    • Race Conditions: time-of-check to time-of-use. memory corruption
    • Time and state
    • Variable parameters
    • Error and exception handling
    • Automatic and controlled data conversions
    • Memory locking, threads, and semaphores
    • File Handling
  • Cryptography
    • Symmetric-key
    • Asymmetric-key
    • Hashing
    • The dependency of randomization
    • Password and key management
    • Passwords and keys in memory
  • Client Authentication
    • Web – basic
    • Web – digest
    • Biometrics
    • Cryptographic
    • Two-factor authentication
  • Data Overflow
    • Buffer overflow
    • Array indexing
    • Stack overflow & Stack smashing
    • Overflow and index on the heap and the stack
  • Security Design Principles
    • Fail-safes
    • Mediation: did the data change since last checked?
    • Separation of privileges
    • Least privilege
    • Psychological Acceptability
  • CERT and Design Principles
    • CERT C++ coding standards
    • Addressing CERT requirements
    • Object-oriented design principles and design patterns
    • Testing, unit testing, and test-driven-development
  • Intel Architecture
    • Processors, registers, memory
    • Function calling conventions
    • Stack frame & non-executable (NX) memory areas
    • Recursion
    • Address space layout randomization
  • Third-Party Code
    • Any code that is not your own, including other internal groups
    • Package management
    • Vetting third-party code: source, reverse compilers
    • Monitoring network connections
Real-world content

Project-focused demos and labs using your tool stack and environment, not some canned "training room" lab.

Expert Practitioners

Industry experts that bring their battle scars into the classroom.

Experiential Learning

More coding than lecture, coupled with architectural and design discussions.

Fully Customized

One-size-fits-all doesn't apply to training teams. That's where we come in!

Elite Instructor Program

We recently launched our internal Elite Instructor Program. The community driven instructor program is designed to support instructors in transforming students’ lives by consistently showing a world-class level of engagement, ability, and teaching prowess. Reach out today to learn more about our instructors.

Customized Technical Learning Solutions to Help Attract and Retain Talented Developers

Get In Touch
Talk to one of our Learning Solution Architects today

Let DI help you design solutions to onboard, upskill or reskill your software development organization. Fully customized. 100% guaranteed.

DevelopIntelligence leads technical and software development learning programs for Fortune 500 companies. We provide learning solutions for hundreds of thousands of engineers for over 250 global brands.

99statisfaction1 Educate learners using experienced practitioners.
pularsight Proven customization process is guaranteed.
budgetnewlogo We're a strategic partner, not just another vendor.

“I appreciated the instructor’s technique of writing live code examples rather than using fixed slide decks to present the material.”

VMware
vmware View more