Secure Coding in C and C++ Training

Secure Coding in C and C++ Training: The C and C++ programming languages are the bedrock for most operating systems, major network services, embedded systems, and system utilities. Even though C and, to a lesser extent, C++ are well-understood languages, the flexibility of the language and inconsistencies in the standard C libraries have led to an enormous number of discovered vulnerabilities over the years. The unfortunate truth is that there are probably more undiscovered vulnerabilities than there are known vulnerabilities!

This Secure Coding in C and C++ Training course will cover all of the most common programming flaws that affect C and C++ code. Each issue is described clearly with examples. Throughout the Secure Coding in C and C++ Training course students are asked to identify flaws in modern versions of common open-source software to provide hands-on experience identifying these issues in existing code. Exercises also require students to provide secure solutions to coding problems in order to demonstrate mastery of the subject.

Secure Coding in C/C++ TrainingDuration: 2 days

  • We can adapt this Secure Coding in C and C++ Training course to your group’s background and work requirements at little to no added cost.
  • If you are familiar with some aspects of this Secure Coding in C and C++ Training course, we can omit or shorten their discussion.
  • We can adjust the emphasis placed on the various topics or build the Secure Coding in C and C++ Training Course around the mix of technologies of interest to you (including technologies other than those included in this outline).
  • If your background is nontechnical, we can exclude the more technical topics, include the topics that may be of special interest to you (e.g., as a manager or policy-maker), and present the Secure Coding in C and C++ Training course in a manner understandable to lay audiences.

The target audience for this Secure Coding in C and C++ course:

  • C Programmers
  • C++ Programmers
  • Project Managers overseeing coding tasks in C or C++
  • Embedded programmers working with C or C++
  • Legacy code maintainers
  • Code auditors

The knowledge and skills that a learner must have before attending this Secure Coding in C and C++ course are:

  • Knowledge of C / C++ programming languages
  • Familiarity with memory management
  • Background in OS mechanisms
Secure Coding in C and C++ Training - OBJECTIVES

Upon completing this Secure Coding in C/C++ course, learners will be able to meet these objectives:

  • Understand basic concepts of security, IT security, and secure coding
  • Realize the severe consequences of non-secure buffer handling
  • Understand the architectural protection techniques and their weaknesses
  • Learn about typical coding mistakes and how to avoid them
  • Be informed about recent vulnerabilities in various platforms, frameworks, and libraries
Secure Coding in C and C++ Training - COURSE SYLLABUS

IT security and secure coding

  • Nature of security
  • IT security-related terms
  • Definition of risk
  • IT security vs. secure coding
  • From vulnerabilities to botnets and cybercrime
    • Nature of security flaws
    • Reasons of difficulty
    • From an infected computer to targeted attacks
  • Classification of security flaws
    • Landwehr’s taxonomy
    • The Fortify taxonomy
    • The Seven Pernicious Kingdoms
    • OWASP Top Ten 2013 — Landwehr’s taxonomy

Security relevant C/C++ programming bugs and flaws

  • Exploitable security flaws
  • Protection principles
    • Specific protection methods
    • Protection methods at different layers
    • The PreDeCo matrix of software security
  • x86 machine code, memory layout, stack operations
    • Main registers
    • Most important instructions
    • Flags
    • Control instructions
    • Stack handling and flow control
    • The memory address layout
    • The function calling mechanism in C/C++ on x86
    • Calling conventions
    • The local variables and the stack frame
    • Function calls
    • Prologue and epilogue of a function
    • Stack frame of nested calls
    • Stack frame of recursive functions

Buffer overflow

  • Stack overflow
    • Buffer overflow on the stack
      • Overwriting the return address
      • Exercise BOFIntro
      • Exercise BOFShellcode
    • Protection against stack overflow
      • Stack overflow – prevention (during development)
      • Stack overflow – detection (during execution)
    • Stack smashing protection
      • Stack smashing protection variants
      • Stack smashing protection in GCC
      • Exercise BOFShellcode
      • Effects of stack smashing protection
      • Bypassing stack smashing protection – an example
    • Address Space Layout Randomization (ASLR)
      • Stack randomization with ASLR
      • Using ASLR
      • Circumventing ASLR: NOP sledding
      • Exercise BOFASLR
      • Circumventing ASLR with NOP sledding
    • Non-executable memory areas – the NX bit
      • Protection through virtual memory management
      • Access control on memory segments
      • The Never eXecute (NX) bit
      • Exercise BOFShellcode – enforcing NX memory segments
      • Return-to-libc attack – circumventing the NX bit
      • Arc injection / return-to-libc attack
      • Multiple functions call with return-to-libc
    • Return oriented programming (ROP)
      • Exploiting with ROP
      • ROP gadgets
      • Combining the ROP gadgets
      • Exercise BOFROP
  • Heap overflow
    • Memory allocation managed by a doubly-linked list
    • Buffer overflow on the heap
    • Steps of freeing and joining memory blocks
    • Freeing allocated memory blocks
    • TLS Heartbeat Extension
    • Heartbleed – a simple explanation
    • Heartbleed – fix in v1.0.1g
    • Protection against heap overflow

Common coding errors and vulnerabilities

  • Input validation
    • Input validation concepts
    • Integer problems
    • Representation of negative integers
    • Integer ranges
    • Integer representation by using the two’s complement
    • The integer promotion rule in C/C++
    • Arithmetic overflow – spot the bug!
    • Exercise IntOverflow
    • So why ABS(INT_MIN)==INT_MIN?
    • Signedness bug – spot the bug!
    • Widthness integer overflow – spot the bug!
    • A case study – Android Stagefright
    • Stagefright – a quick introduction
    • Some Stagefright code examples – spot the bugs!
    • Integer problem mitigation
    • Avoiding arithmetic overflow – addition
    • Avoiding arithmetic overflow – multiplication
    • Dealing with signed/unsigned integer promotion
    • Safe integer handling in C
    • The SafeInt class for C++
    • Printf format string bug – exploitation
    • Exercise Printf
    • Printf format string exploit – overwriting the return address
    • Mitigation of print format string problem
    • Some other input validation problems
    • Array indexing – spot the bug!
    • The Unicode bug
    • Directory Traversal Vulnerability
    • Shellshock – basics of using functions in bash
    • Shellshock – vulnerability in bash
    • Exercise – Shellshock
    • Shellshock fix and counterattacks
    • Exercise – command override with environment variables
    • Improper use of security features
    • Problems related to the use of security features
    • Insecure randomness
    • Week PRNGs in C
    • Stronger PRNGs in C and Linux
    • Hardware-based RNGs
    • Password management
    • Exercise – Google cracking
    • Password management and storage
    • Special purpose hash algorithms for password storage
    • BDKDF2 and bcrypt implementations in C/C++
    • Some other typical password management problems
  • Improper error and exception handling
    • Typical problems with error and exception handling
    • Empty catch block
    • Overly broad catch
    • Exercise ErrorHandling – spot the bug!
  • Time and state problems
    • Time and state-related problems
    • Serialization errors (TOCTTOU)
    • Attacks with symbolic links
    • Exercise TOCTTOU
  • Code quality problems
    • Dangers arising from poor code quality
    • Poor code quality – spot the bug!
    • Unreleased resources
    • Type mismatch – spot the bug!
    • Exercise TypeMismatch

Advice and principles

  • Matt Bishop’s principles of robust programming
  • The security principles of Saltzer and Schroeder

Knowledge sources

  • Vulnerability databases
  • Secure coding sources – a starter kit
Secure Coding in C and C++ Training Course Wrap-Up

Whether you are looking for general information or have a specific question, we want to help.
Request More Information

    Time frame: