Identifying Security Vulnerabilities in C/C++Programming from Coursera

This course builds upon the skills and coding practices learned in both Principles of Secure Coding and Identifying Security Vulnerabilities, courses one and two, in this specialization. This course uses the focusing technique that asks you to think about: “what to watch out for” and “where to look” to evaluate and ultimately remediate fragile C++ library code.

The techniques you’ll be examining will make your programs perform accurately and be resistant to attempts to perform inaccurately. This is really what the term secure programming means. You will be shown common errors that people make, and then learn how to program more robustly. You will apply tips and best practices to help you improve your programming style and help you to avoid common problems like buffer overflows, which may or may not cause security problems.

What's inside

Syllabus

Users, Privileges, and Environment Variables

In this module, you will be able to manage users and privileges when you run programs or sub-programs. You will be able to identify and use the different types of privileges on a Linux (and UNIX-like) system. You'll be able to identify how program shells preserve environment settings. You will be able to examine how your shell (or other program that uses the PATH variable) deals with multiple versions of that variable.

Validation and Verification, Buffer and Numeric Overflows, and Input Injections

In this module, you will be able to breakdown how the process of checking inputs, known as validation and verification works. You will be able to avoid and buffer numeric overflows in your programs. You will be able to discover what happens when you call functions with parameters that cause overflows. And finally, you will be able to detect various input injections such as cross-site scripting and SQL injections and be able to describe the consequences of not examining input.

Files, Subprocesses, and Race Conditions

In this module, you will be able to describe how files and subprocesses interact and be able to create subprocesses and shell scripts. You will also be able to identify and prevent race conditions in your programs and practice cleaning out environments to make them safe for untrusted subprocesses.

Randomness, Cryptography, and Other Topics

In this module you will be able to distinguish between pseudo-randomness and actual randomness. You will be able to apply randomness in the coding environment and generate random numbers and look at their distribution. You'll be able to identify and describe how and why cryptography is used, as well as why you should use trusted cryptography code libraries instead of crafting your own solution. You will be able to analyze and consider best practices for handling sensitive information, passwords, crypto keys, how to handle errors in security sensitive programs, and how to defend against string attacks. You will be able to hash a password and then try to guess another one. You will be able to practice cleaning out environments to make them safe for untrusted subprocesses, as well as practice handling integer overflow.

Good to know

Know what's good

, what to watch for

, and possible dealbreakers

Teaches methods to secure C++ programming code

Explores common errors in C++ programming and techniques to avoid them

Emphasizes validation and verification to prevent security vulnerabilities

Covers cryptography, randomness, and string attacks

Suitable for learners with foundational knowledge in secure coding practices

Prerequisites include knowledge of C++ and secure coding practices

Reviews summary

Security vulnerabilities in c/c++: conceptual overview

learners say this course provides conceptual information about security vulnerabilities in C/C++ programming. While some students say that the course is good and well-presented, others say that the examples provided are too small, and the instructor sometimes assumes programming knowledge that not all students have. Overall, students say this course provides a basic overview of security vulnerabilities but could be improved with more practical content and examples.

Good information on security vulnerabilities.

"Good course with well presented information and good info on topics related to multi-threaded processing vulnerabilities, environment variables, file systems, cryptography, public/private key sharing, input injection, buffer overflows, validation, and permissions (all dealt with via a Linux backdrop)."

Instructor sometimes assumes programming knowledge that not all students have.

"they dont provide code or example codes..... while he mentioned some functions you might need to avoid or you can use instead , it gives you the feeling there might be more to it."

"there isn't a cheat sheet provided and I would love to see some sort of summary where you could always refer to the juice stuff to review instead of reading the whole video transcript."

"While its not really necessary to be a programmer its might be addressed to these, its all conceptual , and most of the time the professor assumes you know how to do things"

Could be improved with better examples and deep dives into various scenarios for each topic.

"the coding examples were usually small and not particularly practical."

"This course would be greatly improved with better examples and deep dives into various scenarios for each topic."

More practical examples and less conceptual info needed.

"Need more programtic way"

"Practical demos could have added more fun to this course."

"This course has very minimal code."

Activities

Be better prepared before your course. Deepen your understanding during and after it. Supplement your coursework and achieve mastery of the topics covered in Identifying Security Vulnerabilities in C/C++Programming with these activities:

Review C++ programming concepts

Show steps

Refreshing C++ fundamentals will provide a solid foundation for the course.

Browse courses on C++

Show steps

Review basic syntax, data types, and control flow.
Practice writing simple C++ programs.

Read "Secure Coding: Principles and Practices"

Show steps

This book provides a comprehensive overview of secure coding principles and best practices.

View The Art of Software Security Assessment on Amazon

Show steps

Read each chapter thoroughly.
Take notes and highlight important concepts.
Complete the exercises and review the solutions.

Watch tutorials on input sanitization

Show steps

Following tutorials will provide additional guidance on preventing input-based vulnerabilities.

Browse courses on Validation

Show steps

Search for reputable tutorials on input sanitization.
Watch the tutorials and take notes on key techniques.
Apply the techniques in your own code.

Four other activities

Expand to see all activities and additional details

Show all seven activities

Practice buffer and numeric overflow examples

Show steps

Practicing examples will help solidify your understanding of these vulnerabilities.

Browse courses on Buffer Overflows

Show steps

Review the examples provided in the course materials.
Implement example problems on your own without looking at solutions.
Compare your solutions to provided answers to identify any errors.

Create a program that validates inputs

Show steps

Creating a program will provide hands-on experience in implementing validation techniques.

Browse courses on Validation

Show steps

Design the program's input and output.
Implement input validation to ensure correct data types and values.
Test the program with various inputs to verify its functionality.

Analyze cryptography algorithms

Show steps

Analyzing algorithms will deepen your understanding of their strengths and weaknesses.

Browse courses on Cryptography

Show steps

Choose several cryptography algorithms to analyze.
Implement each algorithm in a programming language.
Test the algorithms with various inputs to compare their performance.
Research the theoretical and practical aspects of the algorithms.

Contribute to a cryptography library

Show steps

Contributing to open source will provide practical experience in implementing cryptography techniques.

Browse courses on Cryptography

Show steps

Identify a suitable cryptography library to contribute to.
Review the library's documentation and codebase.
Identify a specific area to contribute to, such as adding a new algorithm or improving existing code.
Implement your contribution and submit a pull request.
Collaborate with other developers to improve the library.

Career center

Learners who complete Identifying Security Vulnerabilities in C/C++Programming will develop knowledge and skills that may be useful to these careers:

Information Security Analyst

As an Information Security Analyst, you will be responsible for identifying, analyzing, and mitigating security risks to an organization's computer systems and networks. This course will improve your effectiveness in this role by helping you to identify and remediate security vulnerabilities in C++ code.

See salaries and explore the career path for Information Security Analyst

Penetration Tester

Penetration Testers assess the security of computer systems and networks by attempting to exploit vulnerabilities. This course will help you to develop the skills you need to be successful in this role, such as identifying and remediating security vulnerabilities in C++ code.

See salaries and explore the career path for Penetration Tester

Malware Analyst

Malware Analysts investigate and analyze malware. This course will help you to develop the skills you need to be successful in this role, such as identifying and remediating security vulnerabilities in C++ code.

See salaries and explore the career path for Malware Analyst

Security Architect

Security Architects design, implement, and manage an organization's security infrastructure. By taking this course, you can learn how to identify and remediate security vulnerabilities in C++ code, which will make you a more competitive candidate for this role.

See salaries and explore the career path for Security Architect

Security Engineer

Security Engineers design, implement, and maintain security systems. This course will help you to develop the skills you need to be successful in this role, such as identifying and remediating security vulnerabilities in C++ code.

See salaries and explore the career path for Security Engineer

Security Consultant

Security Consultants provide advice and guidance to organizations on how to improve their security posture. This course will help you to develop the skills you need to be successful in this role, such as identifying and remediating security vulnerabilities in C++ code.

See salaries and explore the career path for Security Consultant

Security Analyst

Security Analysts investigate and analyze security incidents. This course will help you to develop the skills you need to be successful in this role, such as identifying and remediating security vulnerabilities in C++ code.

See salaries and explore the career path for Security Analyst

Software Engineer

Software Engineers are responsible for the design, development, and maintenance of software systems. This course covers several topics that are relevant to this role such as identifying and remediating security vulnerabilities, validation and verification, and randomness.

See salaries and explore the career path for Software Engineer

Systems Administrator

Systems Administrators are responsible for the maintenance and security of computer systems. This course will help you to identify and remediate security vulnerabilities in C++ code, a valuable skill for this role.

See salaries and explore the career path for Systems Administrator

Web Developer

Web Developers design, create, and maintain websites. In this field, it is important to pay attention to security as there are many ways to leave a user vulnerable, which this course addresses by teaching you how to identify and remediate security vulnerabilities in C++ code.

See salaries and explore the career path for Web Developer

Chief Information Security Officer

You will play a leading role in the development and implementation of security programs to safeguard the organization's data and systems. This course can help set you on the path to this position as you will learn how to identify and remediate security vulnerabilities, skills that are in high demand for CISOs.

See salaries and explore the career path for Chief Information Security Officer

Database Administrator

Database Administrators are responsible for the maintenance and security of databases. This course may be useful to you in this role as it will help you to identify and remediate security vulnerabilities in C++ code.

See salaries and explore the career path for Database Administrator

Network Administrator

Network Administrators are responsible for the maintenance and security of computer networks. This course may be useful to you in this role as it will help you to identify and remediate security vulnerabilities in C++ code.

See salaries and explore the career path for Network Administrator

Software Developer

Software Developers create and maintain software applications. This course may be useful to you in this role as it will help you to identify and remediate security vulnerabilities in C++ code.

See salaries and explore the career path for Software Developer

Cybersecurity Engineer

Your day-to-day work will include designing, implementing, and maintaining security systems to protect an organization's networks and data. This course may be helpful to you in this role as it will help you to identify and remediate security vulnerabilities in C++ code.

See salaries and explore the career path for Cybersecurity Engineer