We may earn an affiliate commission when you visit our partners.
Course image
Matthew Bishop, PhD

This course builds upon the skills and coding practices learned in both Principles of Secure Coding and Identifying Security Vulnerabilities, courses one and two, in this specialization. This course uses the focusing technique that asks you to think about: “what to watch out for” and “where to look” to evaluate and ultimately remediate fragile C++ library code.

Read more

This course builds upon the skills and coding practices learned in both Principles of Secure Coding and Identifying Security Vulnerabilities, courses one and two, in this specialization. This course uses the focusing technique that asks you to think about: “what to watch out for” and “where to look” to evaluate and ultimately remediate fragile C++ library code.

The techniques you’ll be examining will make your programs perform accurately and be resistant to attempts to perform inaccurately. This is really what the term secure programming means. You will be shown common errors that people make, and then learn how to program more robustly. You will apply tips and best practices to help you improve your programming style and help you to avoid common problems like buffer overflows, which may or may not cause security problems.

Enroll now

What's inside

Syllabus

Users, Privileges, and Environment Variables
In this module, you will be able to manage users and privileges when you run programs or sub-programs. You will be able to identify and use the different types of privileges on a Linux (and UNIX-like) system. You'll be able to identify how program shells preserve environment settings. You will be able to examine how your shell (or other program that uses the PATH variable) deals with multiple versions of that variable.
Read more
Validation and Verification, Buffer and Numeric Overflows, and Input Injections
In this module, you will be able to breakdown how the process of checking inputs, known as validation and verification works. You will be able to avoid and buffer numeric overflows in your programs. You will be able to discover what happens when you call functions with parameters that cause overflows. And finally, you will be able to detect various input injections such as cross-site scripting and SQL injections and be able to describe the consequences of not examining input.
Files, Subprocesses, and Race Conditions
In this module, you will be able to describe how files and subprocesses interact and be able to create subprocesses and shell scripts. You will also be able to identify and prevent race conditions in your programs and practice cleaning out environments to make them safe for untrusted subprocesses.
Randomness, Cryptography, and Other Topics
In this module you will be able to distinguish between pseudo-randomness and actual randomness. You will be able to apply randomness in the coding environment and generate random numbers and look at their distribution. You'll be able to identify and describe how and why cryptography is used, as well as why you should use trusted cryptography code libraries instead of crafting your own solution. You will be able to analyze and consider best practices for handling sensitive information, passwords, crypto keys, how to handle errors in security sensitive programs, and how to defend against string attacks. You will be able to hash a password and then try to guess another one. You will be able to practice cleaning out environments to make them safe for untrusted subprocesses, as well as practice handling integer overflow.

Good to know

Know what's good
, what to watch for
, and possible dealbreakers
Teaches methods to secure C++ programming code
Explores common errors in C++ programming and techniques to avoid them
Emphasizes validation and verification to prevent security vulnerabilities
Covers cryptography, randomness, and string attacks
Suitable for learners with foundational knowledge in secure coding practices
Prerequisites include knowledge of C++ and secure coding practices

Save this course

Save Identifying Security Vulnerabilities in C/C++Programming to your list so you can find it easily later:
Save

Reviews summary

Security vulnerabilities in c/c++: conceptual overview

learners say this course provides conceptual information about security vulnerabilities in C/C++ programming. While some students say that the course is good and well-presented, others say that the examples provided are too small, and the instructor sometimes assumes programming knowledge that not all students have. Overall, students say this course provides a basic overview of security vulnerabilities but could be improved with more practical content and examples.
Good information on security vulnerabilities.
"Good course with well presented information and good info on topics related to multi-threaded processing vulnerabilities, environment variables, file systems, cryptography, public/private key sharing, input injection, buffer overflows, validation, and permissions (all dealt with via a Linux backdrop)."
Instructor sometimes assumes programming knowledge that not all students have.
"they dont provide code or example codes..... while he mentioned some functions you might need to avoid or you can use instead , it gives you the feeling there might be more to it."
"there isn't a cheat sheet provided and I would love to see some sort of summary where you could always refer to the juice stuff to review instead of reading the whole video transcript."
"While its not really necessary to be a programmer its might be addressed to these, its all conceptual , and most of the time the professor assumes you know how to do things"
Could be improved with better examples and deep dives into various scenarios for each topic.
"the coding examples were usually small and not particularly practical."
"This course would be greatly improved with better examples and deep dives into various scenarios for each topic."
More practical examples and less conceptual info needed.
"Need more programtic way"
"Practical demos could have added more fun to this course."
"This course has very minimal code."

Activities

Be better prepared before your course. Deepen your understanding during and after it. Supplement your coursework and achieve mastery of the topics covered in Identifying Security Vulnerabilities in C/C++Programming with these activities:
Review C++ programming concepts
Refreshing C++ fundamentals will provide a solid foundation for the course.
Browse courses on C++
Show steps
  • Review basic syntax, data types, and control flow.
  • Practice writing simple C++ programs.
Read "Secure Coding: Principles and Practices"
This book provides a comprehensive overview of secure coding principles and best practices.
Show steps
  • Read each chapter thoroughly.
  • Take notes and highlight important concepts.
  • Complete the exercises and review the solutions.
Watch tutorials on input sanitization
Following tutorials will provide additional guidance on preventing input-based vulnerabilities.
Browse courses on Validation
Show steps
  • Search for reputable tutorials on input sanitization.
  • Watch the tutorials and take notes on key techniques.
  • Apply the techniques in your own code.
Four other activities
Expand to see all activities and additional details
Show all seven activities
Practice buffer and numeric overflow examples
Practicing examples will help solidify your understanding of these vulnerabilities.
Browse courses on Buffer Overflows
Show steps
  • Review the examples provided in the course materials.
  • Implement example problems on your own without looking at solutions.
  • Compare your solutions to provided answers to identify any errors.
Create a program that validates inputs
Creating a program will provide hands-on experience in implementing validation techniques.
Browse courses on Validation
Show steps
  • Design the program's input and output.
  • Implement input validation to ensure correct data types and values.
  • Test the program with various inputs to verify its functionality.
Analyze cryptography algorithms
Analyzing algorithms will deepen your understanding of their strengths and weaknesses.
Browse courses on Cryptography
Show steps
  • Choose several cryptography algorithms to analyze.
  • Implement each algorithm in a programming language.
  • Test the algorithms with various inputs to compare their performance.
  • Research the theoretical and practical aspects of the algorithms.
Contribute to a cryptography library
Contributing to open source will provide practical experience in implementing cryptography techniques.
Browse courses on Cryptography
Show steps
  • Identify a suitable cryptography library to contribute to.
  • Review the library's documentation and codebase.
  • Identify a specific area to contribute to, such as adding a new algorithm or improving existing code.
  • Implement your contribution and submit a pull request.
  • Collaborate with other developers to improve the library.

Career center

Learners who complete Identifying Security Vulnerabilities in C/C++Programming will develop knowledge and skills that may be useful to these careers:
Information Security Analyst
As an Information Security Analyst, you will be responsible for identifying, analyzing, and mitigating security risks to an organization's computer systems and networks. This course will improve your effectiveness in this role by helping you to identify and remediate security vulnerabilities in C++ code.
Penetration Tester
Penetration Testers assess the security of computer systems and networks by attempting to exploit vulnerabilities. This course will help you to develop the skills you need to be successful in this role, such as identifying and remediating security vulnerabilities in C++ code.
Malware Analyst
Malware Analysts investigate and analyze malware. This course will help you to develop the skills you need to be successful in this role, such as identifying and remediating security vulnerabilities in C++ code.
Security Architect
Security Architects design, implement, and manage an organization's security infrastructure. By taking this course, you can learn how to identify and remediate security vulnerabilities in C++ code, which will make you a more competitive candidate for this role.
Security Engineer
Security Engineers design, implement, and maintain security systems. This course will help you to develop the skills you need to be successful in this role, such as identifying and remediating security vulnerabilities in C++ code.
Security Consultant
Security Consultants provide advice and guidance to organizations on how to improve their security posture. This course will help you to develop the skills you need to be successful in this role, such as identifying and remediating security vulnerabilities in C++ code.
Security Analyst
Security Analysts investigate and analyze security incidents. This course will help you to develop the skills you need to be successful in this role, such as identifying and remediating security vulnerabilities in C++ code.
Software Engineer
Software Engineers are responsible for the design, development, and maintenance of software systems. This course covers several topics that are relevant to this role such as identifying and remediating security vulnerabilities, validation and verification, and randomness.
Systems Administrator
Systems Administrators are responsible for the maintenance and security of computer systems. This course will help you to identify and remediate security vulnerabilities in C++ code, a valuable skill for this role.
Web Developer
Web Developers design, create, and maintain websites. In this field, it is important to pay attention to security as there are many ways to leave a user vulnerable, which this course addresses by teaching you how to identify and remediate security vulnerabilities in C++ code.
Chief Information Security Officer
You will play a leading role in the development and implementation of security programs to safeguard the organization's data and systems. This course can help set you on the path to this position as you will learn how to identify and remediate security vulnerabilities, skills that are in high demand for CISOs.
Database Administrator
Database Administrators are responsible for the maintenance and security of databases. This course may be useful to you in this role as it will help you to identify and remediate security vulnerabilities in C++ code.
Network Administrator
Network Administrators are responsible for the maintenance and security of computer networks. This course may be useful to you in this role as it will help you to identify and remediate security vulnerabilities in C++ code.
Software Developer
Software Developers create and maintain software applications. This course may be useful to you in this role as it will help you to identify and remediate security vulnerabilities in C++ code.
Cybersecurity Engineer
Your day-to-day work will include designing, implementing, and maintaining security systems to protect an organization's networks and data. This course may be helpful to you in this role as it will help you to identify and remediate security vulnerabilities in C++ code.

Reading list

We've selected 13 books that we think will supplement your learning. Use these to develop background knowledge, enrich your coursework, and gain a deeper understanding of the topics covered in Identifying Security Vulnerabilities in C/C++Programming.
Provides a detailed guide to secure programming in C and C++, serving as a valuable reference and complement to the course materials.
Provides an overview of secure coding practices in C and C++ and supplement the materials offered in this course.
Provides a comprehensive overview of security issues in C++ and offers practical solutions that align with the topics covered in this course.
Provides detailed guidance on secure coding practices in C that complement and expand on the materials covered in this course.
Provides a detailed reference of the C standard library, serving as a valuable resource for understanding the underlying mechanisms discussed in this course.
Provides insights into reverse engineering techniques, complementing the topics covered in this course and enhancing the understanding of software security.
Provides a comprehensive overview of computer security principles and practices, offering a broader context for the topics covered in this course.
Provides a comprehensive overview of modern cryptography techniques and their applications, offering additional depth on a topic relevant to this course.
Provides an in-depth guide to advanced programming techniques in the UNIX environment, enhancing the understanding of topics covered in this course.
Delves into concurrency and multithreading in C++, expanding the knowledge gained in this course and providing additional insights.
Provides a comprehensive guide to C++ templates, offering additional depth on a topic relevant to this course.

Share

Help others find this course page by sharing it with your friends and followers:

Similar courses

Here are nine courses similar to Identifying Security Vulnerabilities in C/C++Programming.
Principles of Secure Coding
Most relevant
Secure Coding with C#
Most relevant
Secure Software Implementation for CSSLP®
Most relevant
Secure Coding Practices in Java Applications (Java SE 11...
Most relevant
Security for Artificial Intelligence Software and Services
Most relevant
Security and Auditing in Ethereum
Most relevant
PowerShell Functions for Security Analysis
Most relevant
Microsoft Azure DevOps Engineer: Implement a Secure and...
Secure Coding in Angular
Our mission

OpenCourser helps millions of learners each year. People visit us to learn workspace skills, ace their exams, and nurture their curiosity.

Our extensive catalog contains over 50,000 courses and twice as many books. Browse by search, by topic, or even by career interests. We'll match you to the right resources quickly.

Find this site helpful? Tell a friend about us.

Affiliate disclosure

We're supported by our community of learners. When you purchase or subscribe to courses and programs or purchase books, we may earn a commission from our partners.

Your purchases help us maintain our catalog and keep our servers humming without ads.

Thank you for supporting OpenCourser.

© 2016 - 2024 OpenCourser