Introduction to C/C++ Secure Coding and Binary Security in Linux

Introduction

Compared to other technologies, C and C++ present unique and formidable challenges in the continuous process of writing and delivering high-quality code free from security vulnerabilities. The significant control developers have over memory management necessitates the responsibility to write code that effectively manages object lifecycles, buffers, and other aspects absent in languages with automatic memory management.

This hands-on course aims to introduce developers to the most critical mistakes encountered when writing C and C++ code and how to effectively mitigate them at both the language and operating system levels. Participants will also gain an understanding of the impact of such vulnerabilities, exploring how attackers exploit buffer overflows, integer flaws, and race conditions. The course is tailored for the Linux platform, as many attack and mitigation techniques are specific to the operating system.

Course Agenda

  • Buffer Overflows
    • Stack-based
    • Heap-based
    • Mitigation
  • Integer Security
    • Integer rules in C and C++
    • Vulnerabilities and mitigation
  • Format String Vulnerabilities
  • Linux File and I/O security
    • File attributes in Linux
    • TOCTOU vulnerabilities
    • Path resolution and dynamic library injection
    • Basics of Secure Network Programming
  • Basics of Static and Dynamic analysis and countermeasures

Ideal for

The course is technical, and the targeted participants are developers who use C and/or C++ daily but have no experience in binary security.

Prerequisites

Knowledge of Linux, C and/or C++ and their respective toolchains.
Participants should bring a laptop/notebook with a Linux installation and the standard build toolchain for Linux – gcc, gdb, as well as any IDE/tools they have preference for.

Certification

Upon successful completion, attendees will receive a certificate from ESI CEE.

Enroll today and empower yourself to build secure and resilient systems!

Request custom date here.

Skip to content