defdev courses
defdev courses
README
secdev courses
Java
JavaScript
Android
iOS
.NET
C/C++
Webapps in general
Testing courses
Mobile testing automation
Security test automation in CI/CD pipelines
Burp for developers
DevSecOps courses
Docker security
AWS security
Control courses
Assisted code-review lab
S-SDLC playbook
Library
Mobile security baseline
Hacking applications
Language specific
Java specific
.net/C# specific
JavaScript specific
C/C++ specific
Delivery
Main features
Agenda structure
Days and kits
Trainer formations
Course materials
Trainers
Glenn ten Cate
Marek Zachara
Péter Nyilasy
Riccardo ten Cate
Timur Khrotko
Zsombor Kovács
Powered by GitBook

C/C++ specific

Work in progress

The language specific module

Secure coding in C/C++

Developed by Marek Zachara

  • Major difference of C++ against other common technologies

  • C/C++ related code vulnerabilities

    • Buffer overflow

    • Memory management and pointers

    • String handling

    • Integer overflow

    • Multiple threads

    • Privilege management

    • Uninitialized variables

    • execve()

  • Library functions and returns

  • How to write a secure code?

  • Debugging tips & tricks

  • A look from the future (Rust, golang)

  • SEI CERT C++ Coding Standard

  • Cryptography in C/C++

Prerequisites

We assume that the developers attending this course:

  • are familiar with the C++ and with XOX;

  • understand the HTTP protocol, HTML and Javascript;

  • are familiar with basic security features of an enterprise application (authentication, authorization, the concept of a session);

  • have XOX framework and a suitable IDE installed on their laptop (labs desktop).

Previous
JavaScript specific
Next - Delivery
Main features
Last updated Mon Feb 04 2019 00:18:04 GMT+0000 (UTC)
Edit on GitHub
Contents
The language specific module
Secure coding in C/C++
Prerequisites