C/C++ specific

Work in progress

The language specific module

Secure coding in C/C++

Developed by Marek Zachara

  • Major difference of C++ against other common technologies

  • C/C++ related code vulnerabilities

    • Buffer overflow

    • Memory management and pointers

    • String handling

    • Integer overflow

    • Multiple threads

    • Privilege management

    • Uninitialized variables

    • execve()

  • Library functions and returns

  • How to write a secure code?

  • Debugging tips & tricks

  • A look from the future (Rust, golang)

  • SEI CERT C++ Coding Standard

  • Cryptography in C/C++

Prerequisites

We assume that the developers attending this course:

  • are familiar with the C++ and with XOX;

  • understand the HTTP protocol, HTML and Javascript;

  • are familiar with basic security features of an enterprise application (authentication, authorization, the concept of a session);

  • have XOX framework and a suitable IDE installed on their laptop (labs desktop).