SEC520 - Cyber Secure Coding with C++

Course Description

Short Course | 18 hours | 1.8 CEUs | $2,295

Producing secure programs requires secure designs. The best software design can lead to insecure programs if developers are unaware of the security pitfalls inherent in programming. This three-day course provides a detailed explanation of common programming errors in C and C++ and describes how these errors can lead to code that is vulnerable to exploitation. This course will cover topics and techniques for development of secure C++ programs. Topics will range the gamut from high level security and risk concepts and design strategies to low-level memory access exploitation and injection attacks. General secure development approaches applicable to any language will be discussed, but the course will also focus on C++-specific techniques and pitfalls to avoid. Topics include string management, dynamic memory management, integer security, formatted output, and file I/O. 

This course is designed for a developer or architect who is looking for an understanding of today's best practices in secure software development 

Course Outline

• Introductory Topics and Principles of Security during the entire application lifecycle 
  • Security assumptions 
  • Thinking like an attacker 
  • Security is always a trade-off: Contemplating risk 
  • Principles of complexity and self-constraint 
  • Principle of segmentation 
  • Principle of least privilege 
  • Principle of trusted/untrusted code - Failing securely 
  • Layering security 
  • Design level attacks 
  • Implementation level attacks 
  • Deployment level attacks 
• Memory Access Errors
  • Principle: Bounded data sequences 
  • Stack overflow attacks 
  • Heap overflow attacks 
  • Array indexing attacks 
  • Format string attacks 
  • Unsafe vs. safe APIs (and standard-compliance issues) 
  • C++ safer alternatives to C-style pointer buffers 
  • Runtime checks (e.g., checked STL implementation) 
• Integer Overflows
  • Compiler safeguards and static checking tools 
  • Principle: Be explicit with numeric subranges 
  • Integer and floating point overflows 
  • Two's complement and signed vs. unsigned issues 
  • The danger of implicit casting rules 
  • Safe integer libraries 
  • Compiler safeguards 
• Input Validation and Injection Attatcks
  • Principle: Data vs. code and the importance of grammars 
  • Principle: Untrusted vs. trusted data 
  • Blacklist vs. whitelist approach 
  • Dangers in data type conversions 
  • Regular expression: sometimes helpful, sometimes dangerous 
  • Parser generators 
  • Escaping/Quoting data 
  • Attack scenario: SQL injection 
• Secure File Handling
  • Principle: Input validation (carryover) 
  • Filename canonicalization (incl. directory traversal & symbolic link attacks) 
  • Principle: Least privilege & self-constraint 
  • File permissions and ACLs 
  • Danger of shared directories 
  • Timing attacks and fsync 
  • Closing files when no longer needed 
  • Chroots and other process namespace restrictions 
• Cryptography in C/C++
  • Intro to cryptography: Actors, Communication & Secrets 
  • High-level crypto pieces: ciphers, public key crypto, hashes, HMACs, KDFs & PRNGs 
  • How NOT to use cryptography! 
  • The importance of good randomness sources 
  • Vetted, widely-used crypto protocols (e.g., transport, storage, etc.) 
  • Respected crypto libraries & tools 
  • Attack scenario: Weak homebrew encryption

Duration

Applies Towards the Following Certificates

• DevSecOps for Software Engineers and Architects Boeing Certificate : Choose 60 Hours
• Product Security Certificate Anti-Tamper Resistance Track : Electives