COD 812: Creating Secure Code - C/C++
Secure coding is the process of reducing the susceptibility of C/C++ code to vulnerabilities. This course gives developers an in-depth immersion into secure coding practices, with an emphasis on the security features and pitfalls of the C/C++ programming environment. It also introduces the concept of Threat Modeling, which is a highly regarded risk mitigation technique to secure development. To complement the knowledge and techniques presented, this course includes hands-on labs on implementing secure solutions in C/C++ and real-world examples of how to find, fix, and prevent vulnerabilities.
Upon completion of this course, participants will be able to:
- Understand the importance of application security in a business environment
- Recognize and remediate common C/C++ coding errors that lead to vulnerabilities
- Write defensive code that protects your application from common threats
- Understand the Threat Modeling process and its purpose in software development
- Understand how to interact with the operating system to further improve software security
Introduction to Software Security
This module provides an overview of the software security landscape and the benefits of integrating security into the software development lifecycle.
All applications are integrated into an operating system environment that determines many of the characteristics of the system and its security profile. This module describes security features and concerns for software security on Windows and *nix systems, and presents several secure coding principles that are operating system centric. Topics include access control, setting privileges, process creation, working with an external library, file operations and file permissions, secure socket handling, and IP spoofing.
Common Web Security Vulnerabilities
Knowing the most common vulnerabilities is the first step in preventing them from surfacing in your code. In this module, the most common vulnerabilities in web applications, their cause, and methods for remediation are presented. Additionally, the instructor will illustrate exploits, offending code, mitigation techniques that can be integrated into the development process.
Threat modeling is one of the most widely accepted mechanisms for creating secure code. This module introduces the threat modeling process, from information collection through risk analysis, presents details for each step, and provides practical examples. The STRIDE threat classification system and DREAD risk analysis system are demonstrated along with Threat Trees for use in threat analysis.
Secure Programming Best Practices
Disciplined coding methods are required to prevent the occurrence of vulnerabilities in your software. This module presents twelve significant defensive coding principles that if followed correctly, will reduce the frequency and risk of vulnerabilities. Each principle is presented in detail, along with practical examples and useful advice for the design and development processes.