C and C++ secure coding (ARM)
Description
To put it bluntly, writing C/C++ code can be a minefield for reasons ranging from memory management or dealing with legacy code to sharp deadlines and code maintainability. Yet, beyond all that, what if we told you that attackers were trying to break into your code right now? How likely would they be to succeed?
This course will change the way you look at your C/C++ code. We'll teach you the common weaknesses and their consequences that can allow hackers to attack your system, and – more importantly – best practices you can apply to protect yourself. We give you a holistic view on C/C++ programming mistakes and their countermeasures from the machine code level to virtual functions and OS memory management. We present the entire course through live practical exercises to keep it engaging and fun.
Writing secure code will give you a distinct edge over your competitors. It is your choice to be ahead of the pack – take a step and be a game-changer in the fight against cybercrime.
Participants attending this course will
- Understand basic concepts of security, IT security and secure coding
- Realize the severe consequences of unsecure buffer handling
- Understand the architectural protection techniques and their weaknesses
- Have a practical understanding of cryptography
- Learn about XML security
- Learn about typical coding mistakes and how to avoid them
- Be informed about recent vulnerabilities in various platforms, frameworks and libraries
- Learn about denial of service attacks and protections
- Get sources and further readings on secure coding practices
Outline
- IT security and secure coding
- ARM machine code, memory layout and stack operations
- Buffer overflow
- Practical cryptography
- XML security
- Common coding errors and vulnerabilities
- Denial of service
- Principles of security and secure coding
- Knowledge sources
Course information
Preparedness
General C/C++ development
Exercises
Hands-on
Delivery methods
Onsite / Virtual classroom
Course reviews
Related courses
Bundle deal
Now Scademy offers a special course package. The AVATAO bundle deal is a value offer, for those who wish to practice what they have learned during the course. For an extra price, you will have access to a yearly AVATAO subscription. This online platform has over 500 secure coding challenges in various coding languages. Fore more information check AVATAO's website: avatao.com
Course registration
Table of contents
- Day 1
- Day 2
- Day 3
- IT security and secure coding
- Security Introduction
- Nature of security
- What is risk?
- IT security vs. secure coding
- Nature of security
- IT security and secure coding - From vulnerabilities to botnets and cybercrime
- Nature of security flaws
- From an infected computer to targeted attacks
- Nature of security flaws
- Classification of security flaws
- Classification of security flaws
- Landwehr's taxonomy
- The Seven Pernicious Kingdoms 1/2
- The Seven Pernicious Kingdoms 2/2
- Classification of security flaws
- Security Introduction
- ARM machine code, memory layout and stack operations
- ARM Processors
- ARM Processors - main registers
- ARM Processors - most important instructions
- ARM Processors - flags and condition fields
- ARM Processors - flags and condition fields
- ARM Processors - control instructions
- ARM Processors - stack handling instructions
- Understanding complex ARM instructions
- ARM Processors - main registers
- The function calling mechanism in ARM
- The local variables and the stack frame
- Function calls – prologue and epilogue of a function (ARM)
- Stack frame of nested calls
- Stack frame of recursive functions
- ARM Processors
- Buffer overflow
- Buffer overflow intro
- Buffer overflow intro
- Buffer overflow intro
- Stack overflow
- Buffer overflow on the stack
- Overwriting the return address
- Buffer overflow on the stack
- Buffer overflow intro
- Exercise: Cloud VM Intro
- Introduction
- Lab Guide
- Introduction
- Exercise: Cloud VM Intro
- Introduction
- Introduction
- Tools - 1/2
- Tools - 2/2
- Introduction to gdb
- Introduction to gdb 1/2
- Introduction to gdb
- Introduction to gdb
- QEMU
- Intro exercise
- Exercise: BOFIntro
- BOFIntro
- BOFIntro
- BOFIntro - determine the stack layout
- BOFIntro - a simple exploit
- BOFIntro
- BOFShellcode
- Exploiting stack overflow - injecting malicious code
- BOFShellcode
- Exploiting stack overflow - injecting malicious code
- Exercise: BOFShellcode
- BOFShellcode
- BOFShellcode
- BOFShellcode
- BOFShellcode
- BOFShellcode
- BOFShellcode
- Buffer Overflow in Rust
- Buffer Overflows in Rust
- Compile time checks
- Runtime checks
- Buffer Overflows in Rust
- Buffer Overflow in Rust
- Protection against stack overflow
- Specific protection methods
- Protection methods at different layers
- The protection matrix of software security
- Specific protection methods
- Stack overflow - Prevention (during development)
- Stack overflow - Prevention (during development)
- Stack overflow - Prevention (during development)
- Stack overflow - Prevention (during development)
- std::string
- The protection matrix of software security
- Stack overflow - Detection (during execution)
- Fortify compiler option
- Fortify compiler option (FORTIFY_SOURCE)
- Fortify compiler option (FORTIFY_SOURCE)
- Exercise: BOFShellcode Using the Fortify compiler option
- BOFShellcode Using the Fortify compiler option
- BOFShellcode Using the Fortify compiler option
- Stack smashing protection
- Stack smashing protection variants
- Stack smashing protection variants
- Stack smashing protection variants
- Exercise: BOFShellcode Stack smashing protection
- BOFShellcode Stack smashing protection
- Stack smashing protection
- BOFShellcode Stack smashing protection
- Effects of stack smashing protection - prologue
- Effects of stack smashing protection - epilogue
- Overwriting arguments - Mitigation
- Bypassing stack smashing protection - an example
- The protection matrix of software security
- Stack overflow - Anti-exploit techniques
- Stack overflow - Anti-exploit techniques
- Address Space Layout Randomization (ASLR)
- Randomization with ASLR
- Address Space Layout Randomization (ASLR)
- Software ASLR
- Practical weaknesses and limitations to ASLR
- Randomization with ASLR
- Exercise: BOFShellcode Address Space Layout Randomization
- Using ASLR - 1/2
- Using ASLR - 2/2
- Using ASLR - 1/2
- Circumventing ASLR: NOP sledding
- Non executable memory areas - The NX bit
- Access control on memory segments
- The Never eXecute (NX) bit
- Access control on memory segments
- Exercise: BOFShellcode Enforcing NX memory segments
- Enforcing non-executable memory segments
- Enforcing non-executable memory segments
- Enforcing non-executable memory segments
- Exercise: BOFShellcode Turning on all compiler protections
- BOFShellcode - Turning on all compiler protections
- BOFShellcode - Turning on all compiler protections
- Summary of Buffer Overflow protections
- Summary of compiler options
- Summary of compiler options
- The protection matrix of software security
- Summary of compiler options
- Rust compiler flags
- Compiler flags
- Compiler flags
- Unsafe
- Unsafe
- Unsafe
- Unsafe
- Buffer overflow
- Return-to-libc attack – Circumventing the NX bit protection
- Circumventing memory execution protection
- Return-to-libc attack
- Circumventing memory execution protection
- Return oriented programming (ROP)
- Return-to-libc attack in ARM
- Return-to-libc attack in ARM
- Return-to-libc attack in ARM
- Return-to-libc attack in ARM
- Return-to-libc attack in ARM
- Return-to-libc attack in ARM
- Return-to-libc attack in ARM
- Return-to-libc attack in ARM
- Return-to-libc attack in ARM
- Return-to-libc attack in ARM
- ROP gadget - Register fill with constants
- ROP gadget – Memory write
- Combining the ROP gadgets
- Real ROP attack scenarios
- Return oriented programming (ROP) - ROP mitigation
- Mitigation techniques of ROP attack
- Mitigation techniques of ROP attack
- Mitigation techniques of ROP attack
- Heap Overflow
- Heap Overflow
- Memory allocation managed by a doubly-linked list
- Buffer overflow on the heap
- Steps of freeing and joining memory blocks
- Freeing allocated memory blocks
- Heap Overflow
- Case study - Heartbleed
- TLS heartbeat Extension
- Heartbleed - information leakage in OpenSSL
- Heartbleed – fix in v1.0.1g
- Protection against heap overflow
- Return-to-libc attack – Circumventing the NX bit protection
- C++ examples
- Undefined and unspecified behavior
- Undefined behavior
- Unspecified behavior
- Unspecified behavior
- Undefined behavior
- Undefined Behavior
- Smart Pointers
- RAII
- Smart Pointers
- Let's write our own RAII wrapper
- Let's write our own RAII wrapper
- RAII wrapper
- Smart pointers – exclusive ownership
- Smart pointers
- std::make_unique
(...) - Smart Pointers
- Shared ownership
- std::shared_ptr's control block
- RAII
- Exercise: Smart Pointersstd::shared_ptr internals
- std::shared_ptr internals
- std::shared_ptr internals
- std::shared_ptr internals
- std::shared_ptr internals
- std::shared_ptr internals
- std::shared_ptr
- std::shared_ptr
- Borrow checker to avoid pointer “hell”
- RAII in Rust
- RAII example explained
- Smart Pointer - What is worse than leaking the memory?
- Leaking memory
- Fixed
- Leaking memory
- Fixed
- Leaking memory
- Fixed
- Related smart pointers
- Summary
- Leaking memory
- Object lifetime management
- Manually managing object lifetime
- Object lifetime management
- Object lifetime management
- Manually managing object lifetime
- Exercise: Object lifetime managamentManual Lifetime management
- Manual Lifetime management
- Manual Lifetime management
- Manual Lifetime management
- Summary
- Container Iteration
- Vector basics
- Container Iteration
- Vector basics
- Exercise: Container Iteration
- Container Iteration
- Container Iteration
- Summary
- Container Iteration
- Random Number Generators - How can you generate random numbers?
- Generating random numbers
- Generating random numbers
- Random Number Generators - What happens if the random number is weak or not strong enough?
- PlayStation 3
- Java nonce collision
- Microsoft Windows 2000/XP random number generator
- PlayStation 3
- Random Number Generators - Pseudorandom Number Generators (PRNG)
- PRNGs in a nutshell
- Random number engines
- PRNGs 1
- PRNGs 2
- PRNGs in a nutshell
- Exercise: Random Number Generators - Lottery Application
- Lottery Application 1
- Lottery Application 2
- Summary
- Lottery Application 1
- Undefined and unspecified behavior
- XML security
- XML injection
- Injection principles
- XML injection
- XML injection
- XML injection
- Injection principles
- Exercise: XML injection
- XML injection
- XML injection
- XML injection
- Protection through sanitization and XML validation
- XML parsing in C++
- XML injection - Abusing XML Entity
- XML Entity Introduction
- XML Entity Introduction
- XML bomb
- XML bomb
- XML bomb
- XML external entity attack (XXE) - resource inclusion
- Exercise: XXE attack
- XXE attack
- Preventing entity-related attacks
- XXE attack
- Case study - XXE in Google Toolbar
- Case study - XXE in Google Toolbar
- Case study - XXE in Google Toolbar
- Case study - XXE in Google Toolbar
- Common coding errors and vulnerabilities
- Improper error and exception handling
- Typical problems with error and exception handling
- Empty catch block
- Overly broad catch
- ErrorHandling
- Typical problems with error and exception handling
- Exercise: Error handling
- ErrorHandling
- ErrorHandling - Correct implementation
- ErrorHandling
- Code quality problems
- Dangers arising from poor code quaility
- Poor code quality
- Unreleased resources
- Type mismatch
- Dangers arising from poor code quaility
- Exercise: TypeMismatch
- TypeMismatch
- TypeMismatch
- Code quality problems - Memory allocation problems
- Smart pointers
- Zero length allocation
- Double free
- Mixing delete and delete[]
- Smart pointers
- Code quality problems - Use after free
- Use after free
- Use after free - Instance of a class
- Instance of a class
- Use after free - Dangling pointers
- Use after free
- Case study - WannaCry
- The WannaCry ransomware
- The WannaCry ransomware
- The vulnerability behind WannaCry
- From type mismatch to an exploitable heap overflow
- Lessons learned
- The WannaCry ransomware
- Strict ownership rules at compile time
- Strict ownership rules at compile time
- NULL pointer dereference
- NULL pointer dereference
- Improper error and exception handling
- Denial of service
- Introduction
- DoS introduction
- DoS introduction
- Asymmetric DoS
- Regular expression DoS (ReDoS)
- Regular expression DoS (ReDoS)
- Regular expression DoS (ReDoS)
- ReDoS
- ReDos in Stack Exchange
- ReDos in Stack Exchange
- ReDos in Stack Exchange
- ReDos in Stack Exchange
- Hashtable collision attack
- Using hashtables to store data
- Hashtable insert
- Hashtable insert
- Hashtable insert
- Hashtable collision
- Hashtable collision consequences
- Hashtable collision fixes
- Using hashtables to store data
- Introduction
- Common coding errors and vulnerabilities
- Input validation
- Input validation concepts
- Input validation concepts
- Input validation - Integer problems
- Representation of negative integers
- Representation of negative integers
- Integer ranges
- Integer overflow
- Integer problems in C/C++
- The integer promotion rule in C/C++
- Arithmetic overflow
- Input validation
- Arithmetic overflow - guess the output!
- IntOverflow
- IntOverflow
- What is the value of abs(INT_MIN)?
- Signedness bug
- Integer truncation
- Input validation - Integer problem - best practices
- Integer problem - best practices
- GCC trapv
- IntOverflow
- Avoiding arithmetic overflow - addition
- Avoiding arithmetic overflow - multiplication
- Dealing with signed/unsigned integer promotion in C
- Safe integer handling in C
- Safe integer handling in C++
- SafeInt example
- Integer problem - best practices
- Integer Overflow
- Integer Overflow in Rust
- Explicitly handling the overflows
- Integer Overflow in Rust
- Integer Overflow
- Case study - Android Stagefright
- Stagefright - a quick introduction
- Some Stagefright code examples
- Some Stagefright code examples
- Some Stagefright code examples
- Stagefright - a quick introduction
- Input validation - Printf format string bug
- Printf format string bug
- Printf format string bug
- Printf format string bug
- Printf format strings
- Printf format string bug - exploitation
- Exercise: Printf
- Printf
- Printf
- Printf
- Printf
- Input Validation - Printf format string problem - best practices
- Mitigation of Printf format string problem
- Printf with warnings
- Mitigation of Printf format string problem
- Print Macros in Rust
- print! macro
- print! macro
- println! macro
- Input validation - Some other input validation problems
- Array indexing
- Off-by-one and other null termination errors
- The Unicode bug
- Array indexing
- Input validation - Path traversal vulnerability
- Path traversal vulnerability
- Path traversal - weak protections
- Path traversal - best practices
- Path traversal vulnerability
- Input validation - Log forging
- Log forging
- Log forging
- Some other typical problems with log files
- Log forging
- Common coding errors and vulnerabilities - Improper use of security features
- Typical problems related to the use of security features
- Typical problems related to the use of security features
- Exercise: Weakness of hashed passwords
- Weakness of hashed passwords
- Weakness of hashed passwords
- Password management and storage
- Brute forcing
- Special purpose hash algorithms for password storage
- Password management
- Argon2 and PBKDF2 implementations in C/C++
- bcrypt and scrypt implementations in C/C++
- The Ashley Madison data breach
- The Ashley Madison data breach
- The loginkey token
- Revealing the passwords with brute forcing
- The Ashley Madison data breach
- Typical mistakes in password management
- Sensitive info in memory - minimize the attack surface
- Exercise: Hard coded passwords
- Hard coded password
- Hard coded password
- Improper use of security features - Sensitive information in memory
- Protecting secrets in memory
- Sensitive info in memory - minimize the attack surface
- Your secrets vs. dynamic memory
- Zeroisation
- Zeroisation vs. optimization
- Copies of sensitive data on disk
- Core dumps
- Disabling core dumps
- Swapping
- Memory locking - preventing swapping
- Problems with page locking
- Best practices
- Protecting secrets in memory
- Time and state problems
- Time and state related problems
- Serialization errors
- TOCTTOU examples
- Time and state related problems
- Exercise: TOCTTOU
- TOCTTOU 1/3
- TOCTTOU 1/3
- TOCTTOU 2/3
- TOCTTOU 3/3
- Best practices against TOCTTOU
- Best practices against TOCTTOU
- Best practices against TOCTTOU
- Principles of security and secure coding
- Principles of security and secure coding
- Matt Bishop's principles of robust programming
- Matt Bishop's principles of robust programming - I
- Matt Bishop's principles of robust programming - II
- The security principles of Saltzer and Schroeder
- The security principles of Saltzer and Schroeder - I
- The security principles of Saltzer and Schroeder - II
- The security principles of Saltzer and Schroeder - III
- The security principles of Saltzer and Schroeder - IV
- Matt Bishop's principles of robust programming
- Principles of security and secure coding
- Rust in the industry
- Industry Adoption - Why?
- Government & Security Agencies Support
- Industry Adoption
- Vulnerabilities still exist in Rust
- Vulnerabilities still exist in Rust
- Vulnerabilities still exist in Rust
- RUSTSEC-2024-0377
- RUSTSEC-2024-0377 - Fix
- Industry Adoption - Why?
- Knowledge sources
- Knowledge sources
- Secure coding sources - a starter kit
- Secure coding sources - a starter kit
- Vulnerability databases
- Recommended books
- Knowledge sources