Training: Secure Coding in C and C++
AbstractSecure Coding in C and C++ provides practical advice on secure practices in C and C++ programming. Producing secure programs requires secure designs. However, even the best designs can lead to insecure programs if developers are unaware of the many security pitfalls inherent in C and C++ programming. This training provides a detailed explanation of common programming errors in C and C++ and describes how these errors can lead to code that is vulnerable to exploitation. The training concentrates on security issues intrinsic to the C and C++ programming languages and associated libraries. It does not emphasize security issues involving interactions with external systems such as databases and web servers, as these are rich topics on their own. The intent is that this training be useful to anyone involved in developing secure C and C++ programs regardless of the specific application.
TextSecure coding training is based on the text Secure Coding in C and C++ published by Addison-Wesley.
ImportanceSoftware Vulnerabilities are common and pervasive. As technology advances in to the most remote areas of our life, it is important to understand and learn from the past coding practices. Software companies are quickly recognizing the effect that vulnerabilities pose to the customer, and their own market success. Major software companies have begun to require that their software developers take courses specifically on secure coding practices.
AudienceThe Secure Coding in C and C++ training should be useful to anyone involved in the development or maintenance of software in C and C++.
AgendaThe one day tutorial consists of the following topics:
PrerequisitesThe Secure Coding in C and C++ training requires a basic to intermediate understanding of the C and C++ programming languages. It does not require an understanding of application security.
ExperienceThis training is usually delivered by Robert C. Seacord.
Robert is a senior vulnerability analyst at the CERT/Coordination Center (CERT/CC) at the Software Engineering Institute (SEI) in Pittsburgh, PA. Robert is the author of Secure Coding in C and C++ (Addison-Wesley, 2005) and coauthor of Building Systems from Commercial Components (Addison-Wesley, 2002) and Modernizing Legacy Systems (Addison-Wesley, 2003) as well as more than 40 papers on software security, component-based software engineering, Web-based system design, legacy-system modernization, component repositories and search engines, and user interface design and development.
Robert is part time faculty member at the University of Pittsburgh and Carnegie Mellon University where he has taught Software Engineering.
Robert started programming professionally for IBM in 1982, working in communications and operating system software, processor development, and software engineering. Robert also has worked at the X Consortium, where he developed and maintained code for the Common Desktop Environment and the X Window System. He also is actively involved in the JTC1/SC22/WG14 international standardization working group for the C programming language.
HistoryThe Secure Coding in C and C++ tutorial has been presented at:
Last updated September 13, 2007