Identifying Security Vulnerabilities in C/C++Programming

  • 4.6
Approx. 23 hours to complete
Save Course
Go to Course

Course Summary

Learn how to identify and fix security vulnerabilities in C programming with this comprehensive course. Explore common security issues and best practices for secure coding.

Key Learning Points

  • Understand common security vulnerabilities in C programming
  • Learn best practices for secure coding
  • Explore how to identify and fix security issues in C programming

Job Positions & Salaries of people who have taken this course might have

  • Security Engineer
    • USA: $96,000
    • India: ₹1,200,000
    • Spain: €53,000
  • Software Security Analyst
    • USA: $85,000
    • India: ₹900,000
    • Spain: €42,000
  • Application Security Consultant
    • USA: $110,000
    • India: ₹1,400,000
    • Spain: €65,000

Related Topics for further study


Learning Outcomes

  • Identify and fix security vulnerabilities in C programming
  • Implement best practices for secure coding
  • Understand common security issues in C programming

Prerequisites or good to have knowledge before taking this course

  • Basic knowledge of programming in C
  • Familiarity with software security concepts

Course Difficulty Level

Intermediate

Course Format

  • Online self-paced
  • Video lectures
  • Quizzes and assignments

Similar Courses

  • Secure Coding in C and C++
  • Web Application Security

Related Education Paths


Related Books

Description

This course builds upon the skills and coding practices learned in both Principles of Secure Coding and Identifying Security Vulnerabilities, courses one and two, in this specialization. This course uses the focusing technique that asks you to think about: “what to watch out for” and “where to look” to evaluate and ultimately remediate fragile C++ library code.

Knowledge

  • Apply “what to watch out for” and “where to look” to evaluate fragility of C++ library code.
  • Given a fragile C++ library, code a robust version.
  • Identify problems w/ privilege, trusted environments, input validation, files & sub-processes, resource mngmt, asynchronicity, & randomness in C/C++.
  • Remediate examples of problems that apply to C/C++ interactions with the programming environment.

Outline

  • Users, Privileges, and Environment Variables
  • Course Introduction
  • Module 1 Introduction
  • Users and Privileges Overview
  • Identifying Users and Changing Privileges
  • Spawning Subprocesses
  • Identifying Users Incorrectly
  • Establishing Users and Setting UIDs
  • Establishing Groups and GIDs
  • Establishing Privileges for Users and Groups
  • How Root Privileges Work
  • Lesson 1 Summary
  • Environment Variables Overview
  • Programming Explicitly
  • Addressing Various Attacks
  • Dynamic Loading and Associated Attacks
  • Programming Implicitly
  • The Moral of the Story
  • A Note From UC Davis
  • Who Are You? - What is Going On?
  • Resetting the PATH - What is Going On?
  • Multiple PATH Environment Variables - What's Going On?
  • Module 1 Practice Quiz
  • Module 1 Quiz

  • Validation and Verification, Buffer and Numeric Overflows, and Input Injections
  • Module 2 Introduction
  • Validation and Verification Overview
  • Metacharacters
  • The Heartbleed Bug and Other Exploits
  • Inputs
  • Fixes
  • Lesson 3 Summary
  • Buffer Overflows Overview
  • Buffer Overflow Examples
  • Selective Buffer Overflow and Utilizing Canaries
  • Numeric Overflows Overview
  • Numeric Overflow Examples
  • Lesson 4 Summary
  • Input Injections Overview
  • Cross-Site Scripting Attacks
  • SQL Injections
  • Lesson 5 Summary
  • Path Names - What's Going On?
  • Numeric and Buffer Overflows - What's Going On?
  • Module 2 Practice Quiz
  • Module 2 Quiz

  • Files, Subprocesses, and Race Conditions
  • Module 3 Introduction
  • Files and Subprocesses Overview
  • Creating a Child Process
  • Subprocess Environment
  • Files and Subprocesses Design Tips
  • Lesson 6 Summary
  • Race Conditions Overview
  • A Classic Race Condition Example
  • Time of Check to Time of Use
  • Programming Condition
  • Environmental Condition
  • Race Conditions
  • Linux Locks and FreeBSD System Calls
  • The Environmental Condition - What's Going On?
  • Module 3 Practice Quiz
  • Module 3 Quiz

  • Randomness, Cryptography, and Other Topics
  • Module 4 Introduction
  • Randomness and Cryptography Overview
  • Pseudorandom vs. Random
  • Producing Random Numbers
  • Sowing Seeds
  • Cryptography Basics
  • Using Cryptography for Secrecy and Integrity
  • Some Cryptography Examples
  • Lesson 8 Summary
  • Handling Sensitive Information and Errors and Formatting Strings Overview
  • All About Passwords
  • Adding a Pinch of Salt
  • Managing Sensitive Data
  • Practice a Secure Function
  • Error Handling Part 1
  • Error Handling Part 2
  • Format Strings
  • Lesson 9 Summary
  • Course Summary
  • (Pseudo) Random Numbers - What's Going On?
  • Hashing and Cracking Passwords - What's Going On?
  • A Safe system() Function - What's Going On?
  • Converting Strings to Integers - What's Going On?
  • Module 4 Practice Quiz
  • Module 4 Quiz

Summary of User Reviews

This course on identifying security vulnerabilities in C programming has received positive reviews from many users. It provides valuable and practical knowledge on detecting and addressing security issues in C programming.

Key Aspect Users Liked About This Course

The course offers hands-on exercises and real-life examples that help users apply what they learn in real-world scenarios.

Pros from User Reviews

  • Practical and relevant content
  • Easy to follow explanations
  • Helpful exercises and examples
  • Great instructors with extensive knowledge
  • Excellent preparation for real-world scenarios

Cons from User Reviews

  • Requires prior knowledge of C programming
  • Some sections may be too technical for beginners
  • Not enough emphasis on secure coding practices
  • Some users found the course to be too short
  • Lack of interactive elements in the course

Keywords

English
Available now
Approx. 23 hours to complete
Matthew Bishop, PhD
University of California, Davis
Coursera

Instructor

Matthew Bishop, PhD

  • 4.6 Raiting

Recommended for you

Recommended for you

see more

Complete Ethical Hacking & Cyber Security Masterclass Course

  • 4.4

In this complete ethical hacking & cyber security master class course you will learn ethical hacking from scratch Or maybe you have started but you just don't know how....

Save Course

Hacking Web Applications and Penetration Testing: Fast Start

  • 4.2

Learn main aspects of Ethical Web Hacking, Penetration Testing and prevent vulnerabilities with this course | Ethical Welcome to the "Ethical Hacking Web Applications and Penetration Testing: Fast Start!"...

Save Course

Software Security

  • 4.6

This course we will explore the foundations of software security. Students not familiar with these languages but with others can improve their skills through online web tutorials....

Save Course

Identifying Security Vulnerabilities in C/C++Programming

  • 4.6

This course builds upon the skills and coding practices learned in both Principles of Secure Coding and Identifying Security Vulnerabilities, courses one and two, in this specialization....

Save Course
Cancel
Add new list
0/60
0/360
Cancel
Delete list

Are you sure you want to delete this list? This action will cause all your notes inside the list to be lost

Cancel Delete
Delete Course

Are you sure you want to delete this course? This action will cause all your notes inside the course to be lost

Cancel Delete
Share
Cancel Copy
Saved Course list
Cancel
Get Course Update
Computer Courses