Kurs i Microsoft .NET 4.5 og Visual Studio 2012

Glasspaper er en komplett
kurs-leverandør for utviklere!


C/C++ secure coding

Kursavgift: kr 14 900 | Varighet: 2 dager

Beskrivelse:

The training explains in details the mechanisms underlying typical C/C++ security relevant programming bugs – the common security vulnerabilities. The root causes of the problems are explained through a number of easy-to-understand source code examples, which at the same time make clear how to find and correct these problems in practice. The real strength of the course lays in numerous hands-one exercises, which help the participants understand how easy it is to exploit these vulnerabilities by the attackers.




Målgruppe:

C/C++ developers, software architects and testers


Forkunnskaper:

Preparedness: Advanced C/C++


Innhold:

The course also gives an overview of practical protection methods that can be applied at different levels (hardware components, the operating system, programming languages, the compiler, the source code or in production) to prevent the occurrence of the various bugs, to detect them during development and before market launch, or to prevent their exploitation during system operation. Through exercises specially tailored to these mitigation techniques participants can learn how simple – and moreover cheap – it is to get rid of various security problems.

  • Common security vulnerabilities
    Buffer Overflow (BOF), stack and heap overflow; array indexing problems, the unicode bug; missing or improper input validation, integer problems, widthness bug, signedness bug, arithmetic overflow, Printf format string bug (PFS), Directory Traversal Vulnerability (DTV); improper use of security features, weak randomness, password management; error handling-related problems; race conditions, Time-of-Checking-to-Time-of-Usage (TOCTTOU) vulnerability, safe signal handling, and many more...

  • Mitigation techniques:
    Never eXecute (NX bit) access mode of Virtual Memory Management (VMM); Address Space Layout Randomization (ASLR) – PaX, ExecShield; Stack smashing protection (SSP), StackGuard, ProPolice...

  • Exercises:
    Sexploiting stack overflow – executing shell codes; applying protection techniques (stack smashing protection, non-executable stack and heap, ASLR); circumventing protections with NOP sleding, Return-to-libc attack, Return Oriented Programming (ROP); understanding integer problems; applying mitigation techniques; crafting a printf format attack string – write-what-where (WWW) possibilities; password management; problems of exception-based error handling; exploiting race conditions; and many spot- and-correct-the-bug exercises.




Epost mottat


Du er nå meldt på nyhetsbrevlisten

Epost mottat


Du er nå meldt på nyhetsbrevlisten

Mailen er sendt:

Ditt tips er registrert og sendt!
Vi håper snarlig å se deg på kurs hos oss!

Feilmelding:

OBS! Vi har problemer med å sende ditt tips!

Vi anbefaler deg å sjekke om du har skrevet inn en gyldig mailadresse.

Tips sjefen

Lyst til å delta på dette kurset, men må overbevise sjefen først?

Glasspaper har laget en tips funksjon, som gjør det enklere for deg å overbevise din sjef om at dette kurset er perfekt for deg.
Det eneste du trenger å gjøre er å fylle ut kontaktinformasjon, så sender vi relevant informasjon om kurset rett til dine utvalgte kontaktpersoner.
Bruk gjerne funksjonen til å tipse venner og kollegaer om at dette er et nyttig kurs for dem





Kontakt oss

Business Manager Development

Henning Solberg

930 90 129

henning@glasspaper.no


Glasspaper er kåret til Årets Microsoft Kurspartner 2016 - 2015 - 2014 - 2013 - 2012 - 2011 - 2010 - 2008!