When will I have access to the lectures and assignments?

To access the course materials, assignments and to earn a Certificate, you will need to purchase the Certificate experience when you enroll in a course. You can try a Free Trial instead, or apply for Financial Aid. The course may offer 'Full Course, No Certificate' instead. This option lets you see all course materials, submit required assessments, and get a final grade. This also means that you will not be able to purchase a Certificate experience.

What will I get if I subscribe to this Specialization?

When you enroll in the course, you get access to all of the courses in the Specialization, and you earn a certificate when you complete the work. Your electronic Certificate will be added to your Accomplishments page - from there, you can print your Certificate or add it to your LinkedIn profile.

Is financial aid available?

Yes. In select learning programs, you can apply for financial aid or a scholarship if you can’t afford the enrollment fee. If fin aid or scholarship is available for your learning program selection, you’ll find a link to apply on the description page.

Identifying Security Vulnerabilities in C/C++Programming

This course is part of Secure Coding Practices Specialization

Instructor: Matthew Bishop, PhD

9,799 already enrolled

Included with

Learn more

4 modules

Gain insight into a topic and learn the fundamentals.

81 reviews

Intermediate level

Some related experience required

2 weeks to complete

at 10 hours a week

Flexible schedule

Learn at your own pace

4 modules

Gain insight into a topic and learn the fundamentals.

81 reviews

Intermediate level

Some related experience required

2 weeks to complete

at 10 hours a week

Flexible schedule

Learn at your own pace

What you'll learn

Apply “what to watch out for” and “where to look” to evaluate fragility of C++ library code.
Given a fragile C++ library, code a robust version.
Identify problems w/ privilege, trusted environments, input validation, files & sub-processes, resource mngmt, asynchronicity, & randomness in C/C++.
Remediate examples of problems that apply to C/C++ interactions with the programming environment.

Skills you'll gain

Tools you'll learn

Details to know

Shareable certificate

Add to your LinkedIn profile

Assessments

8 assignments

Taught in English

91% of learners achieved a positive career outcome

See how employees at top companies are mastering in-demand skills

Learn more about Coursera for Business

logos of Petrobras, TATA, Danone, Capgemini, P&G and L'Oreal

Build your subject-matter expertise

This course is part of the Secure Coding Practices Specialization

When you enroll in this course, you'll also be enrolled in this Specialization.

Learn new concepts from industry experts
Gain a foundational understanding of a subject or tool
Develop job-relevant skills with hands-on projects
Earn a shareable career certificate

There are 4 modules in this course

This course builds upon the skills and coding practices learned in both Principles of Secure Coding and Identifying Security Vulnerabilities, courses one and two, in this specialization. This course uses the focusing technique that asks you to think about: “what to watch out for” and “where to look” to evaluate and ultimately remediate fragile C++ library code.

The techniques you’ll be examining will make your programs perform accurately and be resistant to attempts to perform inaccurately. This is really what the term secure programming means. You will be shown common errors that people make, and then learn how to program more robustly. You will apply tips and best practices to help you improve your programming style and help you to avoid common problems like buffer overflows, which may or may not cause security problems.

Module details

In this module, you will be able to manage users and privileges when you run programs or sub-programs. You will be able to identify and use the different types of privileges on a Linux (and UNIX-like) system. You'll be able to identify how program shells preserve environment settings. You will be able to examine how your shell (or other program that uses the PATH variable) deals with multiple versions of that variable.

What's included

17 videos4 readings2 assignments4 discussion prompts

17 videosTotal 107 minutes

Course Introduction3 minutes
Module 1 Introduction2 minutes
Users and Privileges Overview7 minutes
Identifying Users and Changing Privileges7 minutes
Spawning Subprocesses8 minutes
Identifying Users Incorrectly2 minutes
Establishing Users and Setting UIDs9 minutes
Establishing Groups and GIDs3 minutes
Establishing Privileges for Users and Groups12 minutes
How Root Privileges Work3 minutes
Lesson 1 Summary2 minutes
Environment Variables Overview3 minutes
Programming Explicitly4 minutes
Addressing Various Attacks17 minutes
Dynamic Loading and Associated Attacks17 minutes
Programming Implicitly3 minutes
The Moral of the Story5 minutes

4 readingsTotal 35 minutes

A Note From UC Davis10 minutes
Who Are You? - What is Going On?10 minutes
Resetting the PATH - What is Going On?10 minutes
Multiple PATH Environment Variables - What's Going On?5 minutes

2 assignmentsTotal 60 minutes

Module 1 Quiz30 minutes
Module 1 Practice Quiz30 minutes

4 discussion promptsTotal 190 minutes

Learning Goals10 minutes
Who Are You? (Suggested Activity)60 minutes
Resetting the PATH (Suggested Activity)60 minutes
Multiple PATH Environment Variables (Suggested Activity)60 minutes

In this module, you will be able to breakdown how the process of checking inputs, known as validation and verification works. You will be able to avoid and buffer numeric overflows in your programs. You will be able to discover what happens when you call functions with parameters that cause overflows. And finally, you will be able to detect various input injections such as cross-site scripting and SQL injections and be able to describe the consequences of not examining input.

What's included

17 videos2 readings2 assignments2 discussion prompts

17 videosTotal 162 minutes

Module 2 Introduction2 minutes
Validation and Verification Overview9 minutes
Metacharacters11 minutes
The Heartbleed Bug and Other Exploits21 minutes
Inputs15 minutes
Fixes7 minutes
Lesson 3 Summary1 minute
Buffer Overflows Overview3 minutes
Buffer Overflow Examples19 minutes
Selective Buffer Overflow and Utilizing Canaries17 minutes
Numeric Overflows Overview7 minutes
Numeric Overflow Examples9 minutes
Lesson 4 Summary3 minutes
Input Injections Overview2 minutes
Cross-Site Scripting Attacks19 minutes
SQL Injections11 minutes
Lesson 5 Summary5 minutes

2 readingsTotal 20 minutes

Path Names - What's Going On?10 minutes
Numeric and Buffer Overflows - What's Going On?10 minutes

2 assignmentsTotal 45 minutes

Module 2 Quiz30 minutes
Module 2 Practice Quiz15 minutes

2 discussion promptsTotal 120 minutes

Path Names (Suggested Activity)60 minutes
Numeric and Buffer Overflows (Suggested Activity)60 minutes

In this module, you will be able to describe how files and subprocesses interact and be able to create subprocesses and shell scripts. You will also be able to identify and prevent race conditions in your programs and practice cleaning out environments to make them safe for untrusted subprocesses.

What's included

13 videos1 reading2 assignments1 discussion prompt

13 videosTotal 80 minutes

Module 3 Introduction2 minutes
Files and Subprocesses Overview1 minute
Creating a Child Process5 minutes
Subprocess Environment10 minutes
Files and Subprocesses Design Tips5 minutes
Lesson 6 Summary2 minutes
Race Conditions Overview8 minutes
A Classic Race Condition Example10 minutes
Time of Check to Time of Use12 minutes
Programming Condition5 minutes
Environmental Condition7 minutes
Race Conditions7 minutes
Linux Locks and FreeBSD System Calls4 minutes

1 readingTotal 10 minutes

The Environmental Condition - What's Going On?10 minutes

2 assignmentsTotal 45 minutes

Module 3 Quiz30 minutes
Module 3 Practice Quiz15 minutes

1 discussion promptTotal 60 minutes

The Environmental Condition (Suggested Activity)60 minutes

In this module you will be able to distinguish between pseudo-randomness and actual randomness. You will be able to apply randomness in the coding environment and generate random numbers and look at their distribution. You'll be able to identify and describe how and why cryptography is used, as well as why you should use trusted cryptography code libraries instead of crafting your own solution. You will be able to analyze and consider best practices for handling sensitive information, passwords, crypto keys, how to handle errors in security sensitive programs, and how to defend against string attacks. You will be able to hash a password and then try to guess another one. You will be able to practice cleaning out environments to make them safe for untrusted subprocesses, as well as practice handling integer overflow.

What's included

19 videos4 readings2 assignments5 discussion prompts

19 videosTotal 97 minutes

Module 4 Introduction3 minutes
Randomness and Cryptography Overview2 minutes
Pseudorandom vs. Random6 minutes
Producing Random Numbers5 minutes
Sowing Seeds12 minutes
Cryptography Basics4 minutes
Using Cryptography for Secrecy and Integrity9 minutes
Some Cryptography Examples9 minutes
Lesson 8 Summary2 minutes
Handling Sensitive Information and Errors and Formatting Strings Overview1 minute
All About Passwords8 minutes
Adding a Pinch of Salt5 minutes
Managing Sensitive Data4 minutes
Practice a Secure Function8 minutes
Error Handling Part 15 minutes
Error Handling Part 26 minutes
Format Strings5 minutes
Lesson 9 Summary2 minutes
Course Summary1 minute