Identifying Security Vulnerabilities in C/C++Programming

This course is part of Secure Coding Practices Specialization

Instructor: Matthew Bishop, PhD

Access provided by L4G Solutions Private Limited

9,718 already enrolled

4 modules

Gain insight into a topic and learn the fundamentals.

81 reviews

Intermediate level

Some related experience required

2 weeks to complete

at 10 hours a week

Flexible schedule

Learn at your own pace

4 modules

Gain insight into a topic and learn the fundamentals.

81 reviews

Intermediate level

Some related experience required

2 weeks to complete

at 10 hours a week

Flexible schedule

Learn at your own pace

What you'll learn

Apply “what to watch out for” and “where to look” to evaluate fragility of C++ library code.
Given a fragile C++ library, code a robust version.
Identify problems w/ privilege, trusted environments, input validation, files & sub-processes, resource mngmt, asynchronicity, & randomness in C/C++.
Remediate examples of problems that apply to C/C++ interactions with the programming environment.

Skills you'll gain

Tools you'll learn

Details to know

Shareable certificate

Add to your LinkedIn profile

Assessments

8 assignments

Taught in English

See how employees at top companies are mastering in-demand skills

Learn more about Coursera for Business

logos of Petrobras, TATA, Danone, Capgemini, P&G and L'Oreal

Build your subject-matter expertise

This course is part of the Secure Coding Practices Specialization

When you enroll in this course, you'll also be enrolled in this Specialization.

Learn new concepts from industry experts
Gain a foundational understanding of a subject or tool
Develop job-relevant skills with hands-on projects
Earn a shareable career certificate

There are 4 modules in this course

This course builds upon the skills and coding practices learned in both Principles of Secure Coding and Identifying Security Vulnerabilities, courses one and two, in this specialization. This course uses the focusing technique that asks you to think about: “what to watch out for” and “where to look” to evaluate and ultimately remediate fragile C++ library code.

The techniques you’ll be examining will make your programs perform accurately and be resistant to attempts to perform inaccurately. This is really what the term secure programming means. You will be shown common errors that people make, and then learn how to program more robustly. You will apply tips and best practices to help you improve your programming style and help you to avoid common problems like buffer overflows, which may or may not cause security problems.

In this module, you will be able to manage users and privileges when you run programs or sub-programs. You will be able to identify and use the different types of privileges on a Linux (and UNIX-like) system. You'll be able to identify how program shells preserve environment settings. You will be able to examine how your shell (or other program that uses the PATH variable) deals with multiple versions of that variable.

What's included

17 videos4 readings2 assignments4 discussion prompts

17 videos Total 107 minutes

Course Introduction 3 minutes
Module 1 Introduction 2 minutes
Users and Privileges Overview 7 minutes
Identifying Users and Changing Privileges 7 minutes
Spawning Subprocesses 8 minutes
Identifying Users Incorrectly 2 minutes
Establishing Users and Setting UIDs 9 minutes
Establishing Groups and GIDs 3 minutes
Establishing Privileges for Users and Groups 12 minutes
How Root Privileges Work 3 minutes
Lesson 1 Summary 2 minutes
Environment Variables Overview 3 minutes
Programming Explicitly 4 minutes
Addressing Various Attacks 17 minutes
Dynamic Loading and Associated Attacks 17 minutes
Programming Implicitly 3 minutes
The Moral of the Story 5 minutes

4 readings Total 35 minutes

A Note From UC Davis 10 minutes
Who Are You? - What is Going On? 10 minutes
Resetting the PATH - What is Going On? 10 minutes
Multiple PATH Environment Variables - What's Going On? 5 minutes

2 assignments Total 60 minutes

Module 1 Quiz 30 minutes
Module 1 Practice Quiz 30 minutes

4 discussion prompts Total 190 minutes

Learning Goals 10 minutes
Who Are You? (Suggested Activity) 60 minutes
Resetting the PATH (Suggested Activity) 60 minutes
Multiple PATH Environment Variables (Suggested Activity) 60 minutes

In this module, you will be able to breakdown how the process of checking inputs, known as validation and verification works. You will be able to avoid and buffer numeric overflows in your programs. You will be able to discover what happens when you call functions with parameters that cause overflows. And finally, you will be able to detect various input injections such as cross-site scripting and SQL injections and be able to describe the consequences of not examining input.

What's included

17 videos2 readings2 assignments2 discussion prompts

17 videos Total 162 minutes

Module 2 Introduction 2 minutes
Validation and Verification Overview 9 minutes
Metacharacters 11 minutes
The Heartbleed Bug and Other Exploits 21 minutes
Inputs 15 minutes
Fixes 7 minutes
Lesson 3 Summary 1 minute
Buffer Overflows Overview 3 minutes
Buffer Overflow Examples 19 minutes
Selective Buffer Overflow and Utilizing Canaries 17 minutes
Numeric Overflows Overview 7 minutes
Numeric Overflow Examples 9 minutes
Lesson 4 Summary 3 minutes
Input Injections Overview 2 minutes
Cross-Site Scripting Attacks 19 minutes
SQL Injections 11 minutes
Lesson 5 Summary 5 minutes

2 readings Total 20 minutes

Path Names - What's Going On? 10 minutes
Numeric and Buffer Overflows - What's Going On? 10 minutes

2 assignments Total 45 minutes

Module 2 Quiz 30 minutes
Module 2 Practice Quiz 15 minutes

2 discussion prompts Total 120 minutes

Path Names (Suggested Activity) 60 minutes
Numeric and Buffer Overflows (Suggested Activity) 60 minutes

In this module, you will be able to describe how files and subprocesses interact and be able to create subprocesses and shell scripts. You will also be able to identify and prevent race conditions in your programs and practice cleaning out environments to make them safe for untrusted subprocesses.

What's included

13 videos1 reading2 assignments1 discussion prompt

13 videos Total 80 minutes

Module 3 Introduction 2 minutes
Files and Subprocesses Overview 1 minute
Creating a Child Process 5 minutes
Subprocess Environment 10 minutes
Files and Subprocesses Design Tips 5 minutes
Lesson 6 Summary 2 minutes
Race Conditions Overview 8 minutes
A Classic Race Condition Example 10 minutes
Time of Check to Time of Use 12 minutes
Programming Condition 5 minutes
Environmental Condition 7 minutes
Race Conditions 7 minutes
Linux Locks and FreeBSD System Calls 4 minutes

1 reading Total 10 minutes

The Environmental Condition - What's Going On? 10 minutes

2 assignments Total 45 minutes

Module 3 Quiz 30 minutes
Module 3 Practice Quiz 15 minutes

1 discussion prompt Total 60 minutes

The Environmental Condition (Suggested Activity) 60 minutes

In this module you will be able to distinguish between pseudo-randomness and actual randomness. You will be able to apply randomness in the coding environment and generate random numbers and look at their distribution. You'll be able to identify and describe how and why cryptography is used, as well as why you should use trusted cryptography code libraries instead of crafting your own solution. You will be able to analyze and consider best practices for handling sensitive information, passwords, crypto keys, how to handle errors in security sensitive programs, and how to defend against string attacks. You will be able to hash a password and then try to guess another one. You will be able to practice cleaning out environments to make them safe for untrusted subprocesses, as well as practice handling integer overflow.

What's included

19 videos4 readings2 assignments5 discussion prompts

19 videos Total 97 minutes

Module 4 Introduction 3 minutes
Randomness and Cryptography Overview 2 minutes
Pseudorandom vs. Random 6 minutes
Producing Random Numbers 5 minutes
Sowing Seeds 12 minutes
Cryptography Basics 4 minutes
Using Cryptography for Secrecy and Integrity 9 minutes
Some Cryptography Examples 9 minutes
Lesson 8 Summary 2 minutes
Handling Sensitive Information and Errors and Formatting Strings Overview 1 minute
All About Passwords 8 minutes
Adding a Pinch of Salt 5 minutes
Managing Sensitive Data 4 minutes
Practice a Secure Function 8 minutes
Error Handling Part 1 5 minutes
Error Handling Part 2 6 minutes
Format Strings 5 minutes
Lesson 9 Summary 2 minutes
Course Summary 1 minute