This course builds upon the skills and coding practices learned in both Principles of Secure Coding and Identifying Security Vulnerabilities, courses one and two, in this specialization. This course uses the focusing technique that asks you to think about: “what to watch out for” and “where to look” to evaluate and ultimately remediate fragile C++ library code.



Identifying Security Vulnerabilities in C/C++Programming
This course is part of Secure Coding Practices Specialization

Instructor: Matthew Bishop, PhD
Access provided by SGCSRC
9,567 already enrolled
(80 reviews)
What you'll learn
- Apply “what to watch out for” and “where to look” to evaluate fragility of C++ library code. 
- Given a fragile C++ library, code a robust version. 
- Identify problems w/ privilege, trusted environments, input validation, files & sub-processes, resource mngmt, asynchronicity, & randomness in C/C++. 
- Remediate examples of problems that apply to C/C++ interactions with the programming environment. 
Skills you'll gain
Details to know

Add to your LinkedIn profile
8 assignments
See how employees at top companies are mastering in-demand skills

Build your subject-matter expertise
- Learn new concepts from industry experts
- Gain a foundational understanding of a subject or tool
- Develop job-relevant skills with hands-on projects
- Earn a shareable career certificate

There are 4 modules in this course
In this module, you will be able to manage users and privileges when you run programs or sub-programs. You will be able to identify and use the different types of privileges on a Linux (and UNIX-like) system. You'll be able to identify how program shells preserve environment settings. You will be able to examine how your shell (or other program that uses the PATH variable) deals with multiple versions of that variable.
What's included
17 videos4 readings2 assignments4 discussion prompts
In this module, you will be able to breakdown how the process of checking inputs, known as validation and verification works. You will be able to avoid and buffer numeric overflows in your programs. You will be able to discover what happens when you call functions with parameters that cause overflows. And finally, you will be able to detect various input injections such as cross-site scripting and SQL injections and be able to describe the consequences of not examining input.
What's included
17 videos2 readings2 assignments2 discussion prompts
In this module, you will be able to describe how files and subprocesses interact and be able to create subprocesses and shell scripts. You will also be able to identify and prevent race conditions in your programs and practice cleaning out environments to make them safe for untrusted subprocesses.
What's included
13 videos1 reading2 assignments1 discussion prompt
In this module you will be able to distinguish between pseudo-randomness and actual randomness. You will be able to apply randomness in the coding environment and generate random numbers and look at their distribution. You'll be able to identify and describe how and why cryptography is used, as well as why you should use trusted cryptography code libraries instead of crafting your own solution. You will be able to analyze and consider best practices for handling sensitive information, passwords, crypto keys, how to handle errors in security sensitive programs, and how to defend against string attacks. You will be able to hash a password and then try to guess another one. You will be able to practice cleaning out environments to make them safe for untrusted subprocesses, as well as practice handling integer overflow.
What's included
19 videos4 readings2 assignments5 discussion prompts
Earn a career certificate
Add this credential to your LinkedIn profile, resume, or CV. Share it on social media and in your performance review.
Instructor

Offered by
Why people choose Coursera for their career




Learner reviews
80 reviews
- 5 stars72.50% 
- 4 stars16.25% 
- 3 stars10% 
- 2 stars0% 
- 1 star1.25% 
Showing 3 of 80
Reviewed on Feb 22, 2021
I liked the course and the instructor is really nice. It could use more code. This course has very minimal code.
Reviewed on Nov 30, 2020
More code and Example would be good in this code, Example code for Discussion would be good for ideal reference
Reviewed on May 12, 2020
Practical demos could have added more fun to this course.
Explore more from Computer Science
 - Infosec 
 - University of California, Davis 
 - Infosec 
 - University of California, Santa Cruz 

