University of California, Davis
Identifying Security Vulnerabilities in C/C++Programming
University of California, Davis

Identifying Security Vulnerabilities in C/C++Programming

Matthew Bishop, PhD

Instructor: Matthew Bishop, PhD

Access provided by ARS SCINet/AI-COE

9,567 already enrolled

Gain insight into a topic and learn the fundamentals.
4.6

(80 reviews)

Intermediate level
Some related experience required
2 weeks to complete
at 10 hours a week
Flexible schedule
Learn at your own pace
Gain insight into a topic and learn the fundamentals.
4.6

(80 reviews)

Intermediate level
Some related experience required
2 weeks to complete
at 10 hours a week
Flexible schedule
Learn at your own pace

What you'll learn

  • Apply “what to watch out for” and “where to look” to evaluate fragility of C++ library code.

  • Given a fragile C++ library, code a robust version.

  • Identify problems w/ privilege, trusted environments, input validation, files & sub-processes, resource mngmt, asynchronicity, & randomness in C/C++.

  • Remediate examples of problems that apply to C/C++ interactions with the programming environment.

Details to know

Shareable certificate

Add to your LinkedIn profile

Assessments

8 assignments

Taught in English

See how employees at top companies are mastering in-demand skills

 logos of Petrobras, TATA, Danone, Capgemini, P&G and L'Oreal

Build your subject-matter expertise

This course is part of the Secure Coding Practices Specialization
When you enroll in this course, you'll also be enrolled in this Specialization.
  • Learn new concepts from industry experts
  • Gain a foundational understanding of a subject or tool
  • Develop job-relevant skills with hands-on projects
  • Earn a shareable career certificate

There are 4 modules in this course

In this module, you will be able to manage users and privileges when you run programs or sub-programs. You will be able to identify and use the different types of privileges on a Linux (and UNIX-like) system. You'll be able to identify how program shells preserve environment settings. You will be able to examine how your shell (or other program that uses the PATH variable) deals with multiple versions of that variable.

What's included

17 videos4 readings2 assignments4 discussion prompts

In this module, you will be able to breakdown how the process of checking inputs, known as validation and verification works. You will be able to avoid and buffer numeric overflows in your programs. You will be able to discover what happens when you call functions with parameters that cause overflows. And finally, you will be able to detect various input injections such as cross-site scripting and SQL injections and be able to describe the consequences of not examining input.

What's included

17 videos2 readings2 assignments2 discussion prompts

In this module, you will be able to describe how files and subprocesses interact and be able to create subprocesses and shell scripts. You will also be able to identify and prevent race conditions in your programs and practice cleaning out environments to make them safe for untrusted subprocesses.

What's included

13 videos1 reading2 assignments1 discussion prompt

In this module you will be able to distinguish between pseudo-randomness and actual randomness. You will be able to apply randomness in the coding environment and generate random numbers and look at their distribution. You'll be able to identify and describe how and why cryptography is used, as well as why you should use trusted cryptography code libraries instead of crafting your own solution. You will be able to analyze and consider best practices for handling sensitive information, passwords, crypto keys, how to handle errors in security sensitive programs, and how to defend against string attacks. You will be able to hash a password and then try to guess another one. You will be able to practice cleaning out environments to make them safe for untrusted subprocesses, as well as practice handling integer overflow.

What's included

19 videos4 readings2 assignments5 discussion prompts

Earn a career certificate

Add this credential to your LinkedIn profile, resume, or CV. Share it on social media and in your performance review.

Instructor

Instructor ratings
4.8 (14 ratings)
Matthew Bishop, PhD
University of California, Davis
2 Courses27,912 learners

Offered by

Why people choose Coursera for their career

Felipe M.
Learner since 2018
"To be able to take courses at my own pace and rhythm has been an amazing experience. I can learn whenever it fits my schedule and mood."
Jennifer J.
Learner since 2020
"I directly applied the concepts and skills I learned from my courses to an exciting new project at work."
Larry W.
Learner since 2021
"When I need courses on topics that my university doesn't offer, Coursera is one of the best places to go."
Chaitanya A.
"Learning isn't just about being better at your job: it's so much more than that. Coursera allows me to learn without limits."

Learner reviews

4.6

80 reviews

  • 5 stars

    72.50%

  • 4 stars

    16.25%

  • 3 stars

    10%

  • 2 stars

    0%

  • 1 star

    1.25%

Showing 3 of 80

BB
5

Reviewed on Feb 22, 2021

VP
4

Reviewed on Nov 30, 2020

RK
4

Reviewed on May 12, 2020

Explore more from Computer Science