Defensive Coding for C/C++


Overview/Description
Target Audience
Prerequisites
Expected Duration
Lesson Objectives
Course Number
Expertise Level


Overview/Description
Defensive programming is a methodology for writing code that is not prone to present or future errors potentially caused by unexpected user inputs or actions. In this course, you will explore common risks to C/C++, how to defend against common attacks, the best way to deal with user input, and finally, you'll explore some best practices for creating defendable code.

Target Audience
Developers seeking an introductory guide to developing efficient, secure applications that are defendable against a variety of issues

Prerequisites
None

Expected Duration (hours)
1.6

Lesson Objectives

Defensive Coding for C/C++

  • start the course
  • list potential risks to C/C++ UI applications
  • describe what buffer overflows are and their impact
  • identify how to prevent buffer overflows
  • describe what code injection attacks are
  • describe how to mitigate injection attacks in C/C++ applications
  • identify how to prevent format string vulnerabilities in C/C++ applications
  • recognize how to prevent Dynamic Link Library or DLL hijacking in C/C++ applications
  • use exceptions in C/C++ applications
  • specify how to deal with bad data in your C/C++ applications
  • how to use regular expressions to help in input validation
  • recognize how to constrain user input to prevent bad data input
  • recognize how to properly interface with data in C/C++
  • demonstrate some common data validation techniques employed to create secure C/C++ applications
  • identify why casting in the C++ style is preferred to the C style
  • recognize how to properly use operator overloading in C/C++
  • identify the correct way to access internal class data
  • describe why for loops are preferred to while loops
  • recognize how to keep functions focused and concise
  • identify the best way to use references and pointers and why you should avoid raw pointers
  • describe the top secure coding practices for C/C++
  • recognize the importance of good readability for planning and maintaining code
  • use defensive coding techniques to create a secure C/C++ application

    • Course Number:
    sd_dpcc_a02_it_enus

    Expertise Level
    Intermediate