Writing a secure code is crucial. Because there is no direct method to handle the exception (no in-built try and catch such as in another high-level language like C#) in the C language, it becomes the responsibility of the C developer to become extra vigilant while writing code. This course begins with a detailed explanation of the overall security of any C application. Further, it provides insights on how to write better C code, particularly a secure code that prevents pitfalls commonly encountered in the C language.
This course shows you how to avoid vulnerabilities and security flaws resulting from the incorrect use of dynamic memory management functions. You will understand how to eliminate integer-related problems resulting from signed integer overflows, unsigned integer wrapping, and truncation errors.
Table of contents
Chapter 1: Introduction to C
Course Overview
Improving C Application Security
Developing Your First C Program
Identifying Common C Weaknesses
Chapter 2: Preventing Buffer Overflows, Stack-Smashing, and Return-Oriented Programming Attacks
Memory Allocation and the Stack
Buffer Overflow Vulnerabilities
Introduction to ROP
Chapter 3: Correctly Using Formatted Output Functions Without Introducing Format-String Vulnerabilities
Introduction to Format String Specifiers
Format String Vulnerabilities
Chapter 4: Securely Using Different Variable Types
Introduction to Variable Types and Typecasting
Integer Overflow Vulnerabilities
Integer Underflow Vulnerabilities
Chapter 5: Understanding Issues with Pointers
Introduction to Pointers
Potential Pointer Problems
Null Pointer Dereference
Misuse of Freed Pointers
Chapter 6: Performing Secure I/O and Avoiding File System Vulnerabilities
Managing User Input
Securely Performing I/O