Code Review

Course Group: 
Cyber Security

This 5 day course will look at reviewing C/C++ code for security issues. The course is heavily based around practical auditing of actual C/C++ programs. Common coding bugs will be identified in set lectures and then students will apply the theory by reviewing real programs and identifying vulnerabilities. In addition to manual code review, automated means of vulnerability discovery will be briefly discussed, including fuzz testing and static analysis.

The Learning outcomes of the course will be an improved ability to audit C code and discover vulnerabilities, an understanding of secure development, and automation techniques to secure code and identify bugs.

Who Should Attend

Course Outline

Presenter Information

Dates & Registration

Duration: 5 Days

Delivery Mode: Classroom

Locations: Canberra


What you will receive

  • Comprehensive set of course notes
  • UNSW Canberra certificate of attendance
  • Morning tea, lunch and afternoon tea

Who Should Attend?: 

This course is aimed at technical staff. It is suitable for vulnerability researchers looking to discover bugs in C/C++ software. It is equally suitable for software developers aiming to improve the security of their code.


Course Outline: 

 DAY ONE

  1. Review of the C/C++ Programming Language
  2. Vulnerability Discovery
    1. Dynamic Program Analysis
    2. Reverse Engineering
    3. Fuzz Testing
    4. Static Analysis

DAY TWO, THREE

  1. C/C++ Bug Patterns
    1. Integers and Floating Point Arithmetic
    2. Strings and Buffers
    3. Logic Bugs
    4. Command Injection
    5. Race Conditions
    6. Privilege Management
    7. Practical Activities
      1. Code Review of Real World Linux C Programs

DAY FOUR

  1. Open Source OS Kernel Auditing
    1. Device Drivers
    2. User/Kernel Buffer Copying
    3. File Systems
    4. System Calls
    5. Practical Activities
      1. Code Review of Real World Linux and BSD Kernels

DAY FIVE

  1. Automating Code Review with Coccinelle
  2. Secure Coding

 

 


 

Presenter Information

DR SILVIO CESARE

Dr Silvio Cesare is the Director of Education - Cyber Security at UNSW Canberra @ ADFA. In his role, he oversees the quality of content and delivery in cyber education from undergraduates to postgraduates and professional courses. He has worked extensively in industry over a span of 20 years, including technical roles in offense and defense. In vulnerability research he has identified numerous security related bugs in applications and OS kernels. Additionally, he has presented internationally on his research and tool development in automated vulnerability discovery in embedded library detection and static analysis across Linux distributions. Previously, he commercialized his Ph.D. research on malware variant detection. Additionally, he was a lead C developer and scanner architect at Qualys - the world's leader in vulnerability assessment. He has over 430 academic citations on google scholar and has presented in industry, including 4 times at the Black Hat Briefings. He is the cofounder of BSides Canberra - Australia's largest hacker conference, CSides, and InfoSect - Canberra's hackerspace. 

No dates? Or unable to attend dates shown? Submit an Expression of Interest below to be notified of upcoming courses.

 

COURSE AVAILABILITY