Code Review

Course Group: 
Cyber Security

This 5 day course will look at reviewing C/C++ code for security issues. The course is heavily based around practical auditing of actual C/C++ programs. Common coding bugs will be identified in set lectures and then students will apply the theory by reviewing real programs and identifying vulnerabilities. In addition to manual code review, automated means of vulnerability discovery will be briefly discussed, including fuzz testing and static analysis.

The Learning outcomes of the course will be an improved ability to audit C code and discover vulnerabilities, an understanding of secure development, and automation techniques to secure code and identify bugs.

Who Should Attend

Course Outline

Presenter Information

Dates & Registration

Duration: 5 Days

Delivery Mode: Classroom

Locations: Canberra


What you will receive

  • Comprehensive set of course notes
  • UNSW Canberra certificate of attendance
  • Morning tea, lunch and afternoon tea

Who Should Attend?: 

This course is aimed at technical staff. It is suitable for vulnerability researchers looking to discover bugs in C/C++ software. It is equally suitable for software developers aiming to improve the security of their code.


Course Outline: 

 DAY ONE

  1. Review of the C/C++ Programming Language
  2. Vulnerability Discovery
    1. Dynamic Program Analysis
    2. Reverse Engineering
    3. Fuzz Testing
    4. Static Analysis

DAY TWO, THREE

  1. C/C++ Bug Patterns
    1. Integers and Floating Point Arithmetic
    2. Strings and Buffers
    3. Logic Bugs
    4. Command Injection
    5. Race Conditions
    6. Privilege Management
    7. Practical Activities
      1. Code Review of Real World Linux C Programs

DAY FOUR

  1. Open Source OS Kernel Auditing
    1. Device Drivers
    2. User/Kernel Buffer Copying
    3. File Systems
    4. System Calls
    5. Practical Activities
      1. Code Review of Real World Linux and BSD Kernels

DAY FIVE

  1. Automating Code Review with Coccinelle
  2. Secure Coding

 

 


 

No dates? Or unable to attend dates shown? Submit an Expression of Interest below to be notified of upcoming courses.

 

COURSE AVAILABILITY

CANBERRA
24 June 2019 - 28 June 2019