Code Review
This 5 day course will look at reviewing C/C++ code for security issues. The course is heavily based around practical auditing of actual C/C++ programs. Common coding bugs will be identified in set lectures and then students will apply the theory by reviewing real programs and identifying vulnerabilities. In addition to manual code review, automated means of vulnerability discovery will be briefly discussed, including fuzz testing and static analysis.
The Learning outcomes of the course will be an improved ability to audit C code and discover vulnerabilities, an understanding of secure development, and automation techniques to secure code and identify bugs.
Duration: 5 Days
Delivery Mode: Classroom
Locations: Canberra
What you will receive
- Comprehensive set of course notes
- UNSW Canberra certificate of attendance
- Morning tea, lunch and afternoon tea
This course is aimed at technical staff. It is suitable for vulnerability researchers looking to discover bugs in C/C++ software. It is equally suitable for software developers aiming to improve the security of their code.
DAY ONE
- Review of the C/C++ Programming Language
- Vulnerability Discovery
- Dynamic Program Analysis
- Reverse Engineering
- Fuzz Testing
- Static Analysis
DAY TWO, THREE
- C/C++ Bug Patterns
- Integers and Floating Point Arithmetic
- Strings and Buffers
- Logic Bugs
- Command Injection
- Race Conditions
- Privilege Management
- Practical Activities
- Code Review of Real World Linux C Programs
DAY FOUR
- Open Source OS Kernel Auditing
- Device Drivers
- User/Kernel Buffer Copying
- File Systems
- System Calls
- Practical Activities
- Code Review of Real World Linux and BSD Kernels
DAY FIVE
- Automating Code Review with Coccinelle
- Secure Coding
No dates? Or unable to attend dates shown? Submit an Expression of Interest below to be notified of upcoming courses.
