This 5 day course will look at reviewing C/C++ code for security issues. The course is heavily based around practical auditing of actual C/C++ programs. Common coding bugs will be identified in set lectures and then students will apply the theory by reviewing real programs and identifying vulnerabilities. In addition to manual code review, automated means of vulnerability discovery will be briefly discussed, including fuzz testing and static analysis.
The Learning outcomes of the course will be an improved ability to audit C code and discover vulnerabilities, an understanding of secure development, and automation techniques to secure code and identify bugs.
Duration: 5 Days
Delivery Mode: Classroom
What you will receive
- Comprehensive set of course notes
- UNSW Canberra certificate of attendance
- Morning tea, lunch and afternoon tea
This course is aimed at technical staff. It is suitable for vulnerability researchers looking to discover bugs in C/C++ software. It is equally suitable for software developers aiming to improve the security of their code.
- Review of the C/C++ Programming Language
- Vulnerability Discovery
- Dynamic Program Analysis
- Reverse Engineering
- Fuzz Testing
- Static Analysis
DAY TWO, THREE
- C/C++ Bug Patterns
- Integers and Floating Point Arithmetic
- Strings and Buffers
- Logic Bugs
- Command Injection
- Race Conditions
- Privilege Management
- Practical Activities
- Code Review of Real World Linux C Programs
- Open Source OS Kernel Auditing
- Device Drivers
- User/Kernel Buffer Copying
- File Systems
- System Calls
- Practical Activities
- Code Review of Real World Linux and BSD Kernels
- Automating Code Review with Coccinelle
- Secure Coding
DR SILVIO CESARE
Dr Silvio Cesare is the Director of Education - Cyber Security at UNSW Canberra @ ADFA. In his role, he oversees the quality of content and delivery in cyber education from undergraduates to postgraduates and professional courses. He has worked extensively in industry over a span of 20 years, including technical roles in offense and defense. In vulnerability research he has identified numerous security related bugs in applications and OS kernels. Additionally, he has presented internationally on his research and tool development in automated vulnerability discovery in embedded library detection and static analysis across Linux distributions. Previously, he commercialized his Ph.D. research on malware variant detection. Additionally, he was a lead C developer and scanner architect at Qualys - the world's leader in vulnerability assessment. He has over 430 academic citations on google scholar and has presented in industry, including 4 times at the Black Hat Briefings. He is the cofounder of BSides Canberra - Australia's largest hacker conference, CSides, and InfoSect - Canberra's hackerspace.
No dates? Or unable to attend dates shown? Submit an Expression of Interest below to be notified of upcoming courses.