July 25, 2016

Secure C 101

This lecture covers what you absolutely need to know about secure coding in C, because C is everywhere. We begin by presenting and discussing the prevalence of serious, exploitable vulnerabilities in programming textbooks, that are otherwise presented as "safe". We then begin by discussing classic string related vulnerabilities (unsafe functions, overflows, null termination errors, character encoding vulnerabilities and more); a review of pointers and pointer exploitation, including Global Offset Table (GOT) targeting, .dtors targeting, unsafe linked lists, integer vulnerabilities and nuances (integer overflow, underflow, signing errors, casting errors and more); and finally integer promotion rules. Several quiz examples are presented throughout each topic in the lecture.

[ Slides ] [ Discussion Thread ]

Interested in having your homework graded? Contact us to learn about grading options. The release schedule for this course is available here.

No comments:

Post a Comment

Note: Please keep comments academic in nature.