Security testing C and C++ applications (SECT-CCA)

 

Course Overview

Your application written in C and C++ is tested functionally, so you are done, right? But did you consider feeding in incorrect values? 16Gbs of data? A null? An apostrophe? Negative numbers, or specifically -1 or -2^31? Because that’s what the bad guys will do – and the list is far from complete.

Testing for security needs a remarkable software security expertise and a healthy level of paranoia, and this is what this course provides: a strong emotional engagement by lots of hands-on labs and stories from real life.

A special focus is given to finding all discussed issues during testing, and an overview is provided on security testing methodology, techniques and tools.

So that you are prepared for the forces of the dark side.

So that nothing unexpected happens.

Nothing.

Who should attend

C/C++ developers and testers.

Prerequisites

General C/C++ development, testing and QA.

Course Objectives

  • Getting familiar with essential cyber security concepts
  • Understanding security testing methodology and approaches
  • Identify vulnerabilities and their consequences
  • Learn the security best practices in C and C++
  • Input validation approaches and principles
  • Getting familiar with security testing techniques and tools

Outline: Security testing C and C++ applications (SECT-CCA)

Day 1

  • Cyber security basics
    • What is security?
    • Threat and risk
    • Cyber security threat types – the CIA triad
    • Cyber security threat types – the STRIDE model
    • Consequences of insecure software
  • Memory management vulnerabilities
    • Assembly basics and calling conventions
    • Buffer overflow
    • Best practices and some typical mistakes

Day 2

  • Memory management hardening
    • Runtime protections
    • Security testing
    • Security testing methodology
  • Common software security weaknesses
    • Security features
      • Authentication
      • Password management

Day 3

  • Common software security weaknesses
    • Input validation
      • Input validation principles
      • What to validate – the attack surface
      • Where to validate – defense in depth
      • When to validate – validation vs transformations
      • Validation with regex
      • Injection
      • Integer handling problems
      • Files and streams
  • Security testing
    • Security testing techniques and tools
      • Code analysis
      • Dynamic analysis
  • Wrap up
    • Secure coding principles
    • And now what?

Prices & Delivery methods

Online Training

Duration
3 days

Price
  • US $ 2,250
Classroom Training

Duration
3 days

Price
  • United States: US $ 2,250

Click on town name or "Online Training" to book Schedule

This is an Instructor-Led Classroom course
This is a FLEX course, which is delivered simultaneously in two modalities. Choose to attend the Instructor-Led Online (ILO) virtual session or Instructor-Led Classroom (ILT) session.

Germany

Munich This is a FLEX course. Enroll
Online Training Time zone: Central European Time (CET) Enroll
Hamburg This is a FLEX course. Enroll
Online Training Time zone: Central European Summer Time (CEST) Enroll
Berlin This is a FLEX course. Enroll
Online Training Time zone: Central European Summer Time (CEST) Enroll
Frankfurt This is a FLEX course. Enroll
Online Training Time zone: Central European Time (CET) Enroll