This course builds upon the skills and coding practices learned in both Principles of Secure Coding and Identifying Security Vulnerabilities, courses one and two, in this specialization. This course uses the focusing technique that asks you to think about: “what to watch out for” and “where to look” to evaluate and ultimately remediate fragile C++ library code.
本課程是 Secure Coding Practices 專項課程 專項課程的一部分
Identifying Security Vulnerabilities in C/C++Programming
11 個評分
提供方
課程信息
9,359 次近期查看
您將學到的內容有
Apply “what to watch out for” and “where to look” to evaluate fragility of C++ library code.
Given a fragile C++ library, code a robust version.
Identify problems w/ privilege, trusted environments, input validation, files & sub-processes, resource mngmt, asynchronicity, & randomness in C/C++.
Remediate examples of problems that apply to C/C++ interactions with the programming environment.
您將獲得的技能
Identifying vulernabilitiesC/C++ Programming
100% 在線
立即開始,按照自己的計劃學習。
第 3 門課程(共 4 門)
可靈活調整截止日期
根據您的日程表重置截止日期。
中級
完成時間大約為22 小時
英語(English)
字幕:英語(English)
教學大綱 - 您將從這門課程中學到什麼
完成時間為 6 小時
Users, Privileges, and Environment Variables
In this module, you will be able to manage users and privileges when you run programs or sub-programs. You will be able to identify and use the different types of privileges on a Linux (and UNIX-like) system. You'll be able to identify how program shells preserve environment settings. You will be able to examine how your shell (or other program that uses the PATH variable) deals with multiple versions of that variable.
完成時間為 6 小時
17 個視頻 (總計 107 分鐘), 4 個閱讀材料, 2 個測驗
17 個視頻
Module 1 Introduction2分鐘
Users and Privileges Overview7分鐘
Identifying Users and Changing Privileges7分鐘
Spawning Subprocesses8分鐘
Identifying Users Incorrectly1分鐘
Establishing Users and Setting UIDs8分鐘
Establishing Groups and GIDs3分鐘
Establishing Privileges for Users and Groups11分鐘
How Root Privileges Work3分鐘
Lesson 1 Summary1分鐘
Environment Variables Overview2分鐘
Programming Explicitly4分鐘
Addressing Various Attacks16分鐘
Dynamic Loading and Associated Attacks16分鐘
Programming Implicitly3分鐘
The Moral of the Story5分鐘
4 個閱讀材料
A Note From UC Davis10分鐘
Who Are You? - What is Going On?10分鐘
Resetting the PATH - What is Going On?10分鐘
Multiple PATH Environment Variables - What's Going On?5分鐘
2 個練習
Module 1 Practice Quiz14分鐘
Module 1 Quiz30分鐘
完成時間為 6 小時
Validation and Verification, Buffer and Numeric Overflows, and Input Injections
In this module, you will be able to breakdown how the process of checking inputs, known as validation and verification works. You will be able to avoid and buffer numeric overflows in your programs. You will be able to discover what happens when you call functions with parameters that cause overflows. And finally, you will be able to detect various input injections such as cross-site scripting and SQL injections and be able to describe the consequences of not examining input.
完成時間為 6 小時
17 個視頻 (總計 162 分鐘), 2 個閱讀材料, 2 個測驗
17 個視頻
Validation and Verification Overview8分鐘
Metacharacters11分鐘
The Heartbleed Bug and Other Exploits21分鐘
Inputs15分鐘
Fixes6分鐘
Lesson 3 Summary1分鐘
Buffer Overflows Overview2分鐘
Buffer Overflow Examples18分鐘
Selective Buffer Overflow and Utilizing Canaries17分鐘
Numeric Overflows Overview7分鐘
Numeric Overflow Examples8分鐘
Lesson 4 Summary2分鐘
Input Injections Overview1分鐘
Cross-Site Scripting Attacks18分鐘
SQL Injections10分鐘
Lesson 5 Summary5分鐘
2 個閱讀材料
Path Names - What's Going On?10分鐘
Numeric and Buffer Overflows - What's Going On?10分鐘
2 個練習
Module 2 Practice Quiz15分鐘
Module 2 Quiz30分鐘
完成時間為 3 小時
Files, Subprocesses, and Race Conditions
In this module, you will be able to describe how files and subprocesses interact and be able to create subprocesses and shell scripts. You will also be able to identify and prevent race conditions in your programs and practice cleaning out environments to make them safe for untrusted subprocesses.
完成時間為 3 小時
13 個視頻 (總計 80 分鐘), 1 個閱讀材料, 2 個測驗
13 個視頻
Files and Subprocesses Overview52
Creating a Child Process5分鐘
Subprocess Environment10分鐘
Files and Subprocesses Design Tips5分鐘
Lesson 6 Summary2分鐘
Race Conditions Overview8分鐘
A Classic Race Condition Example9分鐘
Time of Check to Time of Use12分鐘
Programming Condition5分鐘
Environmental Condition7分鐘
Race Conditions6分鐘
Linux Locks and FreeBSD System Calls4分鐘
1 個閱讀材料
The Environmental Condition - What's Going On?10分鐘
2 個練習
Module 3 Practice Quiz15分鐘
Module 3 Quiz30分鐘
完成時間為 7 小時
Randomness, Cryptography, and Other Topics
In this module you will be able to distinguish between pseudo-randomness and actual randomness. You will be able to apply randomness in the coding environment and generate random numbers and look at their distribution. You'll be able to identify and describe how and why cryptography is used, as well as why you should use trusted cryptography code libraries instead of crafting your own solution. You will be able to analyze and consider best practices for handling sensitive information, passwords, crypto keys, how to handle errors in security sensitive programs, and how to defend against string attacks. You will be able to hash a password and then try to guess another one. You will be able to practice cleaning out environments to make them safe for untrusted subprocesses, as well as practice handling integer overflow.
完成時間為 7 小時
19 個視頻 (總計 97 分鐘), 4 個閱讀材料, 2 個測驗
19 個視頻
Randomness and Cryptography Overview2分鐘
Pseudorandom vs. Random6分鐘
Producing Random Numbers4分鐘
Sowing Seeds12分鐘
Cryptography Basics3分鐘
Using Cryptography for Secrecy and Integrity8分鐘
Some Cryptography Examples9分鐘
Lesson 8 Summary1分鐘
Handling Sensitive Information and Errors and Formatting Strings Overview1分鐘
All About Passwords7分鐘
Adding a Pinch of Salt4分鐘
Managing Sensitive Data4分鐘
Practice a Secure Function8分鐘
Error Handling Part 14分鐘
Error Handling Part 26分鐘
Format Strings5分鐘
Lesson 9 Summary2分鐘
Course Summary52
4 個閱讀材料
(Pseudo) Random Numbers - What's Going On?10分鐘
Hashing and Cracking Passwords - What's Going On?10分鐘
A Safe system() Function - What's Going On?10分鐘
Converting Strings to Integers - What's Going On?10分鐘
2 個練習
Module 4 Practice Quiz15分鐘
Module 4 Quiz30分鐘
關於 加州大学戴维斯分校
UC Davis, one of the nation’s top-ranked research universities, is a global leader in agriculture, veterinary medicine, sustainability, environmental and biological sciences, and technology. With four colleges and six professional schools, UC Davis and its students and alumni are known for their academic excellence, meaningful public service and profound international impact.
關於 Secure Coding Practices 專項課程
This Specialization is intended for software developers of any level who are not yet fluent with secure coding and programming techniques.Through four courses, you will cover the principles of secure coding, concepts of threat modeling and cryptography and exploit vulnerabilities in both C/C++ and Java languages, which will prepare you to think like a hacker and protect your organizations information. The courses provide ample practice activities including exploiting WebGoat, an OWASP project designed to teach penetration testing.
常見問題
我什么时候能够访问课程视频和作业?
注册以便获得证书后,您将有权访问所有视频、测验和编程作业(如果适用)。只有在您的班次开课之后,才可以提交和审阅同学互评作业。如果您选择在不购买的情况下浏览课程,可能无法访问某些作业。
我订阅此专项课程后会得到什么?
您注册课程后,将有权访问专项课程中的所有课程,并且会在完成课程后获得证书。您的电子课程证书将添加到您的成就页中,您可以通过该页打印您的课程证书或将其添加到您的领英档案中。如果您只想阅读和查看课程内容,可以免费旁听课程。
退款政策是如何规定的?
有助学金吗?
還有其他問題嗎?請訪問 學生幫助中心。
