Who is this training for?
This course is intended for application developers system designers who want to understand how software is exploited, how to mitigate attacks and prioritize security fixes. The course is equally interesting for security analysts who want to understand software exploitation to assess the impact of vulnerabilities or perform penetration testing.
It is recommended that you have a good understanding of operating systems and computer architecture concepts, including:
- Privilege levels
- Kernel/user-space separation
- Executable formats and dynamic loading, etc.
- Good understanding of C/C++ programming and secure coding principles
- Basic understanding of ARM architecture and ARM assembly
In this course we look at typical mitigation techniques which make software exploitation more difficult. We cover the basics of memory corruption issues, specifics of embedded device and kernel exploitation as well as common mitigation techniques and the different approaches to bypass them. We additionally touch upon less common mitigation techniques that try to address these shortcomings.
Key learning objectives:
- Exploit stack corruption and other vulnerabilities
- Apply common mitigation techniques, including stack cookies, ASLR and XN
- Successfully bypass the most common mitigation techniques
- Understand state-of-the-art countermeasures against software exploitation, such as Control Flow Integrity and related techniques
Essential Fault Injection
Closely connected with SCA know-how, the Fault Injection experience this training empowers your team with the complete knowledge of hardware security techniques.
Essential Side Channel Analysis
You will learn the practice of side channel analysis from the developers of the best-in-class analysis tools, so that it can be applied in your embedded device development process.