Secure Code Development Bootcamp
Remove software vulnerabilities early in the development cycle. A primer for any developer concerned with writing secure code. This is an intense hands-on course with numerous examples of good and bad coding practices from open source projects.
Duration: 2 days | Type: Classroom/Hands-on exercises
Course is available on request
Who is this training for?
This course is intended for code auditors, software security architects, software developers, system designers involved in the design, development, and maintenance of software aimed at the protection of assets or who want to learn how to find vulnerabilities in an application codebase.
The course offers the following benefits:
- Early identification of issues in software development cycle.
- Improved ability for finding vulnerabilities in code.
- Continuous improvement of the product development by integrating best practices for secure software development.
Aims and Objectives
The main objective of the training is to enable developers to find vulnerabilities in their code by covering the what, why and how of code auditing. We show why compliance with code standards (e.g. MISRA-C) is not equivalent with secure code development and how compliant code can still have vulnerabilities. For each of the vulnerability classes presented during the training we discuss their potential impact on the system and strategies to help preventing the introduction such vulnerabilities. The training is highly practical with many examples from well-known open source projects.
After we discuss common vulnerabilities, such as buffer overflows, string format issues and integer wrap-arounds, your team learns to identify vulnerabilities in code of slowly increasing complexity and evaluate their potential impact. Many software vulnerabilities are caused by unintended or undefined code behavior and therefore we cover these two topics in depth. We will also discuss command injection and heap management vulnerabilities, race conditions as well as type confusion issues, common crypto mistakes and issues specific to operating system kernels.
In summary the key learning objectives of this training are:
• Understand the most common and severe weaknesses in code (C)
• Why compliance with coding guidelines MISRA_-C is not equivalent with secure code development
• Practice identifying different types of vulnerabilities;
• Prevent security vulnerabilities during development
• Introduce and discuss secure coding guidelines
• Select applicable software hardening techniques for your system;