- Challenge assumptions: making assumptions is a common but dangerous programming practice, e.g. it can lead to incorrectly validated input. You will learn how software programs are executed in the memory, what happens when a device operates out of bounds and how instantaneous power consumption can be used to extract secret information.
- Find vulnerabilities: because a device or application can be compromised when even a single vulnerability is identified by an attacker, the goal of a developer is to remove all vulnerabilities. You will learn how to eliminate the most common logical errors in software, add extra defense to the critical areas of code, and secure the crypto engines.
- Choose and implement defenses: while there are many possible defense mechanisms, each comes at a cost: execution time, required memory, access to hardware components such as RNGs. You will learn how to analyze the cost and effect tradeoff, and thus be able to make informed strategic decisions.
Not ready to purchase the entire course, but would like to learn more about Secure Coding? Take a free trial of our Fault Injection for Software Developers course that is part of the Secure Coding Fundamentals program. This is the first fault injection course created specifically for software developers who want to harden their code. In this course you will learn how to assess the impact of fault injection attacks on security critical code, and propose a cost effective remediation plan.
Register for the training here.
Are you still curious and want to know more about secure coding? Riscure provides multiple free courses that you can take.
Side Channel Analysis for Software Developers training will enable you to protect your devices and applications against basic side-channel analysis attacks.
Access this training via this link.
Understanding Leakage Detection, that was created as part of the REASSURE project, helps you grasp the intuition behind leakage detection methodologies and achieve a sound technical appreciation of how and why they work. The training was created in collaboration with the crypto research groups of University of Bristol and Université Catholique de Louvain.