• Online, Self-Paced
Course Description

Defensive programming is a methodology for writing code that is not prone to present or future errors potentially caused by unexpected user inputs or actions. In this course, you will explore common risks to C/C++, how to defend against common attacks, the best way to deal with user input, and finally, you'll explore some best practices for creating defendable code.

Learning Objectives

Risks in C/C++ Applications

  • start the course
  • list potential risks to C/C++ UI applications
  • describe what buffer overflows are and their impact
  • identify how to prevent buffer overflows

Defending Against Attacks

  • describe what code injection attacks are
  • describe how to mitigate injection attacks in C/C++ applications
  • identify how to prevent format string vulnerabilities in C/C++ applications
  • recognize how to prevent Dynamic Link Library or DLL hijacking in C/C++ applications
  • use exceptions in C/C++ applications

Working with User Input

  • specify how to deal with bad data in your C/C++ applications
  • how to use regular expressions to help in input validation
  • recognize how to constrain user input to prevent bad data input

Defending Code in C/C++

  • recognize how to properly interface with data in C/C++
  • demonstrate some common data validation techniques employed to create secure C/C++ applications
  • identify why casting in the C++ style is preferred to the C style

C/C++ Best Practices for Defensive Coding

  • recognize how to properly use operator overloading in C/C++
  • identify the correct way to access internal class data
  • describe why for loops are preferred to while loops
  • recognize how to keep functions focused and concise
  • identify the best way to use references and pointers and why you should avoid raw pointers
  • describe the top secure coding practices for C/C++
  • recognize the importance of good readability for planning and maintaining code

Practice: Securing a C/C++ Application

  • use defensive coding techniques to create a secure C/C++ application

Framework Connections