Defensive programming is a methodology for writing code that is not prone to present or future errors potentially caused by unexpected user inputs or actions. In this course, you will explore common risks to C/C++, how to defend against common attacks, the best way to deal with user input, and finally, you'll explore some best practices for creating defendable code.
Learning Objectives
Risks in C/C++ Applications
- start the course
- list potential risks to C/C++ UI applications
- describe what buffer overflows are and their impact
- identify how to prevent buffer overflows
Defending Against Attacks
- describe what code injection attacks are
- describe how to mitigate injection attacks in C/C++ applications
- identify how to prevent format string vulnerabilities in C/C++ applications
- recognize how to prevent Dynamic Link Library or DLL hijacking in C/C++ applications
- use exceptions in C/C++ applications
Working with User Input
- specify how to deal with bad data in your C/C++ applications
- how to use regular expressions to help in input validation
- recognize how to constrain user input to prevent bad data input
Defending Code in C/C++
- recognize how to properly interface with data in C/C++
- demonstrate some common data validation techniques employed to create secure C/C++ applications
- identify why casting in the C++ style is preferred to the C style
C/C++ Best Practices for Defensive Coding
- recognize how to properly use operator overloading in C/C++
- identify the correct way to access internal class data
- describe why for loops are preferred to while loops
- recognize how to keep functions focused and concise
- identify the best way to use references and pointers and why you should avoid raw pointers
- describe the top secure coding practices for C/C++
- recognize the importance of good readability for planning and maintaining code
Practice: Securing a C/C++ Application
- use defensive coding techniques to create a secure C/C++ application