• Online, Self-Paced

String vulnerabilities are at the core of a wide range of exploits. Being able to recognize, debug, and fix unsafe string manipulation code is essential to avoiding vulnerabilities. In this course, you'll explore how string code can be written safely and how strings vulnerabilities are exploited.

You'll look at the most common format string vulnerabilities in the C programming language and what it means to overflow a string buffer. You'll debug string exploits, including vulnerabilities introduced by common string output and manipulation functions. Next, you'll correct common errors, check strings for safety, loop over strings, and see what happens when unsafe strings are executed in a program. Finally, you'll describe how code can be injected via strings and how strings can be returned safely.

Learning Objectives

{"discover the key concepts covered in this course"}

Framework Connections

The materials within this course focus on the NICE Framework Task, Knowledge, and Skill statements identified within the indicated NICE Framework component(s):

Specialty Areas

  • Cybersecurity Management
  • Systems Administration
  • Vulnerability Assessment and Management

Specialty Areas have been removed from the NICE Framework. With the recent release of the new NICE Framework data, updates to courses are underway. Until this course can be updated, this historical information is provided to give better context as to how it can help you with your cybersecurity goals.

Feedback

If you would like to provide feedback for this course, please e-mail the NICCS SO at NICCS@hq.dhs.gov.