Platform
Generative AI
Audience
C/C++ developers
Preparedness
General C++ and C development
Standards and references
SEI CERT, CWE and Fortify Taxonomy
Group size
12 participants
Outline
What you will learn
Description
Embark on a comprehensive exploration of cybersecurity and secure coding practices in this intensive three-day course. It is primarily focusing on C++, but also integrates some C concepts. Based on a primer on machine code, assembly, and memory overlay (Intel and ARM versions available), the curriculum addresses critical security issues related to memory management. Various protection techniques on the level of source code, compiler, OS or hardware are discussed – such as stack smashing protection, ASLR or the non-execution bit – to understand how they work and make clear what we can and what we can’t expect from them.
The various secure coding subjects are aligned to common software security weakness categories, such as security features, error handling or code quality. Many of the weaknesses are, however, linked to missing or improper input validation. In this category you’ll learn about injection, the surprising world of integer overflows, and about handling file names correctly to avoid path traversal.
Through hands-on labs and real-world case studies, you will navigate the details of secure coding practices to get essential approaches and skills in cybersecurity.
So that you are prepared for the forces of the dark side.
So that nothing unexpected happens.
Nothing.
This variant of the course deals extensively with how certain security problems in code are handled by GitHub Copilot.
Through a number of hands-on labs participants will get first hand experience about how to use Copilot responsibly, and how to prompt it to generate the most secure code. In some cases it is trivial, but in most of the cases it is not; and in yet some other cases it is basically impossible.
At the same time, the labs provide general experience with using Copilot in everyday coding practice - what you can expect from it, and what are those areas where you shouldn't rely on it.