This course builds upon the skills and coding practices learned in both Principles of Secure Coding and Identifying Security Vulnerabilities, courses one and two, in this specialization. This course uses the focusing technique that asks you to think about: “what to watch out for” and “where to look” to evaluate and ultimately remediate fragile C++ library code.
Identifying Security Vulnerabilities in C/C++Programming
This course is part of Secure Coding Practices Specialization
Instructor: Matthew Bishop, PhD
9,143 already enrolled
Included with
(79 reviews)
What you'll learn
Apply “what to watch out for” and “where to look” to evaluate fragility of C++ library code.
Given a fragile C++ library, code a robust version.
Identify problems w/ privilege, trusted environments, input validation, files & sub-processes, resource mngmt, asynchronicity, & randomness in C/C++.
Remediate examples of problems that apply to C/C++ interactions with the programming environment.
Skills you'll gain
Details to know
Add to your LinkedIn profile
8 assignments
See how employees at top companies are mastering in-demand skills
Build your subject-matter expertise
- Learn new concepts from industry experts
- Gain a foundational understanding of a subject or tool
- Develop job-relevant skills with hands-on projects
- Earn a shareable career certificate
Earn a career certificate
Add this credential to your LinkedIn profile, resume, or CV
Share it on social media and in your performance review
There are 4 modules in this course
In this module, you will be able to manage users and privileges when you run programs or sub-programs. You will be able to identify and use the different types of privileges on a Linux (and UNIX-like) system. You'll be able to identify how program shells preserve environment settings. You will be able to examine how your shell (or other program that uses the PATH variable) deals with multiple versions of that variable.
What's included
17 videos4 readings2 assignments4 discussion prompts
In this module, you will be able to breakdown how the process of checking inputs, known as validation and verification works. You will be able to avoid and buffer numeric overflows in your programs. You will be able to discover what happens when you call functions with parameters that cause overflows. And finally, you will be able to detect various input injections such as cross-site scripting and SQL injections and be able to describe the consequences of not examining input.
What's included
17 videos2 readings2 assignments2 discussion prompts
In this module, you will be able to describe how files and subprocesses interact and be able to create subprocesses and shell scripts. You will also be able to identify and prevent race conditions in your programs and practice cleaning out environments to make them safe for untrusted subprocesses.
What's included
13 videos1 reading2 assignments1 discussion prompt
In this module you will be able to distinguish between pseudo-randomness and actual randomness. You will be able to apply randomness in the coding environment and generate random numbers and look at their distribution. You'll be able to identify and describe how and why cryptography is used, as well as why you should use trusted cryptography code libraries instead of crafting your own solution. You will be able to analyze and consider best practices for handling sensitive information, passwords, crypto keys, how to handle errors in security sensitive programs, and how to defend against string attacks. You will be able to hash a password and then try to guess another one. You will be able to practice cleaning out environments to make them safe for untrusted subprocesses, as well as practice handling integer overflow.
What's included
19 videos4 readings2 assignments5 discussion prompts
Instructor
Offered by
Recommended if you're interested in Computer Security and Networks
Microsoft
Coursera Instructor Network
Dartmouth College
University of Colorado System
Why people choose Coursera for their career
Learner reviews
79 reviews
- 5 stars
73.41%
- 4 stars
15.18%
- 3 stars
10.12%
- 2 stars
0%
- 1 star
1.26%
Showing 3 of 79
Reviewed on May 12, 2020
Practical demos could have added more fun to this course.
Reviewed on Feb 22, 2021
I liked the course and the instructor is really nice. It could use more code. This course has very minimal code.
Reviewed on May 30, 2020
Thoroughly enjoyed the course. learned a lot. thank you.
New to Computer Security and Networks? Start here.
Open new doors with Coursera Plus
Unlimited access to 10,000+ world-class courses, hands-on projects, and job-ready certificate programs - all included in your subscription
Advance your career with an online degree
Earn a degree from world-class universities - 100% online
Join over 3,400 global companies that choose Coursera for Business
Upskill your employees to excel in the digital economy
Frequently asked questions
Access to lectures and assignments depends on your type of enrollment. If you take a course in audit mode, you will be able to see most course materials for free. To access graded assignments and to earn a Certificate, you will need to purchase the Certificate experience, during or after your audit. If you don't see the audit option:
The course may not offer an audit option. You can try a Free Trial instead, or apply for Financial Aid.
The course may offer 'Full Course, No Certificate' instead. This option lets you see all course materials, submit required assessments, and get a final grade. This also means that you will not be able to purchase a Certificate experience.
When you enroll in the course, you get access to all of the courses in the Specialization, and you earn a certificate when you complete the work. Your electronic Certificate will be added to your Accomplishments page - from there, you can print your Certificate or add it to your LinkedIn profile. If you only want to read and view the course content, you can audit the course for free.
If you subscribed, you get a 7-day free trial during which you can cancel at no penalty. After that, we don’t give refunds, but you can cancel your subscription at any time. See our full refund policy.