This course builds upon the skills and coding practices learned in both Principles of Secure Coding and Identifying Security Vulnerabilities, courses one and two, in this specialization. This course uses the focusing technique that asks you to think about: “what to watch out for” and “where to look” to evaluate and ultimately remediate fragile C++ library code.
Identifying Security Vulnerabilities in C/C++Programming
This course is part of Secure Coding Practices Specialization
Instructor: Matthew Bishop, PhD
Sponsored by BrightStar Care
9,196 already enrolled
(79 reviews)
What you'll learn
Apply “what to watch out for” and “where to look” to evaluate fragility of C++ library code.
Given a fragile C++ library, code a robust version.
Identify problems w/ privilege, trusted environments, input validation, files & sub-processes, resource mngmt, asynchronicity, & randomness in C/C++.
Remediate examples of problems that apply to C/C++ interactions with the programming environment.
Skills you'll gain
Details to know
Add to your LinkedIn profile
8 assignments
See how employees at top companies are mastering in-demand skills
Build your subject-matter expertise
- Learn new concepts from industry experts
- Gain a foundational understanding of a subject or tool
- Develop job-relevant skills with hands-on projects
- Earn a shareable career certificate
Earn a career certificate
Add this credential to your LinkedIn profile, resume, or CV
Share it on social media and in your performance review
There are 4 modules in this course
In this module, you will be able to manage users and privileges when you run programs or sub-programs. You will be able to identify and use the different types of privileges on a Linux (and UNIX-like) system. You'll be able to identify how program shells preserve environment settings. You will be able to examine how your shell (or other program that uses the PATH variable) deals with multiple versions of that variable.
What's included
17 videos4 readings2 assignments4 discussion prompts
In this module, you will be able to breakdown how the process of checking inputs, known as validation and verification works. You will be able to avoid and buffer numeric overflows in your programs. You will be able to discover what happens when you call functions with parameters that cause overflows. And finally, you will be able to detect various input injections such as cross-site scripting and SQL injections and be able to describe the consequences of not examining input.
What's included
17 videos2 readings2 assignments2 discussion prompts
In this module, you will be able to describe how files and subprocesses interact and be able to create subprocesses and shell scripts. You will also be able to identify and prevent race conditions in your programs and practice cleaning out environments to make them safe for untrusted subprocesses.
What's included
13 videos1 reading2 assignments1 discussion prompt
In this module you will be able to distinguish between pseudo-randomness and actual randomness. You will be able to apply randomness in the coding environment and generate random numbers and look at their distribution. You'll be able to identify and describe how and why cryptography is used, as well as why you should use trusted cryptography code libraries instead of crafting your own solution. You will be able to analyze and consider best practices for handling sensitive information, passwords, crypto keys, how to handle errors in security sensitive programs, and how to defend against string attacks. You will be able to hash a password and then try to guess another one. You will be able to practice cleaning out environments to make them safe for untrusted subprocesses, as well as practice handling integer overflow.
What's included
19 videos4 readings2 assignments5 discussion prompts
Instructor
Offered by
Why people choose Coursera for their career
Learner reviews
79 reviews
- 5 stars
73.41%
- 4 stars
15.18%
- 3 stars
10.12%
- 2 stars
0%
- 1 star
1.26%
Showing 3 of 79
Reviewed on Jun 12, 2020
This was interesting: a good introduction on what we need to develop a secure program and most common sources of vulnerabilities. Thank you!
Reviewed on Nov 30, 2020
More code and Example would be good in this code, Example code for Discussion would be good for ideal reference
Reviewed on Feb 22, 2021
I liked the course and the instructor is really nice. It could use more code. This course has very minimal code.
Recommended if you're interested in Computer Science
Cisco Learning and Certifications
University of Colorado System
Open new doors with Coursera Plus
Unlimited access to 10,000+ world-class courses, hands-on projects, and job-ready certificate programs - all included in your subscription
Advance your career with an online degree
Earn a degree from world-class universities - 100% online
Join over 3,400 global companies that choose Coursera for Business
Upskill your employees to excel in the digital economy