Secure Coding

Course Number: 14-735

Department: Information Networking Institute

Location: Pittsburgh

Units: 12

Semester Offered: Fall

This course will enable students to understand how software coding defects lead to software vulnerabilities, develop secure software, and manage teams that develop secure software. This course provides a detailed explanation of common programming errors in C and C++ and describes how these errors can lead to code that is vulnerable to exploitation. The course covers secure software development tools and processes while focusing on low-level technical security issues intrinsic to the C and C++ programming languages and associated libraries.

Class format

Lecture and project-based

Home department


Target audience

INI students

Background required

Proficiency in C and C++ are required.

Learning objectives

  • Understand connection between C and theoretic type theory and (un)safety
  • Improve the security of any C or C++ application
  • Identify, exploit, and eliminate insecure input manipulation logic
  • Identify and eliminate integer overflows, sign errors and truncation errors
  • Identify, exploit, and eliminate pointer vulnerabilities (including using C++ smart pointers)
  • Fuzz programs to identify vulnerabilities
  • Identify, exploit and eliminate I/O vulnerabilities, including race conditions
  • Use formal methods to formally prove security properties in code

Faculty and instructors who have taught this course in the past

Hanan Hibshi