This course will enable students to understand how software coding defects lead to software vulnerabilities, develop secure software, and manage teams that develop secure software. This course provides a detailed explanation of common programming errors in C and C++ and describes how these errors can lead to code that is vulnerable to exploitation. The course covers secure software development tools and processes while focusing on low-level technical security issues intrinsic to the C and C++ programming languages and associated libraries.
Lecture and project-based
Proficiency in C and C++ are required.
- Understand connection between C and theoretic type theory and (un)safety
- Improve the security of any C or C++ application
- Identify, exploit, and eliminate insecure input manipulation logic
- Identify and eliminate integer overflows, sign errors and truncation errors
- Identify, exploit, and eliminate pointer vulnerabilities (including using C++ smart pointers)
- Fuzz programs to identify vulnerabilities
- Identify, exploit and eliminate I/O vulnerabilities, including race conditions
- Use formal methods to formally prove security properties in code
Faculty and instructors who have taught this course in the pastHanan Hibshi