This course will enable students to understand how software coding defects lead to software vulnerabilities, develop secure software, and manage teams that develop secure software. This course provides a detailed explanation of common programming errors in C and C++ and describes how these errors can lead to code that is vulnerable to exploitation. The course covers secure software development tools and processes while focusing on low-level technical security issues intrinsic to the C and C++ programming languages and associated libraries.

Class format

Lecture and project-based

Home department

INI

Target audience

INI students

Background required

Proficiency in C and C++ are required.

Learning objectives

• Understand connection between C and theoretic type theory and (un)safety
• Improve the security of any C or C++ application
• Identify, exploit, and eliminate insecure input manipulation logic
• Identify and eliminate integer overflows, sign errors and truncation errors
• Identify, exploit, and eliminate pointer vulnerabilities (including using C++ smart pointers)
• Fuzz programs to identify vulnerabilities
• Identify, exploit and eliminate I/O vulnerabilities, including race conditions
• Use formal methods to formally prove security properties in code

Faculty and instructors who have taught this course in the past