• 708.689.0131
  • Contact us
  • Login
Infosec Logo
  • Infosec Logo
  • Products
  • Solutions
  • Resources
  • Company
  • Product overview
  • Infosec IQ logo Security awareness & culture
  • Infosec Skills logo On-demand training & cyber ranges
  • Infosec Skills Live Boot Camps logo On-demand training & cyber ranges
  • Infosec IQ overview
  • Security awareness training
  • Phishing simulator
  • Reporting & assessments
  • Integrations & automation
  • Global administration
  • Browse all training
  • Pricing & features
  • Demo
  • Infosec Skills overview
  • Role-guided training
  • Infosec Skills Teams
  • Cyber ranges & labs
  • Certifications & CPEs
  • Skill assessments
  • Browse all training
  • Pricing & features
  • Book a meeting
  • Live boot camps
  • Infosec Institute certifications
  • DoD 8570 certifications
  • Get team boot camp pricing
  • View boot camp schedule
  • Book a meeting
  • Pre-built training plans
  • Compliance, industry & role-based training
  • Custom education
  • Personalized learning
  • Languages
  • Gamified learning
  • 1000+ phishing templates
  • Simulation types
  • Phishing email reporter
  • Dashboard reports
  • Security culture survey
  • Assessments
  • Learner analytics
  • Learner management
  • Threat response orchestration
  • Integrations
  • 52 NICE Work Roles
  • SOC Analyst
  • Cloud Security Engineer
  • Security Manager
  • ICS Security Practitioner
  • Security Engineer
  • Penetration Tester
  • Digital Forensics Analyst
  • Information Risk Analyst
  • Security Architect
  • Secure Coder
  • Boot camp overview
  • CISSP Boot Camp
  • Security+ Boot Camp
  • Ethical Hacking Boot Camp
  • CCNA Dual Cert Boot Camp
  • CASP+ Boot Camp
  • CCSP Boot Camp
  • CISM Boot Camp
  • CySA+ Boot Camp
  • PMP Boot Camp
  • Browse all boot camps
Choose Your Own Adventure

Security awareness games by Infosec

Click to Play

On-demand training for every cybersecurity role

Download Catalog

Certification training from industry experts

Get Pricing
  • Solutions overview
  • By organization type
  • By need
  • For business teams
  • For government & contractor teams
  • For MSPs & resellers
  • Security awareness
  • Phishing simulation
  • Technical skill development
  • IT certification
  • Compliance & framework
  • CMMC certification

    2021 IT & Security Talent Pipeline Study

    Download Now
    • Cyber Work
    • Webcasts
    • Case studies
    • Reports & whitepapers
    • Blog
    • Community
    • Infosec Inspire
    • Free tools
    • Cyber Work Podcast
    • Cyber Work Applied
    • Infosec Insiders
    • TechExams
    • YouTube
    • LinkedIn
    • Facebook
    • Twitter
    • Phishing Risk Test
    • Security awareness ROI calculator
    • Security awareness training plans
    • Security awareness buyer’s guide

      Cyber Work Podcast

      New cybersecurity career conversations every week

      Listen Now
      • About us
      • Events & webcasts
      • Careers
      • Scholarships & awards
      • Infosec Gives
      • Infosec Gives Partner Program
      • About us
      • Leadership
      • Newsroom
      • Recognition
      • Industry alliances
      • Infosec Hall of Fame
      • Infosec Security Awareness Awards
      • Infosec Accelerate Scholarship Program

        We’re hiring!

        Join a team dedicated to making a difference.

        Get To Know Us

        Secure Coding for C/C++ Training Boot Camp

        Learn the most common programming bugs and their practical mitigation techniques through hands-on exercises that provide full understanding of the root causes of security problems.

        View Pricing Book a Boot Camp

        Learn secure C/C++ coding

        • Two days of expert, live Secure Coding for C/C++ training
        • 100% Satisfaction Guarantee
        • Free annual Infosec Skills subscription ($299 value!)
        • 1-year access to all boot camp video replays and materials
        • Hands-on cyber ranges and labs
        • Knowledge Transfer Guarantee

        Hands-on exercises

        This secure coding boot camp includes a number of easy-to-understand exercises that demonstrate live hacking. You’ll learn to analyze vulnerable code snippets and carry out attacks against them in order to fully understand the root causes of certain security problems. All exercises are prepared in a plug-and-play manner by using a pre-set desktop virtual machine, which provides a uniform development environment.

         

        View full course schedule

        Training overview

        Our Secure Coding in C/C++ Boot Camp covers typical C/C++ security programming bugs and common vulnerabilities. The root causes of the problems are explained through a number of easy-to-understand source code examples that depict how to find and correct the issues. The real strength of the training is the numerous hands-on exercises, which help you understand how easy it is for attackers to exploit these vulnerabilities.

        The training also provides an overview of practical protection methods that can be applied at different levels (hardware components, operating systems, programming languages, the compiler, the source code or in production) to prevent the occurrence of various bugs, to detect them during development and before market launch, or to prevent their exploitation during system operation. Through exercises specially tailored to these mitigation techniques, you’ll learn how simple it is to eliminate various security problems.

        What you’ll learn

        This Secure Coding in C/C++ Boot Camp provides two days of training with a real C/C++ security expert. Our instructors have extensive C/C++ development experience as well as years of experience performing security code reviews. You will learn valuable knowledge and skills, including the ability to:

        • Understand basic concepts of security, IT security and secure coding
        • Realize the severe consequences of non-secure buffer handling
        • Understand the architectural protection techniques and their weaknesses
        • Learn about typical coding mistakes and how to avoid them
        • Be informed about recent vulnerabilities in various platforms, frameworks and libraries

        Regularly updated training

        Black hat hackers are always changing their tactics to get one step ahead of the good guys. We update our course materials regularly to ensure you learn about the latest C/C++ coding threats — and how to write secure code to prevent those threats.

        Who should attend

        • C / C++ developers
        • Designers and architects
        • Members or managers of the software development team
        • Anyone who wants to learn more about secure coding in C/C++

        Prerequisites

        • Knowledge of C / C++ programming languages
        • Familiarity with memory management
        • Background in OS mechanisms

        Everything you need to learn secure C/C++

        • Two days of expert, live Secure Coding for C/C++ training
        • 100% Satisfaction Guarantee
        • Free annual Infosec Skills subscription ($299 value!)
        • 1-year access to all boot camp video replays and materials
        • Hands-on cyber ranges and labs
        • Knowledge Transfer Guarantee
        View Pricing

        Secure C/C++ training schedule

        Infosec’s Secure C/C++  training is more than just a boot camp. We support you before, during and after your live training to ensure you’re fully prepared.

        • Before your boot camp
          • Start learning now. You’ll get immediate access to all the content in Infosec Skills the moment you enroll. Prepare for your live boot camp, uncover your knowledge gaps and maximize your training experience.

        • During your boot camp
          • IT security and secure coding

            • Nature of security
            • IT security-related terms
            • Definition of risk
            • IT security vs. secure coding
            • From vulnerabilities to botnets and cybercrime
              • Nature of security flaws
              • Reasons of difficulty
              • From an infected computer to targeted attacks
            • Classification of security flaws
              • Landwehr’s taxonomy
              • The Fortify taxonomy
              • The Seven Pernicious Kingdoms
              • OWASP Top Ten 2013 — Landwehr’s taxonomy

            Security relevant C/C++ programming bugs and flaws

            • Exploitable security flaws
            • Protection principles
              • Specific protection methods
              • Protection methods at different layers
              • The PreDeCo matrix of software security
            • x86 machine code, memory layout, stack operations
              • Main registers
              • Most important instructions
              • Flags
              • Control instructions
              • Stack handling and flow control
              • The memory address layout
              • The function calling mechanism in C/C++ on x86
              • Calling conventions
              • The local variables and the stack frame
              • Function calls
              • Prologue and epilogue of a function
              • Stack frame of nested calls
              • Stack frame of recursive functions

            Buffer overflow

            • Stack overflow
              • Buffer overflow on the stack
                • Overwriting the return address
                • Exercise BOFIntro
                • Exercise BOFShellcode
              • Protection against stack overflow
                • Stack overflow – prevention (during development)
                • Stack overflow – detection (during execution)
              • Stack smashing protection
                • Stack smashing protection variants
                • Stack smashing protection in GCC
                • Exercise BOFShellcode
                • Effects of stack smashing protection
                • Bypassing stack smashing protection – an example
              • Address Space Layout Randomization (ASLR)
                • Stack randomization with ASLR
                • Using ASLR
                • Circumventing ASLR: NOP sledding
                • Exercise BOFASLR
                • Circumventing ASLR with NOP sledging
              • Non executable memory areas – the NX bit
                • Protection through virtual memory management
                • Access control on memory segments
                • The Never eXecute (NX) bit
                • Exercise BOFShellcode – enforcing NX memory segments
                • Return-to-libc attack – circumventing the NX bit
                • Arc injection / return-to-libc attack
                • Multiple function calls with return-to-libc
              • Return oriented programming (ROP)
                • Exploiting with ROP
                • ROP gadgets
                • Combining the ROP gadgets
                • Exercise BOFROP
            • Heap overflow
              • Memory allocation managed by a doubly-linked list
              • Buffer overflow on the heap
              • Steps of freeing and joining memory blocks
              • Freeing allocated memory blocks
              • TLS Heartbeat Extension
              • Heartbleed – a simple explanation
              • Heartbleed – fix in v1.0.1g
              • Protection against heap overflow

            Common coding errors and vulnerabilities

            • Input validation
              • Input validation concepts
              • Integer problems
              • Representation of negative integers
              • Integer ranges
              • Integer representation by using the two’s complement
              • The integer promotion rule in C/C++
              • Arithmetic overflow – spot the bug!
              • Exercise IntOverflow
              • So why ABS(INT_MIN)==INT_MIN?
              • Signedness bug – spot the bug!
              • Widthness integer overflow – spot the bug!
              • A case study – Android Stagefright
              • Stagefright – a quick introduction
              • Some Stagefright code examples – spot the bugs!
              • Integer problem mitigation
              • Avoiding arithmetic overflow – addition
              • Avoiding arithmetic overflow – multiplication
              • Dealing with signed/unsigned integer promotion
              • Safe integer handling in C
              • The SafeInt class for C++
              • Printf format string bug – exploitation
              • Exercise Printf
              • Printf format string exploit – overwriting the return address
              • Mitigation of printf format string problem
              • Some otherinput validation problems
              • Array indexing – spot the bug!
              • The Unicode bug
              • Directory Traversal Vulnerability
              • Shellshock – basics of using functions in bash
              • Shellshock – vulnerability in bash
              • Exercise – Shellshock
              • Shellshock fix and counterattacks
              • Exercise – command override with environment variables
              • Improper use of security features
              • Problems related to the use of security features
              • Insecure randomness
              • Week PRNGs in C
              • Stronger PRNGs in C and Linux
              • Hardware-based RNGs
              • Password management
              • Exercise – Google cracking
              • Password management and storage
              • Special purpose hash algorithms for password storage
              • BDKDF2 and bcrypt implementations in C/C++
              • Some other typical password management problems
            • Improper error and exception handling
              • Typical problems with error and exception handling
              • Empty catch block
              • Overly broad catch
              • Exercise ErrorHandling – spot the bug!
            • Time and state problems
              • Time and state related problems
              • Serialization errors (TOCTTOU)
              • Attacks with symbolic links
              • Exercise TOCTTOU
            • Code quality problems
              • Dangers arising from poor code quality
              • Poor code quality – spot the bug!
              • Unreleased resources
              • Type mismatch – spot the bug!
              • Exercise TypeMismatch

            Advice and principles

            • Matt Bishop’s principles of robust programming
            • The security principles of Saltzer and Schroeder

            Knowledge sources

            • Vulnerability databases
            • Secure coding sources – a starter kit
        • After your boot camp
          • Your boot camp includes a 1-year subscription to Infosec Skills, so you can take additional time to get a head start on your next certification goal or start earning CPEs.

        Free C/C++ training resources

        Linux Malware: Novelties in the Threat Landscape

        In this article, you will go through the most interesting Linux threats appeared in the wild in the last months.

        See Resources

        Breaking into IT: From first job to advanced certs with CompTIA

        Technical workers earn more than double the national average wage, according to a 2018 CompTIA IT Industry Outlook report. Learn how to get started in IT from Teresa Sears, senior director of certification products for CompTIA skills certifications, and Christine Tuttleman, a business information security officer, CompTIA SME and member of the CompTIA Technical Advisory Committee.

        Listen Now

        Response to IT industry trends analysis 2020

        This publication takes a generalized look at the landscape in which IT professionals, including security professionals, find themselves involved in 2020

        Learn More

        Find your boot camp

        Take the course online?
        Learn more about online
        866.471.0059
        • Today
        • Next week
        • Next month
        See additional dates

        Sign up

        Enroll in a boot camp

          See additional dates
          Infosec logo

          Products

          Infosec IQ Security awareness, culture & phishing simulator Infosec Skills Hands-on skill development & boot camps

          Resources

          Cyber Work Blog Infosec Inspire Events & webcasts

          Company

          Contact us About Infosec Careers Newsroom Partners
          • ©2022 Infosec Institute, Inc.
            • Trademarks
            • Privacy Policy

          Infosec, part of Cengage Group