Format String Vulnerabilities

This course introduces format string vulnerabilities, their exploitation and possible mitigations.

7 videos  //  32 minutes of training

Free training week — 1,400+ on-demand courses and hands-on labs

Course description

Print statements are a deceptively simple aspect of programming. By exploiting format string vulnerabilities, an attacker can read from or write to arbitrary memory within a program. This course describes how to identify format string vulnerabilities and how to write code that is not vulnerable to attack.

Course syllabus

Introduction to Format String VulnerabilitiesDuration: 1:45

This video provides an introduction to the format string vulnerabilities course.

Introduction to PrintingDuration: 6:37

This video covers the fundamentals of printing and format strings.

Format String VulnerabilitiesDuration: 4:40

This video describes how format string vulnerabilities can make an application vulnerable to attack.

Exploiting Format String VulnerabilitiesDuration: 6:02

This video describes how format string vulnerabilities can be exploited by an attacker.

Format String Vulnerability Case StudyDuration: 4:33

This video describes a case study of an application containing a format string vulnerability.

Format String MitigationsDuration: 2:45

This video describes mitigations for format string vulnerabilities.

Format String DemoDuration: 5:56

This video demonstrates exploitation of a format string vulnerability.

Meet the author

Howard Poston

LinkedIn

Howard Poston is a cybersecurity researcher with a background in blockchain, cryptography and malware analysis. He has a master's degree in Cyber Operations from the Air Force Institute of Technology and two years of experience in cybersecurity research and development at Sandia National Labs. He currently works as a freelance consultant providing training and content creation for cyber and blockchain security. He can be reached by email at [email protected] or via his website at https://www.howardposton.com.

Plans & pricing

Infosec Skills Personal

  • 190+ role-guided learning paths (e.g., Ethical Hacking, Threat Hunting)
  • 100s of hands-on labs in cloud-hosted cyber ranges
  • Custom certification practice exams (e.g., CISSP, Security+)
  • Skill assessments
  • Infosec peer community support

Infosec Skills Teams

$799 per license / year

Book a Meeting
  • Team administration and reporting
  • Dedicated client success manager
  • Single sign-on (SSO)
    Easily authenticate and manage your learners by connecting to any identity provider that supports the SAML 2.0 standard.
  • Integrations via API
    Retrieve training performance and engagement metrics and integrate learner data into your existing LMS or HRS.
  • 190+ role-guided learning paths and assessments (e.g., Incident Response)
  • 100s of hands-on labs in cloud-hosted cyber ranges
  • Create and assign custom learning paths
  • Custom certification practice exams (e.g., CISSP, CISA)
  • Optional upgrade: Guarantee team certification with live boot camps

Award-winning training that you can trust

IDC MarketScape Leader: U.S. IT Training

IDC MarketScape Leader: U.S. IT Training

Infosec Skills

eLearning Content

eLearning Content

Infosec Skills

Best Product - Cybersecurity Training for Infosec Professionals

Best Product - Cybersecurity Training for Infosec Professionals

Infosec Skills

Security Education & Platform

Security Education & Platform

Infosec Skills

Ranked #52 in Top 100 Global Software Sellers

Ranked #52 in Top 100 Global Software Sellers

Infosec