Interacting with the World Course

This course describes many ways a program can interact with the world.

2 hours, 15 minutes

Course description

In this course, you'll explore the many different ways a program can interact with the world. This includes files, file name validation and stdin/stdout/stderr. For each topic, the security aspects of the interaction are discussed and recommendations are made about how to validate exchanged data.

Syllabus

Loading Shared Objects or Launching Executables

Video - 00:14:00
Take a look at how loading shared objects or executables can cause security issues, and how to prevent these issues.
Network Address Validation

Video - 00:08:00
In this video, you'll look at how to validate network addresses and limit where the network request come from.
Sockets

Video - 00:14:00
This video explores how to safely use datagram and stream sockets.
File Name Validation

Video - 00:29:00
How can a hacker use filename to make a program access file other than the permitted ones? How can a program protect itself against that?
stdin / stdout / stderr

Video - 00:03:00
Explore stdin/stdout/stderr and how to safely use these special streams.
Files

Video - 00:38:00
Which function families can we use to manipulate files, and how do we use them safely?
Environment Variables

Video - 00:10:00
How can a hacker use the environment variable to execute malicious code with higher privileges?
Command Line Arguments

Video - 00:17:00
How long can command-line arguments be, and how do we validate them?
Introduction

Video - 00:03:00
Let's take a look at what is included in this course.

Meet the author

Martin Dubois

Martin Dubois obtained a degree in computer engineering from Laval University, Québec City, in 1993. He worked in many high-tech start-ups as software developer and software development leader. He mainly developed in C and C++, creating embedded software and device drivers for Windows and Linux. In 2000, he became a freelancer. He helps clients to develop safe, functional and efficient software systems. In addition to developing in C and C++, he provides expert corporate training about device driver development and other related subjects.

Martin is deeply interested in computer security. He never misses the Québec City Hackfest event and even presented subjects twice. He has been a part-time lecturer at colleges and university for over 15 years, where he did teach computer science, programming, and network security.

Learn More

Unlock 7 days of free training

  • 1,400+ hands-on courses and labs
  • Certification practice exams
  • Skill assessments
Start a Free Trial

Associated NICE Work Roles

All Infosec training maps directly to the NICE Workforce Framework for Cybersecurity to guide you from beginner to expert across 52 Work Roles.

  • Multi-Disciplined Language Analyst
  • Cyber Operator
  • Data Analyst

Plans & pricing

Infosec Skills Personal

$299 / year

Buy Now 7-Day Free Trial
  • 190+ role-guided learning paths (e.g., Ethical Hacking, Threat Hunting)
  • 100s of hands-on labs in cloud-hosted cyber ranges
  • Custom certification practice exams (e.g., CISSP, Security+)
  • Skill assessments
  • Infosec peer community support

Infosec Skills Teams

$799 per license / year

Book a Meeting
  • Team administration and reporting
  • Dedicated client success manager
  • Single sign-on (SSO)
    Easily authenticate and manage your learners by connecting to any identity provider that supports the SAML 2.0 standard.
  • Integrations via API
    Retrieve training performance and engagement metrics and integrate learner data into your existing LMS or HRS.
  • 190+ role-guided learning paths and assessments (e.g., Incident Response)
  • 100s of hands-on labs in cloud-hosted cyber ranges
  • Create and assign custom learning paths
  • Custom certification practice exams (e.g., CISSP, CISA)
  • Optional upgrade: Guarantee team certification with live boot camps

Learn about scholarships and financing with

Affirm logo

Award-winning training you can trust