Interacting with the World

This course describes many ways a program can interact with the world.

9 videos  //  135 minutes of training

Free training week — 1,400+ on-demand courses and hands-on labs

Course description

In this course, you’ll explore the many different ways a program can interact with the world. This includes files, file name validation and stdin/stdout/stderr. For each topic, the security aspects of the interaction are discussed and recommendations are made about how to validate exchanged data.

Course syllabus

IntroductionDuration: 2:32

Let's take a look at what is included in this course.

Command Line ArgumentsDuration: 16:42

How long can command-line arguments be, and how do we validate them?

Environment VariablesDuration: 10:24

How can a hacker use the environment variable to execute malicious code with higher privileges?

FilesDuration: 37:56

Which function families can we use to manipulate files, and how do we use them safely?

stdin / stdout / stderrDuration: 3:01

Explore stdin/stdout/stderr and how to safely use these special streams.

File Name ValidationDuration: 28:46

How can a hacker use filename to make a program access file other than the permitted ones? How can a program protect itself against that?

SocketsDuration: 14:20

This video explores how to safely use datagram and stream sockets.

Network Address ValidationDuration: 8:04

In this video, you'll look at how to validate network addresses and limit where the network request come from.

Loading Shared Objects or Launching ExecutablesDuration: 13:37

Take a look at how loading shared objects or executables can cause security issues, and how to prevent these issues.

Meet the author

Martin Dubois

LinkedIn

Martin Dubois obtained a degree in computer engineering from Laval University, Québec City, in 1993. He worked in many high-tech start-ups as software developer and software development leader. He mainly developed in C and C++, creating embedded software and device drivers for Windows and Linux. In 2000, he became a freelancer. He helps clients to develop safe, functional and efficient software systems. In addition to developing in C and C++, he provides expert corporate training about device driver development and other related subjects.

Martin is deeply interested in computer security. He never misses the Québec City Hackfest event and even presented subjects twice. He is also a part-time lecturer at colleges and universities, where he teaches computer science, programming and network security.

Plans & pricing

Infosec Skills Personal

  • 190+ role-guided learning paths (e.g., Ethical Hacking, Threat Hunting)
  • 100s of hands-on labs in cloud-hosted cyber ranges
  • Custom certification practice exams (e.g., CISSP, Security+)
  • Skill assessments
  • Infosec peer community support

Infosec Skills Teams

$799 per license / year

Book a Meeting
  • Team administration and reporting
  • Dedicated client success manager
  • Single sign-on (SSO)
    Easily authenticate and manage your learners by connecting to any identity provider that supports the SAML 2.0 standard.
  • Integrations via API
    Retrieve training performance and engagement metrics and integrate learner data into your existing LMS or HRS.
  • 190+ role-guided learning paths and assessments (e.g., Incident Response)
  • 100s of hands-on labs in cloud-hosted cyber ranges
  • Create and assign custom learning paths
  • Custom certification practice exams (e.g., CISSP, CISA)
  • Optional upgrade: Guarantee team certification with live boot camps

Award-winning training that you can trust

IDC MarketScape Leader: U.S. IT Training

IDC MarketScape Leader: U.S. IT Training

Infosec Skills

eLearning Content

eLearning Content

Infosec Skills

Best Product - Cybersecurity Training for Infosec Professionals

Best Product - Cybersecurity Training for Infosec Professionals

Infosec Skills

Security Education & Platform

Security Education & Platform

Infosec Skills

Ranked #52 in Top 100 Global Software Sellers

Ranked #52 in Top 100 Global Software Sellers

Infosec