{"course":{"productid":30311,"modality":1,"active":true,"language":"de","title":"Security testing C and C++ applications","productcode":"SECT-CCA","vendorcode":"CY","vendorname":"Cydrill","fullproductcode":"CY-SECT-CCA","courseware":{"has_ekit":false,"has_printkit":true,"language":""},"url":"https:\/\/portal.flane.ch\/course\/cydrill-sect-cca","objective":"<ul>\n<li>Getting familiar with essential cyber security concepts<\/li><li>Understanding security testing methodology and approaches<\/li><li>Correctly implementing various security features<\/li><li>Identify vulnerabilities and their consequences<\/li><li>Learn the security best practices in C and C++<\/li><li>Input validation approaches and principles<\/li><li>Getting familiar with security testing techniques and tools<\/li><\/ul>","audience":"<p>C\/C++ developers and testers<\/p>","contents":"<ul>\n<li>Cyber security basics<\/li><li>Memory management vulnerabilities<\/li><li>Memory management hardening<\/li><li>Security testing<\/li><li>Common software security weaknesses<\/li><li>Wrap up<\/li><\/ul>","outline":"<h4>Cyber security basics<\/h4><ul>\n<li>What is security?<\/li><li>Threat and risk<\/li><li>Cyber security threat types &ndash; the CIA triad<\/li><li>Cyber security threat types &ndash; the STRIDE model<\/li><li>Consequences of insecure software<\/li><\/ul><h4>Memory management vulnerabilities<\/h4><h5>Assembly basics and calling conventions<\/h5><ul>\n<li>x64 assembly essentials<\/li><li>Registers and addressing<\/li><li>Most common instructions<\/li><li>Calling conventions on x64\n<ul>\n<li>Calling convention &ndash; what it is all about<\/li><li>Calling convention on x64<\/li><li>The stack frame<\/li><li>Stacked function calls<\/li><\/ul><\/li><\/ul><h5>Buffer overflow<\/h5><ul>\n<li>Memory management and security<\/li><li>Vulnerabilities in the real world<\/li><li>Buffer security issues<\/li><li>Buffer overflow on the stack\n<ul>\n<li>Buffer overflow on the stack &ndash; stack smashing<\/li><li>Exploitation &ndash; Hijacking the control flow<\/li><li>Lab &ndash; Buffer overflow 101, code reuse<\/li><li>Exploitation &ndash; Arbitrary code execution<\/li><li>Injecting shellcode<\/li><li>Lab &ndash; Code injection, exploitation with shellcode<\/li><\/ul><\/li><li>Pointer manipulation\n<ul>\n<li>Modification of jump tables<\/li><li>Overwriting function pointers<\/li><\/ul><\/li><\/ul><h5>Best practices and some typical mistakes<\/h5><ul>\n<li>Unsafe functions<\/li><li>Dealing with unsafe functions<\/li><li>Lab &ndash; Fixing buffer overflow<\/li><li>What&#039;s the problem with asctime()?<\/li><li>Lab &ndash; The problem with asctime()<\/li><li>Using std::string in C++<\/li><li>Unterminated strings<\/li><li>readlink() and string termination<\/li><li>Manipulating C-style strings in C++<\/li><li>Malicious string termination<\/li><li>Lab &ndash; String termination confusion<\/li><li>String length calculation mistakes<\/li><li>Off-by-one errors<\/li><li>Allocating nothing<\/li><li>Testing for typical mistakes<\/li><\/ul><h4>Memory management hardening<\/h4><h5>Runtime protections<\/h5><ul>\n<li>Runtime instrumentation<\/li><li>Address Space Layout Randomization (ASLR)\n<ul>\n<li>ASLR on various platforms<\/li><li>Lab &ndash; Effects of ASLR<\/li><li>Circumventing ASLR &ndash; NOP sleds<\/li><li>Circumventing ASLR &ndash; memory leakage<\/li><\/ul><\/li><li>Non-executable memory areas\n<ul>\n<li>The NX bit<\/li><li>Write XOR Execute (W^X)<\/li><li>NX on various platforms<\/li><li>Lab &ndash; Effects of NX<\/li><li>NX circumvention &ndash; Code reuse attacks\n<ul>\n<li>Return-to-libc \/ arc injection<\/li><\/ul><\/li><li>Return Oriented Programming (ROP)\n<ul>\n<li>Protection against ROP<\/li><\/ul><\/li><\/ul><\/li><\/ul><h4>Security testing<\/h4><ul>\n<li>Security testing vs functional testing<\/li><li>Manual and automated methods<\/li><li>Black box, white box, and hybrid testing<\/li><\/ul><h5>Security testing methodology<\/h5><ul>\n<li>Security testing &ndash; goals and methodologies<\/li><li>Overview of security testing processes<\/li><li>Identifying and rating assets\n<ul>\n<li>Preparation and scoping<\/li><li>Identifying assets<\/li><li>Identifying the attack surface<\/li><li>Assigning security requirements<\/li><li>Lab &ndash; Identifying and rating assets<\/li><\/ul><\/li><li>Threat modeling\n<ul>\n<li>SDL threat modeling<\/li><li>Mapping STRIDE to DFD<\/li><li>DFD example<\/li><li>Attack trees<\/li><li>Attack tree example<\/li><li>Lab &ndash; Crafting an attack tree<\/li><li>Misuse cases<\/li><li>Misuse case examples<\/li><li>Risk analysis<\/li><li>Lab &ndash; Risk analysis<\/li><\/ul><\/li><li>Accomplishing the tests<\/li><li>Reporting, recommendations, and review<\/li><\/ul><h4>Common software security weaknesses<\/h4><h5>Security features<\/h5><ul>\n<li>Authentication<\/li><li>Password management\n<ul>\n<li>Inbound password management<\/li><li>Storing account passwords<\/li><li>Password in transit<\/li><li>Lab &ndash; Is just hashing passwords enough?<\/li><li>Dictionary attacks and brute forcing<\/li><li>Salting<\/li><li>Adaptive hash functions for password storage<\/li><li>Password policy<\/li><li>NIST authenticator requirements for memorized secrets\n<ul>\n<li>Case study &ndash; The Ashley Madison data breach<\/li><li>The ultimate crack<\/li><li>Exploitation and the lessons learned<\/li><\/ul><\/li><li>Password database migration<\/li><li>Testing for password management issues<\/li><li>Using password cracking tools<\/li><li>Lab &ndash; Password audit with John the Ripper<\/li><\/ul><\/li><\/ul><h4>Common software security weaknesses<\/h4><h5>Input validation<\/h5><ul>\n<li>Input validation principles<\/li><li>What to validate &ndash; the attack surface<\/li><li>Where to validate &ndash; defense in depth<\/li><li>When to validate &ndash; validation vs transformations<\/li><li>Validation with regex<\/li><li>Injection\n<ul>\n<li>Injection principles<\/li><li>Injection attacks<\/li><li>Code injection<\/li><li>OS command injection<\/li><li>Lab &ndash; Command injection<\/li><li>OS command injection best practices<\/li><li>Avoiding command injection with the right APIs<\/li><li>Lab &ndash; Command injection best practices\n<ul>\n<li>Case study &ndash; Shellshock<\/li><\/ul><\/li><li>Lab - Shellshock<\/li><li>Testing for command injection<\/li><\/ul><\/li><li>Integer handling problems\n<ul>\n<li>Representing signed numbers<\/li><li>Integer visualization<\/li><li>Integer promotion<\/li><li>Integer overflow<\/li><li>Lab &ndash; Integer overflow<\/li><li>Signed \/ unsigned confusion<\/li><li>Case study &ndash; The Stockholm Stock Exchange<\/li><li>Lab &ndash; Signed \/ unsigned confusion<\/li><li>Integer truncation<\/li><li>Lab &ndash; Integer truncation<\/li><li>Case study &ndash; WannaCry<\/li><li>Best practices\n<ul>\n<li>Precondition testing<\/li><li>Postcondition testing<\/li><li>Best practices in C<\/li><li>Best practices in C++<\/li><li>Lab &ndash; Integer handling best practices in C++<\/li><\/ul><\/li><li>Testing for numeric problems<\/li><\/ul><\/li><li>Files and streams\n<ul>\n<li>Path traversal<\/li><li>Lab &ndash; Path traversal<\/li><li>Path traversal best practices<\/li><li>Lab &ndash; Path canonicalization<\/li><li>Testing for path traversal<\/li><\/ul><\/li><\/ul><h4>Security testing<\/h4><h5>Security testing techniques and tools<\/h5><ul>\n<li>Code analysis\n<ul>\n<li>Static Application Security Testing (SAST)<\/li><li>Lab &ndash; Using static analysis tools<\/li><\/ul><\/li><li>Dynamic analysis\n<ul>\n<li>Security testing at runtime<\/li><li>Penetration testing<\/li><li>Stress testing<\/li><li>Dynamic Application Security Testing (DAST)<\/li><li>Fuzzing<\/li><li>Fuzzing techniques<\/li><li>Fuzzing &ndash; Observing the process<\/li><li>American Fuzzy Lop (AFL)<\/li><\/ul><\/li><\/ul><h4>Wrap up<\/h4><ul>\n<li>Secure coding principles<\/li><li>Principles of robust programming by Matt Bishop<\/li><li>Secure design principles of Saltzer and Schroeder<\/li><\/ul><h5>And now what?<\/h5><ul>\n<li>Software security sources and further reading<\/li><li>C and C++ resources<\/li><li>Security testing resources<\/li><\/ul>","summary":"<p>Your application written in C and C++ is tested functionally, so you are done, right? But did you consider feeding in incorrect values? 16Gbs of data? A null? An apostrophe? Negative numbers, or specifically -1 or -2<sup>31<\/sup>? Because that&#039;s what the bad guys will do &ndash; and the list is far from complete.<\/p>\n<p>Testing for security needs a remarkable software security expertise and a healthy level of paranoia, and this is what this course provides: a strong emotional engagement by lots of hands-on labs and stories from real life.<\/p>\n<p>A special focus is given to finding all discussed issues during testing, and an overview is provided on security testing methodology, techniques and tools.<\/p>\n<p>So that you are prepared for the forces of the dark side.<\/p>\n<p>So that nothing unexpected happens.<\/p>\n<p>Nothing.<\/p>","objective_plain":"- Getting familiar with essential cyber security concepts\n- Understanding security testing methodology and approaches\n- Correctly implementing various security features\n- Identify vulnerabilities and their consequences\n- Learn the security best practices in C and C++\n- Input validation approaches and principles\n- Getting familiar with security testing techniques and tools","audience_plain":"C\/C++ developers and testers","contents_plain":"- Cyber security basics\n- Memory management vulnerabilities\n- Memory management hardening\n- Security testing\n- Common software security weaknesses\n- Wrap up","outline_plain":"Cyber security basics\n\n\n- What is security?\n- Threat and risk\n- Cyber security threat types \u2013 the CIA triad\n- Cyber security threat types \u2013 the STRIDE model\n- Consequences of insecure software\nMemory management vulnerabilities\n\nAssembly basics and calling conventions\n\n\n- x64 assembly essentials\n- Registers and addressing\n- Most common instructions\n- Calling conventions on x64\n\n- Calling convention \u2013 what it is all about\n- Calling convention on x64\n- The stack frame\n- Stacked function calls\nBuffer overflow\n\n\n- Memory management and security\n- Vulnerabilities in the real world\n- Buffer security issues\n- Buffer overflow on the stack\n\n- Buffer overflow on the stack \u2013 stack smashing\n- Exploitation \u2013 Hijacking the control flow\n- Lab \u2013 Buffer overflow 101, code reuse\n- Exploitation \u2013 Arbitrary code execution\n- Injecting shellcode\n- Lab \u2013 Code injection, exploitation with shellcode\n- Pointer manipulation\n\n- Modification of jump tables\n- Overwriting function pointers\nBest practices and some typical mistakes\n\n\n- Unsafe functions\n- Dealing with unsafe functions\n- Lab \u2013 Fixing buffer overflow\n- What's the problem with asctime()?\n- Lab \u2013 The problem with asctime()\n- Using std::string in C++\n- Unterminated strings\n- readlink() and string termination\n- Manipulating C-style strings in C++\n- Malicious string termination\n- Lab \u2013 String termination confusion\n- String length calculation mistakes\n- Off-by-one errors\n- Allocating nothing\n- Testing for typical mistakes\nMemory management hardening\n\nRuntime protections\n\n\n- Runtime instrumentation\n- Address Space Layout Randomization (ASLR)\n\n- ASLR on various platforms\n- Lab \u2013 Effects of ASLR\n- Circumventing ASLR \u2013 NOP sleds\n- Circumventing ASLR \u2013 memory leakage\n- Non-executable memory areas\n\n- The NX bit\n- Write XOR Execute (W^X)\n- NX on various platforms\n- Lab \u2013 Effects of NX\n- NX circumvention \u2013 Code reuse attacks\n\n- Return-to-libc \/ arc injection\n- Return Oriented Programming (ROP)\n\n- Protection against ROP\nSecurity testing\n\n\n- Security testing vs functional testing\n- Manual and automated methods\n- Black box, white box, and hybrid testing\nSecurity testing methodology\n\n\n- Security testing \u2013 goals and methodologies\n- Overview of security testing processes\n- Identifying and rating assets\n\n- Preparation and scoping\n- Identifying assets\n- Identifying the attack surface\n- Assigning security requirements\n- Lab \u2013 Identifying and rating assets\n- Threat modeling\n\n- SDL threat modeling\n- Mapping STRIDE to DFD\n- DFD example\n- Attack trees\n- Attack tree example\n- Lab \u2013 Crafting an attack tree\n- Misuse cases\n- Misuse case examples\n- Risk analysis\n- Lab \u2013 Risk analysis\n- Accomplishing the tests\n- Reporting, recommendations, and review\nCommon software security weaknesses\n\nSecurity features\n\n\n- Authentication\n- Password management\n\n- Inbound password management\n- Storing account passwords\n- Password in transit\n- Lab \u2013 Is just hashing passwords enough?\n- Dictionary attacks and brute forcing\n- Salting\n- Adaptive hash functions for password storage\n- Password policy\n- NIST authenticator requirements for memorized secrets\n\n- Case study \u2013 The Ashley Madison data breach\n- The ultimate crack\n- Exploitation and the lessons learned\n- Password database migration\n- Testing for password management issues\n- Using password cracking tools\n- Lab \u2013 Password audit with John the Ripper\nCommon software security weaknesses\n\nInput validation\n\n\n- Input validation principles\n- What to validate \u2013 the attack surface\n- Where to validate \u2013 defense in depth\n- When to validate \u2013 validation vs transformations\n- Validation with regex\n- Injection\n\n- Injection principles\n- Injection attacks\n- Code injection\n- OS command injection\n- Lab \u2013 Command injection\n- OS command injection best practices\n- Avoiding command injection with the right APIs\n- Lab \u2013 Command injection best practices\n\n- Case study \u2013 Shellshock\n- Lab - Shellshock\n- Testing for command injection\n- Integer handling problems\n\n- Representing signed numbers\n- Integer visualization\n- Integer promotion\n- Integer overflow\n- Lab \u2013 Integer overflow\n- Signed \/ unsigned confusion\n- Case study \u2013 The Stockholm Stock Exchange\n- Lab \u2013 Signed \/ unsigned confusion\n- Integer truncation\n- Lab \u2013 Integer truncation\n- Case study \u2013 WannaCry\n- Best practices\n\n- Precondition testing\n- Postcondition testing\n- Best practices in C\n- Best practices in C++\n- Lab \u2013 Integer handling best practices in C++\n- Testing for numeric problems\n- Files and streams\n\n- Path traversal\n- Lab \u2013 Path traversal\n- Path traversal best practices\n- Lab \u2013 Path canonicalization\n- Testing for path traversal\nSecurity testing\n\nSecurity testing techniques and tools\n\n\n- Code analysis\n\n- Static Application Security Testing (SAST)\n- Lab \u2013 Using static analysis tools\n- Dynamic analysis\n\n- Security testing at runtime\n- Penetration testing\n- Stress testing\n- Dynamic Application Security Testing (DAST)\n- Fuzzing\n- Fuzzing techniques\n- Fuzzing \u2013 Observing the process\n- American Fuzzy Lop (AFL)\nWrap up\n\n\n- Secure coding principles\n- Principles of robust programming by Matt Bishop\n- Secure design principles of Saltzer and Schroeder\nAnd now what?\n\n\n- Software security sources and further reading\n- C and C++ resources\n- Security testing resources","summary_plain":"Your application written in C and C++ is tested functionally, so you are done, right? But did you consider feeding in incorrect values? 16Gbs of data? A null? An apostrophe? Negative numbers, or specifically -1 or -231? Because that's what the bad guys will do \u2013 and the list is far from complete.\n\nTesting for security needs a remarkable software security expertise and a healthy level of paranoia, and this is what this course provides: a strong emotional engagement by lots of hands-on labs and stories from real life.\n\nA special focus is given to finding all discussed issues during testing, and an overview is provided on security testing methodology, techniques and tools.\n\nSo that you are prepared for the forces of the dark side.\n\nSo that nothing unexpected happens.\n\nNothing.","skill_level":"Intermediate","version":"1","duration":{"unit":"d","value":3,"formatted":"3 Tage"},"pricelist":{"List Price":{"DE":{"country":"DE","currency":"EUR","taxrate":19,"price":2250},"CH":{"country":"CH","currency":"EUR","taxrate":8.1,"price":2250}}},"lastchanged":"2026-01-12T11:28:29+01:00","parenturl":"https:\/\/portal.flane.ch\/swisscom\/json-courses","nexturl_course_schedule":"https:\/\/portal.flane.ch\/swisscom\/json-course-schedule\/30311","source_lang":"de","source":"https:\/\/portal.flane.ch\/swisscom\/json-course\/cydrill-sect-cca"}}