Secure coding in C and C++ for medical devices

Secure coding in C and C++ for medical devicesSECC-CCPPMDCYCydrillCY-SECC-CCPPMD1<ul> <li>Getting familiar with essential cyber security concepts</li><li>Learning about security specialties of the healthcare sector</li><li>Identify vulnerabilities and their consequences</li><li>Learn the security best practices in C and C++</li><li>Input validation approaches and principles</li></ul><p>General C/C++ development</p><p>C/C++ developers developing medical devices</p><h4>Day 1</h4><ul> <li><strong>Cyber security basics</strong><ul> <li>What is security?</li><li>Threat and risk</li><li>Cyber security threat types – the CIA triad</li><li>Cyber security threat types – the STRIDE model</li><li>Consequences of insecure software</li></ul></li><li><strong>Regulations and standards</strong><ul> <li>Healthcare data protection regulations</li><li>Regulations for medical devices</li></ul></li><li><strong>Cyber security in the healthcare sector</strong><ul> <li>Threats to medical devices</li><li>Attackers and motivation</li><li>The problem of legacy systems</li></ul></li></ul><h4>Memory management vulnerabilities</h4><ul> <li><strong>Assembly basics and calling conventions</strong><ul> <li>x64 assembly essentials</li><li>Registers and addressing</li><li>Most common instructions</li><li>Calling conventions on x64</li></ul></li><li><strong>Buffer overflow</strong><ul> <li>Memory management and security</li><li>Vulnerabilities in the real world</li><li>Buffer security issues</li><li>Buffer overflow on the stack</li></ul></li></ul><h4>Day 2</h4><p> <strong>Memory management vulnerabilities</strong></p> <ul> <li><strong>Best practices and some typical mistakes</strong><ul> <li>Unsafe functions</li><li>Dealing with unsafe functions</li><li>Lab – Fixing buffer overflow</li><li>What's the problem with asctime()?</li><li>Lab – The problem with asctime()</li><li>Using std::string in C++</li></ul></li><li><strong>Some typical mistakes leading to BOF</strong><ul> <li>Unterminated strings</li><li>readlink() and string termination</li><li>Manipulating C-style strings in C++</li><li>Malicious string termination</li><li>Lab – String termination confusion</li><li>String length calculation mistakes</li><li>Off-by-one errors</li><li>Case study – Off-by-one error in VxWorks TCP 'Urgent Data' parsing</li><li>Allocating nothing</li></ul></li></ul><h4>Memory management hardening</h4><ul> <li><strong>Securing the toolchain</strong><ul> <li>Securing the toolchain in C and C++</li><li>Compiler warnings and security</li><li>Using FORTIFY_SOURCE</li><li>Lab – Effects of FORTIFY</li><li>AddressSanitizer (ASan)</li><li>RELRO protection against GOT hijacking</li><li>Heap overflow protection</li><li>Stack smashing protection</li></ul></li><li><strong>Runtime protections</strong><ul> <li>Runtime instrumentation</li><li>Address Space Layout Randomization (ASLR)</li><li>Non-executable memory areas</li></ul></li></ul><h4>Common software security weaknesses</h4><ul> <li><strong>Security features</strong><ul> <li>Authentication</li><li>Authorization</li></ul></li></ul><h4>Day 3</h4><p> <strong>Common software security weaknesses</strong></p> <ul> <li><strong>Security features (continued)</strong><ul> <li>Password management</li></ul></li></ul><p><strong>Common software security weaknesses</strong></p> <ul> <li><strong>Input validation</strong><ul> <li>Input validation principles</li><li>Denylists and allowlists</li><li>Case study – Improper input validation in Natus Xltek NeuroWorks 8</li><li>What to validate – the attack surface</li><li>Where to validate – defense in depth</li><li>When to validate – validation vs transformations</li><li>Output sanitization</li><li>Encoding challenges</li><li>Unicode challenges</li><li>Validation with regex</li><li>Regular expression denial of service (ReDoS)</li><li>Lab – ReDoS in C</li><li>Dealing with ReDoS</li><li>Integer handling problems</li></ul></li></ul><h4>Day 4</h4><p> <strong>Common software security weaknesses</strong></p> <ul> <li><strong>Input validation</strong><ul> <li>Injection</li><li>Process control</li><li>Files and streams</li><li>Format string issues</li></ul></li></ul><p><strong>Time and state</strong></p> <ul> <li>Race conditions</li></ul><p><strong>Errors</strong></p> <ul> <li>Error and exception handling principles</li><li>Error handling</li><li>Exception handling</li></ul><p><strong>Code quality</strong></p> <ul> <li>Code quality and security</li><li>Data handling</li><li>Object oriented programming pitfalls</li></ul><h4>Wrap up</h4><ul> <li>Secure coding principles</li><li>And now what?</li></ul>- Getting familiar with essential cyber security concepts - Learning about security specialties of the healthcare sector - Identify vulnerabilities and their consequences - Learn the security best practices in C and C++ - Input validation approaches and principlesGeneral C/C++ developmentC/C++ developers developing medical devicesDay 1 - Cyber security basics - What is security? - Threat and risk - Cyber security threat types – the CIA triad - Cyber security threat types – the STRIDE model - Consequences of insecure software - Regulations and standards - Healthcare data protection regulations - Regulations for medical devices - Cyber security in the healthcare sector - Threats to medical devices - Attackers and motivation - The problem of legacy systems Memory management vulnerabilities - Assembly basics and calling conventions - x64 assembly essentials - Registers and addressing - Most common instructions - Calling conventions on x64 - Buffer overflow - Memory management and security - Vulnerabilities in the real world - Buffer security issues - Buffer overflow on the stack Day 2 Memory management vulnerabilities - Best practices and some typical mistakes - Unsafe functions - Dealing with unsafe functions - Lab – Fixing buffer overflow - What's the problem with asctime()? - Lab – The problem with asctime() - Using std::string in C++ - Some typical mistakes leading to BOF - Unterminated strings - readlink() and string termination - Manipulating C-style strings in C++ - Malicious string termination - Lab – String termination confusion - String length calculation mistakes - Off-by-one errors - Case study – Off-by-one error in VxWorks TCP 'Urgent Data' parsing - Allocating nothing Memory management hardening - Securing the toolchain - Securing the toolchain in C and C++ - Compiler warnings and security - Using FORTIFY_SOURCE - Lab – Effects of FORTIFY - AddressSanitizer (ASan) - RELRO protection against GOT hijacking - Heap overflow protection - Stack smashing protection - Runtime protections - Runtime instrumentation - Address Space Layout Randomization (ASLR) - Non-executable memory areas Common software security weaknesses - Security features - Authentication - Authorization Day 3 Common software security weaknesses - Security features (continued) - Password management Common software security weaknesses - Input validation - Input validation principles - Denylists and allowlists - Case study – Improper input validation in Natus Xltek NeuroWorks 8 - What to validate – the attack surface - Where to validate – defense in depth - When to validate – validation vs transformations - Output sanitization - Encoding challenges - Unicode challenges - Validation with regex - Regular expression denial of service (ReDoS) - Lab – ReDoS in C - Dealing with ReDoS - Integer handling problems Day 4 Common software security weaknesses - Input validation - Injection - Process control - Files and streams - Format string issues Time and state - Race conditions Errors - Error and exception handling principles - Error handling - Exception handling Code quality - Code quality and security - Data handling - Object oriented programming pitfalls Wrap up - Secure coding principles - And now what?4 Tage3000.003300.00