This course builds upon the skills and coding practices learned in both Principles of Secure Coding and Identifying Security Vulnerabilities, courses one and two, in this specialization. This course uses the focusing technique that asks you to think about: “what to watch out for” and “where to look” to evaluate and ultimately remediate fragile C++ library code.
Este curso forma parte de Programa especializado: Secure Coding Practices
ofrecido por
Acerca de este Curso
Qué aprenderás
Apply “what to watch out for” and “where to look” to evaluate fragility of C++ library code.
Given a fragile C++ library, code a robust version.
Identify problems w/ privilege, trusted environments, input validation, files & sub-processes, resource mngmt, asynchronicity, & randomness in C/C++.
Remediate examples of problems that apply to C/C++ interactions with the programming environment.
Habilidades que obtendrás
- Identifying vulernabilities
- C/C++ Programming
ofrecido por

Universidad de California, Davis
UC Davis, one of the nation’s top-ranked research universities, is a global leader in agriculture, veterinary medicine, sustainability, environmental and biological sciences, and technology. With four colleges and six professional schools, UC Davis and its students and alumni are known for their academic excellence, meaningful public service and profound international impact.
Programa - Qué aprenderás en este curso
Users, Privileges, and Environment Variables
In this module, you will be able to manage users and privileges when you run programs or sub-programs. You will be able to identify and use the different types of privileges on a Linux (and UNIX-like) system. You'll be able to identify how program shells preserve environment settings. You will be able to examine how your shell (or other program that uses the PATH variable) deals with multiple versions of that variable.
Validation and Verification, Buffer and Numeric Overflows, and Input Injections
In this module, you will be able to breakdown how the process of checking inputs, known as validation and verification works. You will be able to avoid and buffer numeric overflows in your programs. You will be able to discover what happens when you call functions with parameters that cause overflows. And finally, you will be able to detect various input injections such as cross-site scripting and SQL injections and be able to describe the consequences of not examining input.
Files, Subprocesses, and Race Conditions
In this module, you will be able to describe how files and subprocesses interact and be able to create subprocesses and shell scripts. You will also be able to identify and prevent race conditions in your programs and practice cleaning out environments to make them safe for untrusted subprocesses.
Randomness, Cryptography, and Other Topics
In this module you will be able to distinguish between pseudo-randomness and actual randomness. You will be able to apply randomness in the coding environment and generate random numbers and look at their distribution. You'll be able to identify and describe how and why cryptography is used, as well as why you should use trusted cryptography code libraries instead of crafting your own solution. You will be able to analyze and consider best practices for handling sensitive information, passwords, crypto keys, how to handle errors in security sensitive programs, and how to defend against string attacks. You will be able to hash a password and then try to guess another one. You will be able to practice cleaning out environments to make them safe for untrusted subprocesses, as well as practice handling integer overflow.
Reseñas
- 5 stars74,64 %
- 4 stars14,08 %
- 3 stars9,85 %
- 1 star1,40 %
Principales reseñas sobre IDENTIFYING SECURITY VULNERABILITIES IN C/C++PROGRAMMING
I liked the course and the instructor is really nice. It could use more code. This course has very minimal code.
Thoroughly enjoyed the course. learned a lot. thank you.
Practical demos could have added more fun to this course.
More code and Example would be good in this code, Example code for Discussion would be good for ideal reference
Acerca de Programa especializado: Secure Coding Practices
This Specialization is intended for software developers of any level who are not yet fluent with secure coding and programming techniques.Through four courses, you will cover the principles of secure coding, concepts of threat modeling and cryptography and exploit vulnerabilities in both C/C++ and Java languages, which will prepare you to think like a hacker and protect your organizations information. The courses provide ample practice activities including exploiting WebGoat, an OWASP project designed to teach penetration testing.

Preguntas Frecuentes
¿Cuándo podré acceder a las lecciones y tareas?
¿Qué recibiré si me suscribo a este Programa especializado?
¿Hay ayuda económica disponible?
¿Tienes más preguntas? Visita el Centro de Ayuda al Alumno.