Deep C and Secure Coding - a course for experienced C and C++ programmers

C++

"Like a crash course for those who would not mind having long beard, sandals and 30 years of experience with C programming."

Programming is hard. To write correct C (and C++) is particularly hard. Even mature codebases written by dedicated professionals usually contains lots of bugs and security vulnerabilities. Many of these issues could have been avoided if the programmers had an even better understanding of the limitations and potentials of the C programming language.

This course is aimed at experienced C and C++ programmers that would like to further deepen their understanding and knowledge of the C programming language. Throughout the course we will refer to what the C standard say and try to understand what modern compilers are allowed to do, and often will do, when optimizing and/or porting code to different architectures.

We will discuss gotchas introduced by the preprocessor, details on how expressions are evaluated, proper declaration and initialization of objects, memory model, object life-times, input/output, type conversions, how to correctly think about strings, arrays and pointers, and much more. We will also discuss and demonstrate typical security vulnerabilities and exploits, and we will learn about mitigation techniques and available security defence mechanisms.

In addtion to lectures there will be several exercises where focus will be on techniques and best-practice for writing solid code.

Topics covered in this course:

  • Sequencing and sequence points
  • Unspecified and undefined behavior
  • The different C standards (K&R, ANSI C, C99, C11)
  • History and spirit of C
  • Portability and optimization issues
  • Working with pointers, arrays and structures
  • Preprocessing, translation, linking and execution
  • Modern development techniques and design issues
  • The memory model
  • Some similarities and differences between C and C++
  • Security vulnerabilities, exploits and mitigation strategies

Some motivation for this course can be found here:

Prerequisite:

This course is aimed at professional programmers that already have some years of C and/or C++ experience. The more experience you have the more you will probably enjoy this course. Programmers with a solid experience from other programming languages might also enjoy this course given some extra reparation upfront.

All participants should bring their own development environment with a modern C compiler.

There will be homework between day 1 and day 2

Tid

09:00 - 17:00