Security testing C and C++ applications (SECT-CCA) – Contenuti
Contenuti dettagliati del Corso
Day 1
- Cyber security basics
- What is security?
- Threat and risk
- Cyber security threat types – the CIA triad
- Cyber security threat types – the STRIDE model
- Consequences of insecure software
- Memory management vulnerabilities
- Assembly basics and calling conventions
- Buffer overflow
- Best practices and some typical mistakes
Day 2
- Memory management hardening
- Runtime protections
- Security testing
- Security testing methodology
- Common software security weaknesses
- Security features
- Authentication
- Password management
Day 3
- Common software security weaknesses
- Input validation
- Input validation principles
- What to validate – the attack surface
- Where to validate – defense in depth
- When to validate – validation vs transformations
- Validation with regex
- Injection
- Integer handling problems
- Files and streams
- Security testing
- Security testing techniques and tools
- Code analysis
- Dynamic analysis
- Wrap up
- Secure coding principles
- And now what?
