SkillSoft Explore Course – Lambers, Inc.

IT Skills Software Design and Development C++ Defensive Programming in C/C++

Defensive programming is a methodology for writing code that is not prone to present or future errors potentially caused by unexpected user inputs or actions. In this course, you will explore common risks to C/C++, how to defend against common attacks, the best way to deal with user input, and finally, you'll explore some best practices for creating defendable code.

Asset ID	sd_dpcc_a02_it_enus
Course Type	Video Course
Course Category	Software Design and Development

Objectives
Risks in C/C++ Applications start the course list potential risks to C/C++ UI applications describe what buffer overflows are and their impact identify how to prevent buffer overflows Defending Against Attacks describe what code injection attacks are describe how to mitigate injection attacks in C/C++ applications identify how to prevent format string vulnerabilities in C/C++ applications recognize how to prevent Dynamic Link Library or DLL hijacking in C/C++ applications use exceptions in C/C++ applications Working with User Input specify how to deal with bad data in your C/C++ applications how to use regular expressions to help in input validation recognize how to constrain user input to prevent bad data input Defending Code in C/C++ recognize how to properly interface with data in C/C++ demonstrate some common data validation techniques employed to create secure C/C++ applications identify why casting in the C++ style is preferred to the C style C/C++ Best Practices for Defensive Coding recognize how to properly use operator overloading in C/C++ identify the correct way to access internal class data describe why for loops are preferred to while loops recognize how to keep functions focused and concise identify the best way to use references and pointers and why you should avoid raw pointers describe the top secure coding practices for C/C++ recognize the importance of good readability for planning and maintaining code Practice: Securing a C/C++ Application use defensive coding techniques to create a secure C/C++ application

Objectives

Risks in C/C++ Applications

start the course
list potential risks to C/C++ UI applications
describe what buffer overflows are and their impact
identify how to prevent buffer overflows

Defending Against Attacks

describe what code injection attacks are
describe how to mitigate injection attacks in C/C++ applications
identify how to prevent format string vulnerabilities in C/C++ applications
recognize how to prevent Dynamic Link Library or DLL hijacking in C/C++ applications
use exceptions in C/C++ applications

Working with User Input

specify how to deal with bad data in your C/C++ applications
how to use regular expressions to help in input validation
recognize how to constrain user input to prevent bad data input

Defending Code in C/C++

recognize how to properly interface with data in C/C++
demonstrate some common data validation techniques employed to create secure C/C++ applications
identify why casting in the C++ style is preferred to the C style

C/C++ Best Practices for Defensive Coding

recognize how to properly use operator overloading in C/C++
identify the correct way to access internal class data
describe why for loops are preferred to while loops
recognize how to keep functions focused and concise
identify the best way to use references and pointers and why you should avoid raw pointers
describe the top secure coding practices for C/C++
recognize the importance of good readability for planning and maintaining code

Practice: Securing a C/C++ Application

use defensive coding techniques to create a secure C/C++ application