New C and C++ Secure Coding ARM

Writing C/C++ code can be a minefield, for reasons ranging from memory management to handling old code to sharp deadlines and code maintainability. Beyond all of this, however, what if we told you that attackers were trying to break into your code right now? How likely would they be to succeed?

This course will change the way you look at your C/C++ code. We'll teach you the common weaknesses and their consequences that allow hackers to attack your system and, more importantly, the best practices you can employ to protect yourself. We provide a holistic view of C/C++ programming flaws and their countermeasures from the machine code level to virtual functions and operating system memory management. The entire course is presented through live hands-on exercises to make it exciting and fun.

Writing secure code can give you a distinct advantage over your competitors. It's your choice whether you want to stay ahead of the field - take one step ahead and become a major player in the fight against cybercrime.

• From IT security to secure programming: what are the risks? IT security vs. secure coding, from vulnerabilities to botnets and cybercrime, the nature of security flaws, from infected computers to targeted attacks, Classification of security flaws, Landwehr's taxonomy, the seven kingdoms of harm.
• ARM machine code, memory allocation and stack operations: ARM processors (main registers, key instructions, flags and conditionals, control instructions, stack handling instructions), understanding complex ARM instructions, the function call mechanism in ARM, local variables and stack frame, function calls - prologue and epilogue of a function, stack frame in nested calls, stack frame in recursive functions.
• Buffer overflow, stack overflow: buffer overflow on the stack, overwriting the return address. Stack overflow protection: advanced protection methods, protection methods at different layers, software security protection matrix, stack overflow prevention (during development) and detection (during execution), Fortify compiler option (FORTIFY_SOURCE). Stack smashing protection: variants, protection in GCC, effects (prologue, epilogue), workarounds, overwriting algorithms - mitigation. Address Space Layout Randomization (ASLR): randomization, practical weaknesses and limitations, circumvention (NOP sledding). Non-executable memory areas - the NX bit: access control to memory segments, the Never eXecute (NX) bit. Return-oriented programming (ROP): bypassing memory execution protection, return-to-libc attack in ARM, ROP gadget (register filling with constants, memory write), combining ROP gadgets, real ROP attack scenarios, mitigating the effects of ROP, mitigation techniques for ROP attack.
• Heap overflow: memory allocation with doubly linked lists, buffer overflow on heap, freeing and merging free space, freeing allocated memory blocks. Case study - Heartbleed: TLS Heartbeat extension, Heartbleed - information leakage in OpenSSL, Heartbleed - fix in v1.0 1g. Protection against heap overflow.
• Practical cryptography: Cryptosystems, symmetric key cryptography (ensuring confidentiality, encryption algorithms, modes of operation, symmetric encryption with OpenSSL (encryption, decryption), other cryptographic algorithms (Hash or message digest, Hash algorithms, SHAttered, Hashing with OpenSSL, message authentication code (MAC), integrity and authenticity assurance with symmetric keys, random number generation - random numbers and cryptography, cryptographically strong PRNGs, weak PRNGs in C and C++, stronger PRNGs in C, random number generation with OpenSSL, hardware-based TRNGs). Asymmetric (public-key) cryptography (ensuring confidentiality, rule of thumb - private key ownership, RSA algorithm - implementation, encryption, combining symmetric and asymmetric algorithms, digital signature, OpenSSL - asymmetric encryption, digital signature). Public Key Infrastructure (PKI): man-in-the-middle (MitM) attack, digital certificates against MitM attack, certificate authorities in public key infrastructure, X.509 digital certificate.
• XML Security: injection, protection with sanitization and XML validation, XML analysis in C++, XML Entity Abuse (XML Entity Introduction, XML Bomb, XML External Entity Attack (XXE) - resource involvement, XXE attack, preventing entity attacks, Case Study - XXE in Google toolkit.
• Denial of Service: DoS introduction, Asymmetric DoS, Regular Expression DoS (ReDoS) (Exercise, Case Study - ReDoS on Stack Exchange), Hashtable collision attack (Using Hashtables to store data, Hashtable collision)
• Common coding mistakes and vulnerabilities: improper error and exception handling, typical problems with error and exception handling, empty catch block, overly verbose catch block. ErrorHandling, error handling.
• Code quality problems: threats from poor code quality, unpublished resources, type mismatch, memory allocation problems (Smart pointers, zero length allocation, double free, mixing delete and delete []), use after free (example of a class, spotting the error, Use after free- Dangling pointer, case study - WannaCry.
• Input validation: terms, concepts, problems with integers (representation of negative integers, integer ranges, integer overflow, problems with integers in C/C++, rule for integer promotion in C/C++, arithmetic overflow, IntOverflow, what is the value of abs(INT_MIN)?, signature error, integer truncation, integer problem, case study - Android Stagefright), Printf format string bug (strings, error - exploitation), some other input validation problems (Array indexing, off-by-one and other null termination errors, Unicode error), path traversal vulnerability (path traversal - weak protection and best practices), log forgery.
• Inappropriate use of security features: typical problems, password management (weaknesses of hashed passwords, password management and storage, special purpose hash algorithms for password storage, Argon2 and PBKDF2 implementations in C/C++, bcrypt and scrypt implementations in C/C++, case study - Ashley Madison data breach, typical errors in password management, hard coded passwords).
• Sensitive information in memory: protecting secrets, minimizing attack surface, secrets vs dynamic memory, zeroisation, zeroisation vs optimisation, copies of sensitive data on disk, core dumping, disabling core dumping, swapping, memory locking - preventing swapping, problems with page locking, best practices.
• Time and state problems: time and state problems, serialization errors, TOCTTOU, best practices against TOCTTOU.
• Advice &eacut

• Programming skills and at least two years of experience in a C or C++ environment. Basic knowledge of x86 architecture and assembly language, and basic practical knowledge of basic cryptographic concepts and methods is recommended. As the course material is in English, a basic level of English at document reading level is required. The lecture will be given in English.