识别C/C++编程中的安全漏洞

Identifying Security Vulnerabilities in C/C++Programming

1315 次查看
加州大学戴维斯分校
Coursera
  • 完成时间大约为 14 个小时
  • 中级
  • 英语
注:本课程由Coursera和Linkshare共同提供,因开课平台的各种因素变化,以上开课日期仅供参考

你将学到什么

Apply “what to watch out for” and “where to look” to evaluate fragility of C++ library code.

Given a fragile C++ library, code a robust version.

Identify problems w/ privilege, trusted environments, input validation, files & sub-processes, resource mngmt, asynchronicity, & randomness in C/C++.

Remediate examples of problems that apply to C/C++ interactions with the programming environment.

课程概况

This course builds upon the skills and coding practices learned in both Principles of Secure Coding and Identifying Security Vulnerabilities, courses one and two, in this specialization. This course uses the focusing technique that asks you to think about: “what to watch out for” and “where to look” to evaluate and ultimately remediate fragile C++ library code.

The techniques you’ll be examining will make your programs perform accurately and be resistant to attempts to perform inaccurately. This is really what the term secure programming means. You will be shown common errors that people make, and then learn how to program more robustly. You will apply tips and best practices to help you improve your programming style and help you to avoid common problems like buffer overflows, which may or may not cause security problems.

课程大纲

Users, Privileges, and Environment Variables

In this module, you will be able to manage users and privileges when you run programs or sub-programs. You will be able to identify and use the different types of privileges on a Linux (and UNIX-like) system. You'll be able to identify how program shells preserve environment settings. You will be able to examine how your shell (or other program that uses the PATH variable) deals with multiple versions of that variable.

Validation and Verification, Buffer and Numeric Overflows, and Input Injections

In this module, you will be able to breakdown how the process of checking inputs, known as validation and verification works. You will be able to avoid and buffer numeric overflows in your programs. You will be able to discover what happens when you call functions with parameters that cause overflows. And finally, you will be able to detect various input injections such as cross-site scripting and SQL injections and be able to describe the consequences of not examining input.

Files, Subprocesses, and Race Conditions

In this module, you will be able to describe how files and subprocesses interact and be able to create subprocesses and shell scripts. You will also be able to identify and prevent race conditions in your programs and practice cleaning out environments to make them safe for untrusted subprocesses.

Randomness, Cryptography, and Other Topics

In this module you will be able to distinguish between pseudo-randomness and actual randomness. You will be able to apply randomness in the coding environment and generate random numbers and look at their distribution. You'll be able to identify and describe how and why cryptography is used, as well as why you should use trusted cryptography code libraries instead of crafting your own solution. You will be able to analyze and consider best practices for handling sensitive information, passwords, crypto keys, how to handle errors in security sensitive programs, and how to defend against string attacks. You will be able to hash a password and then try to guess another one. You will be able to practice cleaning out environments to make them safe for untrusted subprocesses, as well as practice handling integer overflow.

千万首歌曲。全无广告干扰。
此外,您还能在所有设备上欣赏您的整个音乐资料库。免费畅听 3 个月,之后每月只需 ¥10.00。
Apple 广告
声明:MOOC中国十分重视知识产权问题,我们发布之课程均源自下列机构,版权均归其所有,本站仅作报道收录并尊重其著作权益。感谢他们对MOOC事业做出的贡献!
  • Coursera
  • edX
  • OpenLearning
  • FutureLearn
  • iversity
  • Udacity
  • NovoEd
  • Canvas
  • Open2Study
  • Google
  • ewant
  • FUN
  • IOC-Athlete-MOOC
  • World-Science-U
  • Codecademy
  • CourseSites
  • opencourseworld
  • ShareCourse
  • gacco
  • MiriadaX
  • JANUX
  • openhpi
  • Stanford-Open-Edx
  • 网易云课堂
  • 中国大学MOOC
  • 学堂在线
  • 顶你学堂
  • 华文慕课
  • 好大学在线CnMooc
  • (部分课程由Coursera、Udemy、Linkshare共同提供)

© 2008-2020 MOOC.CN 慕课改变你,你改变世界