(In)Security in C++

The course teaches C++ developers fundamental concepts from Exploit Development and Reverse Engineering, and uses these concepts to demonstrate common vulnerabilities in C++ codebases. This background is used to help the students to view their code from an attacker's perspective. They develop a sense of what common vulnerable constructs in C++ look like, and also which tools can help them find different types of vulnerabilities in their existing code bases.

    Attendees can expect to gain

    • A basic understanding of the mindset of an exploit developer. - An understanding of assembly
    • Good grasp of tooling that can be used to find vulnerable constructs
    • Good idea of things to look for in code reviews
    • Good overview of Secure Coding Practices in C++

    Secure Coding Practices

    The Secure Coding Practices taught are largely based on the C++ Core Guidelines, the Common Weakness Enumeration (CWE) and the SEI CERT Coding Standards for C++.

    Prerequisites

    The attendees are assumed to be proficient C++

    Modules

    • Introduction and what specs exist?
    • Undefined Behavior & Compiler Optimizations
    • The anatomy of a Stack Buffer Overflow shellcode (on Linux)
    • Exploration of simple Exploitation Techniques
    • Introduction to Compilers, Static Analysis, Sanitizers and Fuzzers
    • Exploitable Programming Constructs: Memory I
    • Exploitable Programming Constructs: Memory II
    • Exploitable Programming Constructs: Numbers
    • Secure Programming Practices in C++: Prefer C++ to C
    • Secure Programming Practices in C++: Resource Management
    • Secure Programming Practices in C++: Avoid the Pitfalls
    • Secure Programming Practices in C++: Functionality
    • Insecure Coding 101

    Vulnerabilities

    • Stack Buffer Overflow (CWE-121)
    • Heap Buffer Overflow (CWE-122)
    • Buffer Underflow (CWE-124)
    • Use After Free (CWE-416)
    • Double Free (CWE-415)
    • Unsigned Integer Wraparound (CWE-190)
    • Signed Integer Overflow (CWE-190)
    • Numeric Truncation (CWE-197)
    • Incorrect Type Conversion (CWE-704)
    • Uncontrolled Format String (CWE-134)

    Tools and Techniques

    • Exploitation: Stack Overflow Exploit, Return Oriented Programming and Format String Exploit
    • Vulnerability Mitigation: Static Analysis, Warnings, Sanitizers and Fuzzers Platform Mitigation: Stack Canaries, Address Space Layout Randomization (ASLR), Non-executable memory
    Patricia Aas

    Patricia Aas is an international speaker and has spoken at CppCon, ACCU, C++OnSea, NDC Security, NDC Oslo and many other conferences on subjects ranging from Sandboxing in Chromium to Vulnerabilities in C++. She has taught a range of subjects in Computer Science at the University of Oslo.

    Patricia has a masters degree in Computer Science and 13 years professional experience as a programmer, most of that time programming in C++. During that time she has worked in codebases with a high focus on security: two browsers (Opera and Vivaldi) and embedded Cisco telepresence systems.

    NDC Conferences uses cookies to see how you use our website. We also have embeds from YouTube and Vimeo. How do you feel about that?