Security for Hackers and Developers: Code Auditing
Did you know that bugs in software costs the economy billions of dollars a year? In this course, you are going to help turn the tide as you learn how to find and fix critical bugs quicker.
What you'll learn
Bugs in software can be very expensive issues that can arise from not thoroughly testing and re-testing your code. In this course, Security for Hackers and Developers: Code Auditing, you will learn about manual code pentesting and all about how a professional code auditor finds bugs in code. You'll mainly be focusing on C/C++, but the high level ideas apply to all languages. By going deep into the weeds on C and C++ code, learners will appreciate the depth and experience required to audit this and any language code. First you'll learn about code auditing tools and techniques, as well has why memory corruption happens and how to prevent it. Then you'll learn all about the newer bug types such as use-after-free, type confusion, and kernel double fetch. You'll wrap up the course by learning about the real-world vulnerabilities like Heartbleed and other critical browser bugs. By the end this course, you'll know how to audit code with confidence. You'll know how to spot bugs, understand why they're important, and architect modern protections.
Table of contents
- Find Security Flaws: Overflows, Off-by-one, Command Injection, Design, ASCII/Wide, and More 13m
- Review Memory Allocations Closely and Introducing Heartbleed 7m
- Explore the Heartbleed Vulnerability with the SCI Understand Code Auditing Tool 6m
- Heartbleed: Post-mortem Analysis 5m
- Kernel and Compiler Bugs, Homework, and Summary 6m
- Introduce Specific C++ Problems, and How to Audit 3m
- Class Auditing Demo 4m
- Introduce the Newer Bugs in Modern C++ Apps, Why They Exist, and How an Exploit Could Work 5m
- Deeper Look at Use-after-free 9m
- New in-app Protections: Isolated Heap and Deferred Free 3m
- Deeper Look at Type Confusion and Module Summary 6m
About the author
Dr. Jared DeMott is an engineer, entrepreneur, and security leader. DeMott previously served as a vulnerability analyst with the NSA. He holds a PhD from Michigan State University. He regularly speaks on cyber matters at conferences like RSA, DerbyCon, BlackHat, ToorCon, GrrCon, HITB, etc. He was a finalist in Microsoft’s BlueHat prize contest, which helped make Microsoft customers more secure. Dr. DeMott has been on three winning Defcon capture-the-flag teams, and has been an invited lecturer ... more