do not click

Meeting C++ 2021   |  Online   |  Training   |  Survey   |  Advertising   |  Jobposting   |  Login

Meeting C++ Trainings listing

(In)Secure C++, Secure Coding Practices in C++

Patricia Aas

Tags for this training

15.11.2021 for 2 day(s)

Book now

Trainings Details

(In)Security in C++ teaches C++ developers fundamental concepts from Exploit Development, and uses these concepts to demonstrate common vulnerabilities in C++ codebases. This background is used to help the students to view their code from an attacker’s perspective. They develop a sense of what common vulnerable constructs in C++ look like, and also which tools can help them find different types of vulnerabilities in their existing code bases.

Trainings Agenda

Day 1 - Finding Vulnerabilities

The first day is dedicated to learning ways to find vulnerabilities using tooling and fuzzing. We will go through common vulnerable constructs and show which tools can find them and how they can be fixed. We will use fuzzing to find the Heartbleed vulnerability. We round off the day preparing for the next morning by looking at debugging in gdb.

Plan for the day:

  • Meta: Training
  • Theory: Introduction and Specs
  • Mitigations: Tooling
  • Exploitable: UB and Compiler Optimizations
  • Theory: Address Sanitizer
  • Exploit: Heartbleed
  • Theory: Fuzzing (on Linux)
  • Theory: Debugging in gdb

Day 2 - Exploitation

The second day is dedicated to understanding how vulnerabilities can be used in exploitation. We will write shellcode and study traditional stack buffer overflow exploits, and use that to understand the platform mitigations that have been introduced over the years. Finally we will look at sandboxing on Linux with examples from the Chromium codebase.

Plan for the day:

  • Mitigations: Stack Buffer Overflow
  • Exploit: Shellcode 1 (on Linux)
  • Exploit: Shellcode 2 (on Linux)
  • Theory: Reverse Engineering
  • Theory: Linux Sandboxing (Examples from Chromium)
  • Discussion: Conclusion

Get your ticket now

Number of attendees is limited, please get your spot early.

Important: please register attendees with THEIR email, important details are shared by email.

Copyright Meetingcpp GmbH Imprint Piwik Opt out Privacy Policy