Secure Coding in C | Nullcon Berlin 2022

Trainer Name: Robert Seacord

Title: Secure Coding in C

Dates: April 5, 2022 To April 7, 2022

Time: 9 a.m. To 5:30 p.m. CEST

Venue: NH Hotel, Alexanderplatz, Berlin-Germany

Note: Regarding COVID-19 safety, Nullcon will seek to ensure a safe event, as the health and safety of our exhibitors, delegates, speakers, and staff will always be our number one priority. Nullcon will follow all applicable health regulations required by the local and government authorities.

Training Objective

Participants should come away from this course with a working knowledge of common programming errors that lead to software vulnerabilities, how these errors can be exploited, and effective mitigation strategies for preventing the introduction of these errors. In particular, participants will learn how to

  • improve the overall security of any C application
  • thwart buffer overflows and stack-smashing attacks that exploit insecure string manipulation logic
  • avoid vulnerabilities and security flaws resulting from the incorrect use of dynamic memory management functions
  • eliminate integer-related problems: integer overflows, sign errors, and truncation errors
  • understand undefined behavior and how optimizations can introduce vulnerabilities

Moreover, this course encourages programmers to adopt security best practices and develop a security mindset that can help protect software from tomorrow's attacks, not just today's.

Training level: Intermediate

Training Outline

Day 1: Strings

  • Introduction
    • Standards
    • Conformance
    • Behaviors
    • Errors
  • Common errors using strings
    • improperly bounded string copies
    • null-termination errors
    • truncation
    • write outside array bounds
    • off-by-one errors
    • improper data sanitization
  • String Vulnerabilities
    • Program Stack
    • Buffer Overflow
    • Code Injection
    • Arc Injection
  • Exercise: Identify String Problems
  • Mitigation Strategies
    • Prevention Strategies
    • Detection Strategies
  • Summary

Day 2: Integers

  • Integer Types
    • Integer Data Types
      • Unsigned integer types
      • Wraparound
      • Signed integer types
      • Signed integer ranges
      • Overflow
      • Character types
      • Other integer types
    • Integer Conversions
      • Integer conversion rank
      • Integer promotions
      • Usual arithmetic conversions
      • Conversions to unsigned integer types
      • Conversion implications
    • Integer Operations
      • Addition
      • Multiplication
      • Division/remainder
      • Right shift
    • Exercise: Reviewing Code for Integer Defects
    • Integer Vulnerabilities
      • Wrap around
      • Conversion error
      • Truncation
      • Non-exceptional
    • Mitigation Strategies
      • Integer type selection
      • Safe integer operations
      • Compiler Strategies
      • Testing and reviews
    • Summary
  • Dangerous Optimizations
    • Compiler Optimizations
    • Constant Folding
    • Adding a Pointer and an Integer
    • Integer Overflow
    • GCC Options
    • Volatile
    • Strict Aliasing
    • Optimization Suggestions
    • Null pointer
    • Uninitialized Reads
    • C11 Analyzability Annex
    • Summary and Recommendations

Day 3: Dynamic Memory Management

  • Dynamic Memory Management
  • Common Dynamic Memory Management Errors
  • Doug Lea’s Memory Allocator
  • Buffer Overflows (Redux)
  • Double-Free
  • Mitigation Strategies
  • Summary
  • Exercise: Finding Memory Problems

What to Bring

Students must bring a personal computer equipped with the following:

  • 100MB or greater of free hard disk space
  • USB port
  • Adobe Reader
  • A Zip decompression utility, such as WinZip or 7-zip

Students should also bring their own C and C++ programming language development environments (compiler, editor, etc. ), such as Microsoft Visual Studio, Xcode, GCC, or Clang.

Training Prerequisites

The course assumes basic C and C++ programming skills but does not assume an in-depth knowledge of software security. The ideas presented apply to various development environments, but the examples are specific to Microsoft Visual Studio and Linux/GCC and the 32-bit Intel Architecture. Material in this presentation was derived from the Addison-Wesley books Secure Coding in C and C++ and The CERT C Secure Coding Standard. It is recommended that participants have a basic to intermediate understanding of the C and C++ programming languages. Software security knowledge or experience is not required.

Who Should Attend?

This training is meant for C programmers with some existing knowledge of the language, and security analysts interested in performing secure code audits.

What to expect?

Students will develop a new, deeper understanding of C programming and all the myriad things that can go wrong.

What attendee will get

Attendees will receive pdf copies of the presentation material, reference material, and course exercises prior to the start of the training.

About the Trainer

Robert C. Seacord is a Technical Director with the NCC Group where he works with software developers and software development organizations to eliminate vulnerabilities resulting from coding errors before they are deployed.

Previously, Robert led the secure coding initiative in the CERT Division of Carnegie Mellon University’s Software Engineering Institute (SEI). Robert was also an adjunct professor in the School of Computer Science and the Information Networking Institute at Carnegie Mellon University.

Robert is the author of seven books, including Effective C (No Starch, 2021), The CERT C Coding Standard, Second Edition (Addison-Wesley, 2014) Secure Coding in C and C++, Second Edition (Addison-Wesley, 2013), and Java Coding Guidelines: 75 Recommendations for Reliable and Secure Programs (Addison-Wesley, 2014). Robert is on the Advisory Board for the Linux Foundation and an expert on the ISO/IEC JTC1/SC22/WG14 international standardization working group for the C programming language.