Secure Coding in C (2019)
1h 19mAdvanced2019-11-25
Authors

Dan Gookin
Creator, Teacher, and Technology Writer with 20+ years of experience
Course details
C lacks some of the safety valves offered by newer programming languages. But while this midlevel language has its weaknesses, writing safe C code is still possible—it just requires extra vigilance on the part of the developer. In this course, instructor Dan Gookin explains how to identify and code around weaknesses in the C programming language to write more secure programs. Many exploits are known regarding C code; this course reviews each one, explaining the vulnerabilities and how to deal with them. Major areas covered include undefined behavior, avoiding awkward constructions, validating input, managing strings, and working with pointers.
Learning objectives
The weaknesses of the C language
Using an assignment as a condition
Avoiding putchar() in a while loop
Confirming when EOF has been read
Authenticating numeric input
Filtering string input
Avoiding bad string assignment
Storing passwords and codes
Clearing data after use
Issues with pointers
Learning objectives
The weaknesses of the C language
Using an assignment as a condition
Avoiding putchar() in a while loop
Confirming when EOF has been read
Authenticating numeric input
Filtering string input
Avoiding bad string assignment
Storing passwords and codes
Clearing data after use
Issues with pointers
Skills covered
CSoftware Development SecurityCybersecurityProgramming LanguagesOpen SourceSoftware DevelopmentDeep Dive (X:Y)
Concepts
0. Introduction
- 01 - Write better secure C code
- 02 - Using the exercise files
- 03 - Compiling the code
1. On the Defensive
- 04 - Understanding the weaknesses of C
- 05 - What the bad guys look for
- 06 - Hunting exploits
- 07 - Documenting everything
2. Undefined Behaviors
- 08 - Formatting preprocessor directives
- 09 - Using an assignment as a condition
- 10 - Avoiding putchar() in a while loop
- 11 - Using the system() call
- 12 - Accessing elements beyond the array size
- 13 - Converting integers
- 14 - Looping with floating point values
- 15 - Using return values
- 16 - Confirming when EOF has been read
- 17 - Challenge - Fix the code
- 18 - Solution - Fix the code
3. Input Validation
- 19 - Authenticating numeric input
- 20 - Converting strings to numbers
- 21 - Using int values instead of char
- 22 - Reading input with fgets()
- 23 - Filtering string input
- 24 - Challenge - Confirming input
- 25 - Solution - Confirming input
4. String Management
- 26 - Allocating strings
- 27 - Avoiding bad string assignment
- 28 - Working with string literals
- 29 - Minding string functions
- 30 - Storing passwords and codes
- 31 - Clearing data after use
- 32 - Challenge - The secret code
- 33 - Solution - The secret code
5. Issues with Pointers
- 34 - Initializing pointers and buffers
- 35 - Checking for NULL pointers
- 36 - Performing pointer math
- 37 - Freeing pointers
- 38 - Challenge - Enter the combination
- 39 - Solution - Enter the combination
Conclusion
- 40 - Next steps
Related courses
Related learn paths
- Become a Programmer: Foundations
- Prepare for the MTA: Software Development Fundamentals Exam (98-361)
- Advancing Your Azure Developer Skills: Exploring Complex Application Development
- Advance your Node.js Skills
- C# Foundations: From Basics to Building Blocks
- Become a Software Developer
- Building AI Products: Security Essentials Professional Certificate by LinkedIn Learning
- Explore a Career in Application Security