Secure Coding in C
1h 29mIntermediate2025-03-13
Authors

Dan Gookin
Creator, Teacher, and Technology Writer with 20+ years of experience
Course details
This course surveys the C language, which is notorious for having several weaknesses with regards to data typing, bounds checking, and memory management among others. Many of the exploits known regarding C code are reviewed, including weak data typing and overflows. Instructor Dan Gookin explains the vulnerabilities and offers information on how to defensively code around these exploits and vulnerabilities. Other areas covered include undefined behavior, avoiding awkward constructions, validating input, using proper data types, managing strings, memory management, and working with pointers.
Learning objectives
Recognize and defend against known C exploits.
Review the known weaknesses of the C programming language.
Recognize and avoid vulnerabilities when performing common programming tasks.
Write secure and strong C programs.
Learning objectives
Recognize and defend against known C exploits.
Review the known weaknesses of the C programming language.
Recognize and avoid vulnerabilities when performing common programming tasks.
Write secure and strong C programs.
Skills covered
CSoftware Development SecurityCybersecurityProgramming LanguagesOpen SourceSoftware DevelopmentOne-Off
Concepts
0. Introduction
- 01 - Is your code safe
- 02 - Configuration and setup
1. On the Defensive
- 03 - Understanding C's weaknesses
- 04 - What the bad guys look for
- 05 - Hunting exploits
- 06 - Documenting everything
2. Undefined Behaviors
- 07 - Formatting preprocessor directives
- 08 - Using an assignment as a condition
- 09 - Avoiding putchar() in a while loop
- 10 - Using the system() call
- 11 - Accessing elements beyond the array size
- 12 - Converting integers
- 13 - Looping with floating point values
- 14 - Using return values
- 15 - Confirming when EOF has been read
- 16 - Challenge - Fix the code
- 17 - Solution - Fix the code
3. Input Validation
- 18 - Authenticating numeric input
- 19 - Converting strings to numbers
- 20 - Using int values instead of char
- 21 - Reading input with fgets()
- 22 - Filtering string input
- 23 - Challenge - Confirming input
- 24 - Solution - Confirming input
4. String Management
- 25 - Allocating strings
- 26 - Avoiding bad string assignment
- 27 - Working with string literals
- 28 - Minding string functions
- 29 - Storing passwords and codes
- 30 - Clearing data after use
- 31 - Challenge - The secret code
- 32 - Solution - The secret code
5. Issues with Pointers
- 33 - Initializing pointers and buffers
- 34 - Checking for NULL pointers
- 35 - Performing pointer math
- 36 - Freeing pointers
- 37 - Challenge - Enter the combination
- 38 - Solution - Enter the combination
Conclusion
- 39 - Next steps
Related courses
Related learn paths
- Become a Programmer: Foundations
- Building AI Products: Security Essentials Professional Certificate by LinkedIn Learning
- Explore a Career in Application Security
- Explore a Career in Computer Forensics
- Prepare for the ISC2 Information Systems Security Professional (CISSP) Certification Exam (2021)
- Building AI Products: Prototyping Essentials Professional Certificate
- Prepare for the MTA: Software Development Fundamentals Exam (98-361)
- Network Administration: Build Core Skills for Network Management and Security