This module is an introduction into the security pitfalls of common programming languages. It aims to demonstrate how to spot and avoid security relevant programming flaws.
The students know common causes for security relevant programming flaws and know how to avoid them. The importance of ISO standards has been recognized based on a commonly used programming language, as have the subtle and drastic issues that arise when the programmer leaves the realm of the behaviour defined in the standard.
The graduates cooperate in a team based manner during the course and define and research a secure coding related question, presenting their work their peers in the course.
- Introduction: Damages caused by software flaws, hacked computers, vehicles, industrial plants and the difference between errors and malicious manipulation
- Philosophy of efficient compiled languages
- Typical issues with compiled laguages
- Succesfull attacks from the past
- How to guard against typical issues using coding standards
- Tools supporting secure coding
Examination: Written Exam
according to examination regulations (§ 9)
- Steve Maguire: Writing Solid Code
- Robert C. Seacord: Secure Coding in C and C++
- ISO/IEC 9899:1999: Programming languages – C
- Robert C. Seacord: The CERT C Coding Standard
- Fred Long, Dhruv Mohindra, Robert C. Seacord, Dean F. Sutherland,
- David Svoboda: The CERT Oracle Secure Coding Standard for Java