Security for Hackers and Developers: Code Auditing

Did you know that bugs in software costs the economy billions of dollars a year? In this course, you are going to help turn the tide as you learn how to find and fix critical bugs quicker.
Course info
Rating
(20)
Level
Intermediate
Updated
August 30, 2016
Duration
2h 2m
Table of contents
Description
Course info
Rating
(20)
Level
Intermediate
Updated
August 30, 2016
Duration
2h 2m
Description

Bugs in software can be very expensive issues that can arise from not thoroughly testing and re-testing your code. In this course, Security for Hackers and Developers: Code Auditing, you will learn about manual code pentesting and all about how a professional code auditor finds bugs in code. You'll mainly be focusing on C/C++, but the high level ideas apply to all languages. By going deep into the weeds on C and C++ code, learners will appreciate the depth and experience required to audit this and any language code. First you'll learn about code auditing tools and techniques, as well has why memory corruption happens and how to prevent it. Then you'll learn all about the newer bug types such as use-after-free, type confusion, and kernel double fetch. You'll wrap up the course by learning about the real-world vulnerabilities like Heartbleed and other critical browser bugs. By the end this course, you'll know how to audit code with confidence. You'll know how to spot bugs, understand why they're important, and architect modern protections.

About the author
About the author

Dr. Jared DeMott is the founder of the security company, Vulnerability Discovery & Analysis (VDA) Labs. DeMott is a former NSA security analyst, Microsoft BlueHat Prize winner, and was the CTO and Binary Defense. He's frequently quoted in media, and invited to speak at security events.

More from the author
Security for Hackers and Developers: Fuzzing
Intermediate
2h 9m
14 Dec 2016
Transcript
Transcript

Hi everyone, my name is Dr. DeMott and welcome to my course on Code Auditing. This is the 2nd class in the Application Security for Hackers and developers learning path. I’m the CTO of Binary Defense Systems and Founder of VDA Labs Training. I’m a long time security researcher, vulnerability, malware, and code security expert.I love teaching and mentoring and am happy to bring you another exciting class.

Did you know that bugs in software costs the economy billions of dollars/year? In this course, we are going to turn the tide as I explain how to find and fix critical bugs quicker. By going deep into the weeds on C and C++ code, learners will appreciate the depth and experience required to audit this, and any language code.

We cover topics such as:

  1. A Language review and code auditing tools and techniques
  2. Memory corruption – why it happens and how to prevent it
  3. Newer bug types such as use-after-free, type confusion, and kernel double fetch
  4. Real world vulnerability examples like Heartbleed and critical browser bugs
By the end this course, you’ll know how to audit code with confidence. You’ll know how to spot bugs, understand why they’re important, and architect modern protections. Before beginning the course you should take the first class in series called Security for Hackers and Developers: Overview

After completing this course, you should feel comfortable moving on to upcoming courses on:
  1. Fuzzing
  2. Reverse Engineering
  3. Exploit development
I hope you’ll join me on this journey toward safer code, with the Security for Hackers and Developers: Code Auditing course-- at Pluralsight.