Description
Course info
Rating
(39)
Level
Intermediate
Updated
Aug 30, 2016
Duration
2h 2m
Description

Bugs in software can be very expensive issues that can arise from not thoroughly testing and re-testing your code. In this course, Security for Hackers and Developers: Code Auditing, you will learn about manual code pentesting and all about how a professional code auditor finds bugs in code. You'll mainly be focusing on C/C++, but the high level ideas apply to all languages. By going deep into the weeds on C and C++ code, learners will appreciate the depth and experience required to audit this and any language code. First you'll learn about code auditing tools and techniques, as well has why memory corruption happens and how to prevent it. Then you'll learn all about the newer bug types such as use-after-free, type confusion, and kernel double fetch. You'll wrap up the course by learning about the real-world vulnerabilities like Heartbleed and other critical browser bugs. By the end this course, you'll know how to audit code with confidence. You'll know how to spot bugs, understand why they're important, and architect modern protections.

About the author
About the author

Dr. Jared DeMott is the founder of the security company, Vulnerability Discovery & Analysis (VDA) Labs. DeMott is a former NSA security analyst, Microsoft BlueHat Prize winner, and was the CTO and Binary Defense. He's frequently quoted in media, and invited to speak at security events.

More from the author
Security for Hackers and Developers: Fuzzing
Intermediate
2h 9m
Dec 14, 2016
More courses by Dr. Jared DeMott
Section Introduction Transcripts
Section Introduction Transcripts

Course Overview
Hi everyone. My name is Dr. DeMott and welcome to my course on code auditing. This is the second class in the application security for hackers and developers learning path. I'm the CTO of Binary Defense Systems and founder of VDA Labs Training. I'm a long-time security researcher, vulnerability, malware, and code-auditing expert. I love teaching and mentoring, and I'm happy to bring you another exciting class. Did you know that bugs in software costs the economy billions of dollars a year? In this course, we're going to turn the tide as we explain how to find and fix critical bugs quicker. By going deep into the weeds on C and C++ code, learners will appreciate the depth and experience required to audit this and any language. We cover topics such as a language review and code auditing tools and techniques; memory corruption, why it happens, and how to prevent it; newer bug types, such as use-after-free, type confusions, and colonel double-dutch; real-world vulnerability examples, like Heartbleed and critical browser bugs. By the end of this course, you'll know how to audit code with confidence. You'll know how to spot bugs, understand why they're important, and architect modern protections. Before beginning the course, you should take the first class in the series called Security for Hackers and Developers: Overview. After completing this course, you should feel comfortable moving on to upcoming courses on Fuzzing, Reverse Engineering, Exploit Development. I hope you'll join me on this journey towards safer code with the Security for Hackers and Developers Code Auditing Course at Pluralsight.

Exploring C++ Program Details Related to Security
Dr. DeMott here, and welcome to module 3, Exploring C++ Program Details as it relates to security. In this module, I'll first give you a demonstration of a little teaser code that I've been talking to you about and show you kind of what the bug is and how that works. Then we'll dive right in to the C++ code. And it's not a simple thing to give a quick overview of a language as complex as C++, so it's going to take a little bit of time, it's going to be a little more slides and text than usual, a little less demos, and we'll do more of the actual bug hunting back and forth in the next module. But we'll start some of that in this module. We'll go through a few bugs as well here. This is the code I've been teasing you with. Have you spotted the bug yet? I'm about to show you where it is. So let's go ahead and do the demo and walk through it and even take a peek in the debugger and figure out some of the details about it.