Combined C/C++, Java and Web Application Security

Combined C/C++, Java and Web Application Security Course Description

Duration: 4.00 days (32 hours)

Price: $1,999.00

To serve in the best way heterogeneous development groups that are using various platforms simultaneously during their everyday work, we have merged various topics into a combined course that presents diverse secure coding subjects in didactic manner on a single training event. This course combines C/C++ and Java platform security to provide an extensive, cross-platform secure coding expertise.

Next Class Dates

Contact us to customize this class with your own dates, times and location. You can also call 1-888-563-8266 or chat live with a Learning Consultant.

Back to Top

Intended Audience for this Combined C/C++, Java and Web Application Security Course

  • » This course is designed to fit the needs of C/C++ developers, software architects and testers developing products with the extent use of native code.

Back to Top

Course Prerequisites for Combined C/C++, Java and Web Application Security

Back to Top

Combined C/C++, Java and Web Application Security Course Objectives

  • » Concerning C/C++, common security vulnerabilities are discussed, backed by practical exercises about the attacking methods that exploit these vulnerabilities, with the focus on the mitigation techniques that can be applied to prevent the occurrences of these dangerous bugs, detect them before market launch or prevent their exploitation.
  • » Security components and service of Java are discussed by presenting the different APIs and tools through a number of practical exercises where participants can gain hands-on experience in using them. The course also covers security issues of Web services and the related Java services that can be applied to prevent the most aching threats of the Internet based services. Finally, web- and Java-related security vulnerabilities are demonstrated by easy-to-understand exercises, which not only show the root cause of the problems, but also demonstrate the attack methods along with the recommended mitigation and coding techniques in order to avoid the associated security problems.

Back to Top

Combined C/C++, Java and Web Application Security Course Outline

      1. IT security and secure coding :
      2. General security vs. IT security
      3. IT security related terms
      4. Definition of risk
      5. Specialty of information technology security
      6. Different aspects of IT security
      7. Requirements of different application areas
      8. IT security vs. secure coding
      9. Building a secure system
      10. From vulnerabilities to botnets and cyber crime
        1. Nature of security flaws
        2. Reasons of difficulty
        3. From your computer to attacks against critical targets
        4. Cyber-crime ¡V an organized network of criminals
      11. Classification of security flaws
        1. Landwehr's taxonomy
        2. The Fortify taxonomy
        3. Vulnerability categories-Seven Pernicious Kingdoms
        4. OWASP Top Ten (2013 release candidate)
      12. Security relevant C/C++ programming bugs and flaws :
      13. Common security vulnerabilities
        1. Programming bugs
        2. Exploitable security flaws
      14. Combined C/C++, Java and Web application security:
      15. Protection principles
        1. Protection methods
        2. Specific protection methods
        3. Protection methods at different layers
        4. The PreDeCo matrix x86 machine code, memory layout, stack operations
      16. x86 machine code, mmory layout, stack operations
        1. Intel 80x86 Processors-main registers
        2. Intel 80x86 Processors-most important instructions
        3. Intel 80x86 Processors-control instructions
        4. Intel 80x86 Processors-stack handling instructions
        5. The memory address layout
        6. The stack
        7. The function calling mechanism in C/C++ on x86
        8. Calling conventions
        9. The local variables and the stack frame
        10. The stack frame during a function call
        11. Stack frame of nested calls
        12. Function calls-prologue and epilogue of a function
        13. Buffer overflow Stack overflow
      17. Stack Overflow
        1. Buffer overflow on the stack
        2. Overwriting the return address
        3. Localizing the position of the return address
        4. Exercise BOFIntro
        5. Exercise BOFShellcode
      18. Protection against stack overflow
        1. Stack Overflow -Prevention (during development)
        2. Stack Overflow-Detection (during execution)
        3. Buffer Security Check / stack smashing protection (/GS)
        4. Exercise BOFCookie ¡V Using Buffer Security Check
        5. Using Buffer Security Check (/GS)
        6. Effects of Buffer Security Check in the code
        7. The security_check_cookie() function
        8. Bypassing stack smashing protection ¡V Overwriting arguments
        9. Exercise BOFCookie-Circumventing /GS by using Write What Where
        10. Overwriting arguments - Mitigation
        11. Stack overflow- Anti-exploit techniques
      19. Address Space Layout Randomization (ASLR)
        1. Stack randomization with ASLR
        2. Address Space Layout Randomization (ASLR)
        3. Software ASLR
        4. Bypassing ASLR on the stack: NOP sled
      20. Data Execution Prevention
        1. Virtual Memory Management related protection
        2. Virtual Memory Management- Access Control
        3. Data Execution Prevention (DEP)
        4. Using Data Execution Prevention
        5. Exercise DEP
      21. Day 2
      22. Return-to-libc attack ¡V circumventing DEP
        1. Arc injection / Return-to-libc attack
        2. Exercise Return-to-libc
        3. Multiple function calls with return-to-libc
      23. Heap overflow
        1. Memory allocation managed by a doubly-linked list
        2. Buffer overflow on the heap
        3. Steps of freeing and joining memory blocks
        4. Freeing allocated memory blocks
      24. Protection against heap overflow
        1. Heap overflow- Prevention (during development)
        2. Heap overflow-Detection (during execution)
        3. Heap overflow - Anti-exploit techniques
        4. Mixing delete and delete[]
      25. Integer problems in C/C++
      26. Representation of negative integers
      27. Integer representation by using the two's complement
      28. Integer ranges
      29. The integer promotion rule in C/C++
      30. Arithmetic overflow - spot the bug!
      31. Exercise IntOverflow
      32. So why ABS(INT_MIN)==INT_MIN?
      33. Signedness bug - spot the bug!
      34. Consequences of signed/unsigned integer promotion
      35. Widthness integer overflow- spot the bug!
      36. Exercise GDI
      37. Exercise Board
      38. Integer problem mitigation
        1. Avoiding arithmetic overflow- addition
        2. Avoiding arithmetic overflow- multiplication
        3. The SafeInt class
        4. Other C compatible libraries
      39. Printf format string bug
      40. Printf format strings Printf format string bug-exploitation
      41. Exercise Printf- the printf format string bug
      42. Printf format string exploit- overwriting the return address
      43. Exercise PrintfExploit - exploiting the printf format string bug
      44. Mitigation of printf format string problem
        1. Printf format string bug - Prevention (during development)
        2. Printf format string bug-Detection (during execution)
        3. Printf format string bug-Anti-exploit techniques
      45. Other common security vulnerabilities
      46. Array indexing ¡V spot the bug!
      47. Unicode bug
      48. Other security flaws
      49. Miscellaneous flaws
        1. An example information leakage
        2. Serialization errors (TOCTTOU)
        3. Temporary files / a C++ TOCTOU vulnerability
        4. Risks using signaling mechanisms
      50. File I/O risks
        1. Directory Traversal Vulnerability
        2. Symbolic Link Vulnerability
      51. RSA timing attack
        1. Introduction to RSA algorithm
        2. Implementation of encoding/decoding in RSA
        3. Fast exponentiation
        4. Differences in execution times
        5. RSA timing attack
        6. Measurements
        7. RSA timing attack ¡V principles
        8. Correlation of total and partial execution times
        9. RSA timing attack ¡V in practice
        10. The RSA timing attack algorithm
        11. Practical exploitation using the RSA timing attack
        12. Attacking SSL servers
      52. Mitigation of side channel attacks
        1. Blind signature
      53. Advices and principles
      54. Matt Bishop's principles of robust programming
      55. The security principles of Saltzer and Schroeder
      56. Knowledge sources
      57. Secure coding sources- a starter kit
      58. Vulnerability databases Recommended books- C/C++
      59. Summary and takeaways
      60. Day 3
      61. Java security overview
      62. Java platform security overview Java security in brief
      63. Java applet security
      64. Java Web Start security
      65. Java ME security architecture
      66. Java Card security architecture
      67. Foundations of Java security
      68. The Java environment
      69. Java security
      70. Low-level security-the Java language
        1. Java language security
        2. Access modifiers
        3. Type safety
        4. Automatic memory management
        5. Java execution overview
        6. Bytecode Verifier
        7. Class Loader
        8. Protecting Java code
      71. High-level

Back to Top

Combined C/C++, Java and Web Application Security Course Benefits

  • » Security components and service of Java are discussed by presenting the different APIs and tools through a number of practical exercises where participants can gain hands-on experience in using them. The course also covers security issues of Web services and the related Java services that can be applied to prevent the most aching threats of the Internet based services. Finally, web- and Java-related security vulnerabilities are demonstrated by easy-to-understand exercises, which not only show the root cause of the problems, but also demonstrate the attack methods along with the recommended mitigation and coding techniques in order to avoid the associated security problems.

Back to Top

Do you have the right background for Combined C/C++, Java and Web Application Security?

Skills Assessment

We ensure your success by asking all students to take a FREE Skill Assessment test. These short, instructor-written tests are an objective measure of your current skills that help us determine whether or not you will be able to meet your goals by attending this course at your current skill level. If we determine that you need additional preparation or training in order to gain the most value from this course, we will recommend cost-effective solutions that you can use to get ready for the course.

Our required skill-assessments ensure that:

  1. All students in the class are at a comparable skill level, so the class can run smoothly without beginners slowing down the class for everyone else.
  2. NetCom students enjoy one of the industry's highest success rates, and pass rates when a certification exam is involved.
  3. We stay committed to providing you real value. Again, your success is paramount; we will register you only if you have the skills to succeed.
This assessment is for your benefit and best taken without any preparation or reference materials, so your skills can be objectively measured.

Take your FREE Skill Assessment test »

Back to Top

Award winning, world-class Instructors

Hisham S.
- Masters Degree in Computer Science and several academic projects published over the years.
- Over 20 years of experience as a professor in local and foreign universities, and as a trainer focusing on Web Development.
- In-depth knowledge of programming, including MySQL, PHP, and AJAX.

Bio:

Hisham holds a Masters Degree in Computer Science, in addition to having more than 20 years of experience as a professor and a trainer. His proven expertise, including a position as a Professor of the Department of Computer Science at Minia University Egypt, and a Professor of the Department of Computer Science at City University of New York, in MySQL, PHP, and AJAX is beyond comparison.

As a NetCom Learning instructor, Hisham stays up to date with the latest news in Advanced Website Development. He shares his knowledge and experience in a very focused and clear way, which students find very enticing.
Paul B.
- Microsoft Office Specialist with over 14 years of training experience.
- Expert in the IT industry, working in the IT field since 1986.
- Highly rated instructor with an all-time average evaluation score of 8.7 out of 9.

Bio:

Paul is Subject Matter Expert specializing in the Microsoft Office Suite and SharePoint end-user technologies with more than 25 years of practical experience in the IT industry. He is also a Microsoft Certified Trainer (MCT) with over 14 years of training experience.

A sought-after instructor and eternal favorite among students, his instructor feedback scores are among the industry's highest at 8.7 out of 9.0. As a trainer, his knowledge and passion for the subject matter as well as his personable nature, excellent communications skills and sense of humor are implicit in every class. NetCom Learning is proud to have Paul on our roster of IT geniuses.
Sam P.
- Team leader for the first undergraduate team to win the Duke Startup Challenge.
- Over 15 years of experience in the IT industry.
- NetCom Learning Instructor of the Year 2011.

Bio:

Sam Polsky has spent his entire career in entrepreneurial pursuits, including such fields as biotechnology, software development, data management, and business process management. He began in entrepreneurship as team leader for the first undergraduate team to win the Duke Startup Challenge, a business development competition geared towards Duke Universitys various graduate schools.

Sam Polsky has since co-founded a consulting firm where he has been involved in software architecture, development and implementation. On top of that, Sam has been delivering acclaimed solutions in software architecture, development and implementation for over 15 years. He is a much-admired Subject Matter Expert and Trainer at NetCom Learning and was voted NetCom Learning Instructor of the Year 2011
Jose P.
Jose Marcial Portilla has a BS and MS in Mechanical Engineering from Santa Clara University. He has a great skill set in analyzing data, specifically using Python and a variety of modules and libraries. He hopes to use his experience in teaching and data science to help other people learn the power of the Python programming language and its ability to analyze data, as well as present the data in clear and beautiful visualizations. He is the creator of some of most popular Python Udemy courses including "Learning Python for Data Analysis and Visualization" and "The Complete Python Bootcamp". With almost 30,000 enrollments Jose has been able to teach Python and its Data Science libraries to thousands of students. Jose is also a published author, having recently written "NumPy Succintly" for Syncfusion's series of e-books.

See more...   See more instructors...

Back to Top

Recent Client Testimonials & Reviews

Excellent presentations, very comprehensive, excellent examples presented and discusses.

- Jose A.
Course(s) Taken

» AngularJS Training: Comprehensive AngularJS Training

Instructor was awesome. I have been in other online training sessions and Brian actually knew what he was talking about which was great
Chris A.
Course(s) Taken

» Website Development Professional Combo

Brian was very knowledgeable on the subjects and took the time to ensure the group kept up with the material.
Edwing P.
Course(s) Taken

» Website Development Professional Combo

  More testimonials »  

Back to Top

Ways to contact us

Back to Top