Secure Coding in C

Learn how to identify and code around weaknesses in the C programming language to write more secure programs.

Introduction

• Write better secure C code
• Using the exercise files
• Compiling the code

1. On the Defensive

• Understanding the weaknesses of C
• What the bad guys look for
• Hunting exploits
• Documenting everything

2. Undefined Behaviors

• Formatting preprocessor directives
• Using an assignment as a condition
• Avoiding putchar() in a while loop
• Using the system() call
• Accessing elements beyond the array size
• Converting integers
• Looping with floating point values
• Using return values
• Confirming when EOF has been read
• Challenge: Fix the code
• Solution: Fix the code

3. Input Validation

• Authenticating numeric input
• Converting strings to numbers
• Using int values instead of char
• Reading input with fgets()
• Filtering string input
• Challenge: Confirming input
• Solution: Confirming input

4. String Management

• Allocating strings
• Avoiding bad string assignment
• Working with string literals
• Minding string functions
• Storing passwords and codes
• Clearing data after use
• Challenge: The secret code
• Solution: The secret code

5. Issues with Pointers

• Initializing pointers and buffers
• Checking for NULL pointers
• Performing pointer math
• Freeing pointers
• Challenge: Enter the combination
• Solution: Enter the combination

Conclusion

• Next steps