Modern C++ Secure Coding Practices: Const Correctness

This course will show you attacks hackers use against C++ programs and teach you how const correctness can prevent many of the bugs these attacks leverage.
Course info
Level
Intermediate
Updated
Jul 10, 2018
Duration
42m
Table of contents
Course Overview
What Is Const Correctness?
Bug Class: Memory Corruption via Pointer Mutation
Bug Class: Control Flow Hijacking via Accidental Assignment
Const Correctness as a Best Practice
Description
Course info
Level
Intermediate
Updated
Jul 10, 2018
Duration
42m
Description

Attackers often utilize small and otherwise unnoticed coding mistakes to hack applications. In this course, Modern C++ Secure Coding Practices: Const Correctness, you'll learn how these attacks take place and how you can prevent them from using const correctness. First, you'll take a look at how to properly handle pointers. Next, you'll discover how you can avoid accidentally assigning to variables. Finally, you'll explore strategies which can aid you in being const correct. When you're finished with this course, you'll have a foundational knowledge of const correctness that will help you move forward and write more secure and future-proof code.

About the author
About the author

Nick Cano is a published technical author, a Senior Security Architect at Cylance, and a life-long hacker. Nick specializes in software security, which requires daily use of his strong background in software development and reverse engineering.

Section Introduction Transcripts
Section Introduction Transcripts

Course Overview
Hey guys, my name is Nick Cano, and I'd like to welcome you to my Pluralsight course, Modern C++ Secure Coding Practices: Const Correctness. Const correctness is a way of writing code, which can prevent common mistakes that may lead to memory corruption, unintended branching, undefined behavior, and in the worst case, exploitable security holes. This course will focus on the security, visiting multiple different attacks against various common bugs. We'll explore how these attacks work, why they're possible, and how applying const correctness can enable your compiler to be an integral part of prevention. In addition, we'll talk about strategies you can use to compliment your const correct code, and enable you to really knock security by design out of the park. Before starting this course, I recommend you to be comfortable in C++. This means having a good grasp of the syntax, a familiarity with pointers, an understanding of logical constructs, and a reasonable grasp of data types and data structures. You bring this, my course will bring the rest, and you'll be on your way to writing clean, more secure, and more future-proof C++ code. I'm looking forward to it.

Bug Class: Memory Corruption via Pointer Mutation
Hi guys, and welcome back. In this module, we're going to talk about Incorrect Pointer Access, and show how accessing a pointer in a way that was not intended can lead to serious vulnerabilities that can lead to your applications being attacked. Then we'll show how const correctness can prevent these mistakes from happening at the compiler level to begin with. We'll start by looking at how a control flow hijack can be carried out against code which accidentally modifies a pointer, rather than the data pointed to by that pointer. After that, we'll move on and look at how a memory corruption attack can be carried out when we actually modify a value pointed to by a pointer, rather than the pointer itself. Both of these attacks can be devastating, the first allowing us to execute code branches, which normally wouldn't have been executed, and the second allowing us to corrupt memory in a way that causes the program to give us something that it normally wouldn't give us. After that, we'll just look at the takeaways, kind of put everything in context, and talk about what we've learned. Now I'm really, really excited, because we're going to get to jump into some code and some live demos, so let's get started.

Bug Class: Control Flow Hijacking via Accidental Assignment
Hey everyone, welcome back. In this module, we're going to talk about how easy it is for accidental assignment books to creep into your code base, and how attackers can leverage those bugs to attack your code. We're just going to start by looking at the bug class itself, and showing how control flow hijack attacks might happen with an accidental assignment bug with a demonstration. After that, we'll go over how we can fix that bug, and then we'll talk about strategies that we can use to prevent those bugs from happening. So strap in, and let's get to it.