Detailed Course Outline
Day 1
- Cyber security basics
- What is security?
- Threat and risk
- Cyber security threat types – the CIA triad
- Cyber security threat types – the STRIDE model
- Consequences of insecure software
- Regulations and standards
- Healthcare data protection regulations
- Regulations for medical devices
- Cyber security in the healthcare sector
- Threats to medical devices
- Attackers and motivation
- The problem of legacy systems
Memory management vulnerabilities
- Assembly basics and calling conventions
- x64 assembly essentials
- Registers and addressing
- Most common instructions
- Calling conventions on x64
- Buffer overflow
- Memory management and security
- Vulnerabilities in the real world
- Buffer security issues
- Buffer overflow on the stack
Day 2
Memory management vulnerabilities
- Best practices and some typical mistakes
- Unsafe functions
- Dealing with unsafe functions
- Lab – Fixing buffer overflow
- What's the problem with asctime()?
- Lab – The problem with asctime()
- Using std::string in C++
- Some typical mistakes leading to BOF
- Unterminated strings
- readlink() and string termination
- Manipulating C-style strings in C++
- Malicious string termination
- Lab – String termination confusion
- String length calculation mistakes
- Off-by-one errors
- Case study – Off-by-one error in VxWorks TCP 'Urgent Data' parsing
- Allocating nothing
Memory management hardening
- Securing the toolchain
- Securing the toolchain in C and C++
- Compiler warnings and security
- Using FORTIFY_SOURCE
- Lab – Effects of FORTIFY
- AddressSanitizer (ASan)
- RELRO protection against GOT hijacking
- Heap overflow protection
- Stack smashing protection
- Runtime protections
- Runtime instrumentation
- Address Space Layout Randomization (ASLR)
- Non-executable memory areas
Common software security weaknesses
- Security features
- Authentication
- Authorization
Day 3
Common software security weaknesses
- Security features (continued)
- Password management
Common software security weaknesses
- Input validation
- Input validation principles
- Denylists and allowlists
- Case study – Improper input validation in Natus Xltek NeuroWorks 8
- What to validate – the attack surface
- Where to validate – defense in depth
- When to validate – validation vs transformations
- Output sanitization
- Encoding challenges
- Unicode challenges
- Validation with regex
- Regular expression denial of service (ReDoS)
- Lab – ReDoS in C
- Dealing with ReDoS
- Integer handling problems
Day 4
Common software security weaknesses
- Input validation
- Injection
- Process control
- Files and streams
- Format string issues
Time and state
- Race conditions
Errors
- Error and exception handling principles
- Error handling
- Exception handling
Code quality
- Code quality and security
- Data handling
- Object oriented programming pitfalls
Wrap up
- Secure coding principles
- And now what?