Overview

Are you a seasoned C/C++ programmer who wants to take their skills to the next level? Then this learning program is for you! Learn how to eliminate logical errors, harden critical code areas against fault attacks, and protect crypto algorithms against Side Channel attacks. The software security learning path from Riscure consists of 5 tracks.

The curriculum for the software security learning path is focused on building three core capabilities:

  • Challenge assumptions: making assumptions is a common but dangerous programming practice, e.g. it can lead to incorrectly validated input. You will learn how software programs are executed in the memory, what happens when a device operates out of bounds and how instantaneous power consumption can be used to extract secret information.
  • Find vulnerabilities: because a device or application can be compromised when even a single vulnerability is identified by an attacker, the goal of a developer is to remove all vulnerabilities. You will learn how to eliminate the most common logical errors in software, add extra defence to the critical areas of code, and secure the crypto engines.
  • Choose and implement defences: while there are many possible defence mechanisms, each comes at a cost: execution time, required memory, access to hardware components such as RNGs. You will learn how to analyse the cost and effect trade-off, and thus be able to make informed strategic decisions.

Track 1: Memory Corruption Essentials

Track 2: Fault injection for software developers

Track 3: Side Channel Analysis for software developers

Track 4: Countermeasures against side channel analysis attacks

Track 5: Understanding leakage detection

Read more

Prerequisites

Understanding of C/C++

Read more

Learning Outcomes

In this course we discuss about the culprits of introducing memory corruption and techniques to systematically discover vulnerabilities. In the final section, we close with coding best practices.

Designed by Riscure who routinely perform source code reviews as part of certification projects. Riscure software security specialists have a background in software development and are further trained (at Riscure) to spot security issues in source code. The main challenge faced by a software security analyst is the review of large code databases in a short amount of time. As reviewing all lines of code is typically not feasible, a security analysist needs to quickly understand how to identify security boundaries, what code can be triggered by an attacker, and what parameters can be controlled externally.

In this course we build on the tips and tricks used by software security analysts to review large code bases. As a developer your objective is to remove the ‘low-hanging’ vulnerabilities from software. In our experience, most vulnerabilities in embedded code are related to memory corruption issues.

The estimated duration of this course has been confirmed by reviewing the material internally. Additionally, we have statistics from our LMS platform, and we see that several users spend up to 20h completing this training. We are happy to hear your feedback and average run time from different groups.

Track 1: Memory Corruption Essentials

The first line of defence in securing an embedded system is protecting the software from bugs. This course provides guidelines on finding and removing the most widely encountered type of vulnerability for embedded systems: memory corruption.

Track 2: Fault injection for software developers

Fault attacks influence the intended behaviour of a program by changing critical values in memory or the instruction flow of a program. Fault attacks are used to bypass robust security features such as secure boot and authentication mechanisms.

This is the first fault injection course created specifically for developers who want to harden embedded systems.

Track 3: Side Channel Analysis for software developers

Protecting sensitive data requires utilizing theoretically secure cryptographic algorithms. Nevertheless, the physical implementation of such algorithms is susceptible to threats such as side channel analysis attacks. Learn how side channel analysis attacks can be used to extract secret keys from cryptographic devices.

Track 4: Countermeasures against side channel analysis attacks

The end goal of this training is to enable you to protect your devices and applications against basic side-channel analysis attacks. Your journey will first take you through the theoretical foundations: you will learn what a side channel is, get familiar with practical examples and understand the typical flow of an attacks.

Track 5: Understanding leakage detection

The aim of this course is to help you grasp the intuition behind leakage detection methodologies and achieve a sound technical appreciation of how and why they work. We motivate and describe the current popular practice, including correlation based tests, and expose some of the limitations, with a special focus on ISO standard 17825. By the end of this tutorial you will be equipped to carry out leakage detection tests sensibly and interpret the outcomes responsibly

Read more

Outline

Track 1: Memory Corruption Essentials

Secure code development:

  • Why practice secure coding?
  • What is a security vulnerability?
  • The life of a program in memory?
  • What is memory corruption?
  • How does memory corruption happen?
  • Memory corruption examples
  • Symptoms of memory corruption
  • Why is memory corruption dangerous
  • Knowledge check

Buffer overflows

  • Introduction to buffer overflows
  • Buffer overflows: the stack
  • What is a buffer overflow
  • Walkthrough example of code
  • What can an attacker do?
  • Can you spot the bug?
  • Code review exercise
  • Buffer overflows: the heap
  • Buffer overflows: global data
  • Code review exercise

Arbitrary writes

  • Introduction to a real life example
  • What is an arbitrary write
  • Walkthrough example of code
  • What can an attacker do with it
  • Can you spot the bug?
  • Knowledge check

Off-by-one

  • Introduction to a real life example
  • What is off-by-one?
  • Walkthrough example code
  • What can an attacker do with it?
  • Can you spot the bug?
  • Knowledge check

Recipe for disaster (root cause)

  • Why do coding errors and vulnerabilities happen?
  • The culprits for memory corruptions: Improper checks/uninitialized variables/Pointers arithmetic/unintended integer promotions/arraying indexing
  • Knowledge check
  • Practical exercise: identify root cause for memory corruption variables

Catch and Patch

  • Finding vulnerabilities: good vs. bad guy
  • Techniques for finding vulnerabilities: Manuel review/static/dynamic analysis/ fuzzing/ reversing
  • Practical exercise: Fix vulnerability example 1
  • Practical exercise: Fix vulnerability example 2

Coding best practices

  • Implementing secure coding guidelines
  • Development life cycle
  • Knowledge check

Conclusion

  • Summary and key lessons
  • Reactive approach vs. Proactive approach - implementing secure coding guidelines and development life cycle
  • Knowledge check
Read more

Cyber Security learning paths

Want to boost your career in cyber security? Click on the roles below to see QA's learning pathways, specially designed to give you the skills to succeed.

= Required
= Certification
AppSec
Cloud Security
Cyber Management
Cyber Security Risk
Cyber Tech
DFIR Digital Forensics & Incident Response
Industrial Controls OT
NIST Pathway
Offensive Security
Privacy
Security Auditor
Secure Coding
Vulnerability Assessment & Penetration Testing

Frequently asked questions

How can I create an account on myQA.com?

There are a number of ways to create an account. If you are a self-funder, simply select the "Create account" option on the login page.

If you have been booked onto a course by your company, you will receive a confirmation email. From this email, select "Sign into myQA" and you will be taken to the "Create account" page. Complete all of the details and select "Create account".

If you have the booking number you can also go here and select the "I have a booking number" option. Enter the booking reference and your surname. If the details match, you will be taken to the "Create account" page from where you can enter your details and confirm your account.

Find more answers to frequently asked questions in our FAQs: Bookings & Cancellations page.

How do QA’s virtual classroom courses work?

Our virtual classroom courses allow you to access award-winning classroom training, without leaving your home or office. Our learning professionals are specially trained on how to interact with remote attendees and our remote labs ensure all participants can take part in hands-on exercises wherever they are.

We use the WebEx video conferencing platform by Cisco. Before you book, check that you meet the WebEx system requirements and run a test meeting (more details in the link below) to ensure the software is compatible with your firewall settings. If it doesn’t work, try adjusting your settings or contact your IT department about permitting the website.

Learn more about our Virtual Classrooms.

How do QA’s online courses work?

QA online courses, also commonly known as distance learning courses or elearning courses, take the form of interactive software designed for individual learning, but you will also have access to full support from our subject-matter experts for the duration of your course. When you book a QA online learning course you will receive immediate access to it through our e-learning platform and you can start to learn straight away, from any compatible device. Access to the online learning platform is valid for one year from the booking date.

All courses are built around case studies and presented in an engaging format, which includes storytelling elements, video, audio and humour. Every case study is supported by sample documents and a collection of Knowledge Nuggets that provide more in-depth detail on the wider processes.

Learn more about QA’s online courses.

When will I receive my joining instructions?

Joining instructions for QA courses are sent two weeks prior to the course start date, or immediately if the booking is confirmed within this timeframe. For course bookings made via QA but delivered by a third-party supplier, joining instructions are sent to attendees prior to the training course, but timescales vary depending on each supplier’s terms. Read more FAQs.

When will I receive my certificate?

Certificates of Achievement are issued at the end the course, either as a hard copy or via email. Read more here.

Contact Us

Please contact us for more information