Introductory Topics and Principles of Security during the entire application lifecycleSecurity assumptionsThinking like an attackerSecurity is always a trade-off: Contemplating riskPrinciples of complexity and self-constraintPrinciple of segmentationPrinciple of least privilegePrinciple of trusted/untrusted code - Failing securelyLayering securityDesign level attacksImplementation level attacksDeployment level attacks
Security assumptions
Thinking like an attacker
Security is always a trade-off: Contemplating risk
Principles of complexity and self-constraint
Principle of segmentation
Principle of least privilege
Principle of trusted/untrusted code - Failing securely
Layering security
Design level attacks
Implementation level attacks
Deployment level attacks
Memory Access ErrorsPrinciple: Bounded data sequencesStack overflow attacksHeap overflow attacksArray indexing attacksFormat string attacksUnsafe vs. safe APIs (and standard-compliance issues)C++ safer alternatives to C-style pointer buffersRuntime checks (e.g., checked STL implementation)
Principle: Bounded data sequences
Stack overflow attacks
Heap overflow attacks
Array indexing attacks
Format string attacks
Unsafe vs. safe APIs (and standard-compliance issues)
C++ safer alternatives to C-style pointer buffers
Runtime checks (e.g., checked STL implementation)
Integer OverflowsCompiler safeguards and static checking toolsPrinciple: Be explicit with numeric subrangesInteger and floating point overflowsTwo's complement and signed vs. unsigned issuesThe danger of implicit casting rulesSafe integer librariesCompiler safeguards
Compiler safeguards and static checking tools
Principle: Be explicit with numeric subranges
Integer and floating point overflows
Two's complement and signed vs. unsigned issues
The danger of implicit casting rules
Safe integer libraries
Compiler safeguards
Input Validation and Injection AttatcksPrinciple: Data vs. code and the importance of grammarsPrinciple: Untrusted vs. trusted dataBlacklist vs. whitelist approachDangers in data type conversionsRegular expression: sometimes helpful, sometimes dangerousParser generatorsEscaping/Quoting dataAttack scenario: SQL injection
Principle: Data vs. code and the importance of grammars
Principle: Untrusted vs. trusted data
Blacklist vs. whitelist approach
Dangers in data type conversions
Regular expression: sometimes helpful, sometimes dangerous
Parser generators
Escaping/Quoting data
Attack scenario: SQL injection
Secure File HandlingPrinciple: Input validation (carryover)Filename canonicalization (incl. directory traversal & symbolic link attacks)Principle: Least privilege & self-constraintFile permissions and ACLsDanger of shared directoriesTiming attacks and fsyncClosing files when no longer neededChroots and other process namespace restrictions
Principle: Input validation (carryover)
Filename canonicalization (incl. directory traversal & symbolic link attacks)
Principle: Least privilege & self-constraint
File permissions and ACLs
Danger of shared directories
Timing attacks and fsync
Closing files when no longer needed
Chroots and other process namespace restrictions
Cryptography in C/C++Intro to cryptography: Actors, Communication & SecretsHigh-level crypto pieces: ciphers, public key crypto, hashes, HMACs, KDFs & PRNGsHow NOT to use cryptography!The importance of good randomness sourcesVetted, widely-used crypto protocols (e.g., transport, storage, etc.)Respected crypto libraries & toolsAttack scenario: Weak homebrew encryption
Intro to cryptography: Actors, Communication & Secrets
High-level crypto pieces: ciphers, public key crypto, hashes, HMACs, KDFs & PRNGs
How NOT to use cryptography!
The importance of good randomness sources
Vetted, widely-used crypto protocols (e.g., transport, storage, etc.)
Respected crypto libraries & tools
Attack scenario: Weak homebrew encryption

The course assumes basic C and C++ programming skills but does not assume an in-depth knowledge of software security.
CLA200 – Programming in C++ or equivalent experience is required.