Insecure coding in C (and C++)

Cite

Related Material

Norwegian Developers Conference (NDC)

Maudal, Olve

Formal Metadata

Title

Insecure coding in C (and C++)

Title of Series

NDC Oslo 2014

Number of Parts

170

Author

Maudal, Olve

License

CC Attribution - NonCommercial - ShareAlike 3.0 Unported:
You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal and non-commercial purpose as long as the work is attributed to the author in the manner specified by the author or licensor and the work or content is shared also in adapted form only under the conditions of this

Identifiers

10.5446/50854 (DOI)

Publisher

Norwegian Developers Conference (NDC)

Release Date

2014

Language

English

Content Metadata

Subject Area

Computer Science

Genre

Conference/Talk

Abstract

Let's turn the table. Suppose your goal is to deliberately create buggy programs in C and C++ with serious security vulnerabilities that can be "easily" exploited. Then you need to know about things like stack smashing, shellcode, arc injection, return-oriented programming. You also need to know about annoying protection mechanisms such as address space layout randomization, stack canaries, data execution prevention, and more. This session will teach you the basics of how to deliberately write insecure programs in C and C++. Warning: there will be lots of assembler code in this talk.