From the course: Secure Coding in C
Join today to access over 22,600 courses taught by industry experts or purchase this course individually.
Hunting exploits
- [Instructor] Once you're aware of the C language's weaknesses, it's easier to write and review your code to scan for those known weaknesses. And the two areas to check right away are buffers and arrays for overflow and input routines. Always ensure that the size of a buffer or array is known. That value is used to guard against overflow. The size value should be stored and then tested to guard the array or buffer's end point. Keep an eye on loops that process a buffer or array. Watch the offset or index value to ensure that it doesn't overflow. Your code must make it impossible to access data beyond what's allocated. Input routines are your program's main gate through which an attack is most likely to enter. Use proper input functions. Process the input to scan for invalid values and remove unwanted text. If you manipulate input, ensure that the routines properly terminate the strings. Testing is a major part of…
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.