Exploiting Modern C++ Training

Exploiting Modern C++ is a thinking engineer’s training class on writing secure code for an insecure world.

This class takes a practical approach to software security. We’ll go beyond the conventional wisdom of letting the technology test the technology. It gives you the tools you need to design, build and test secure software that can withstand whatever today’s attackers can bring.

Exploiting Modern C++ makes extensive use of code samples seen every day in production as well as case studies of vulnerabilities that have been exploited in the wild.

 

“…the course was interesting…”

“…this was an interesting class and I learned a lot…”

“…things got really interesting when we started exploring C++ bugs from a compiler perspective…”

 

In this class you’ll learn:

  • How attackers exploit vulnerabilities and what they look for when penetrating a system.
  • How to tell the difference between a garden variety bug and a security vulnerability that can be exploited.
  • How good design and code choices make the difference between a system that can be compromised and one that can’t.
  • How code reviews, static & dynamic testing, Threat Modeling and penetration testing are used to expose hard to find vulnerabilities.
  • How low tech, high concept testing approaches often trump expensive frameworks and tooling.
  • How changes to Modern C++, including C++20, have given C++ engineers tools to write highly efficient, secure code.

 

“…code review exercises were useful…”

“…another highlight was the examination of some notorious C++ bugs … as well as what the results of undefined behavior look like under Compiler Explorer…”

“…the introduction to threat hunting and the perspective of the red team/threat actors was interesting…”

 

The course is offered in 2-, 3- and 5-day variants:

The 2-day course is classroom training that covers:

  • Vulnerabilities caused by the incorrect use of strings, memory, integers, interfaces, concurrency and the STL
  • How to conduct effective code reviews for code quality and security
  • How Undefined Behavior effects security outcomes
  • How to use cryptography correctly
  • How to build secure designs using defense in depth
  • Threat Modeling
  • Safety Critical Designs
  • Testing strategies including Penetration Testing

The 3-day course includes the 2-day course and:

  • Live training on exploiting real-world systems
  • Capture the flag exercises

The 5-day course includes the 3-day course and:

  • Leading threat modeling of customer designs
  • Leading code reviews on customer code

Custom training classes are also available to meet the customer’s specific requirements.

 

“…the in class discussions, about how people tackle problems were very fruit full…”

“…the real highlight of the class were the discussions with other students on … application security…”

 

Samples:

 

You can find out more about Laurel Lye training here and find my background here.

I can be reached at mbutler@laurellye.com.