Code Review

Personalise
UNSW graphic yellow

Enrol

This course currently has no scheduled dates. To express interest in this course or to discuss bespoke options for yourself or your organisation, please submit an expression of interest or contact the Professional Education Team on +61 2 5114 5573 or profedcourses@adfa.edu.au

Duration

5 days

Delivery mode

Face-to-face

Location

Canberra

Standard price

$4,750.00

Defence price

$4,750.00

Accelerate your career, learn new skills, and expand your knowledge.

First in Australia for research excellence and impact.

Top 50 in the world. 2020 QS World University Rankings.

Overview

This course looks at reviewing C/C++ code for security issues. The course is heavily based around the practical auditing of actual C/C++ programs. Common coding bugs will be identified in set lectures and then students will apply the theory by reviewing real programs and identifying vulnerabilities. In addition to manual code review, automated means of vulnerability discovery will be briefly discussed, including fuzz testing and static analysis.

Course content

Topics covered include:

  • C/C++ Programming Language
  • Vulnerability discovery
  • Dynamic Program Analysis
  • C/C++ Bug Patterns
  • Open Source OS Kernel Auditing
  • Automating Code Review with Coccinelle Secure Coding.

Day 1 – Review of C/C++ Programming Language

Day 1 starts off with a comprehensive review of C code language and commonly called functions. We’ll then move onto basic Debugging Functions, Pointers, Strings and Arrays, and Dynamic Memory management techniques.

Topics

Type and Variables, Control Flow, Functions, Bitwise Arithmetic, Debugging, GDB, Changing a Register, Types of Arrays, Dereferencing, Pointer Operations, Buffer Functions, Strings, Allocating Memory, Buffer Overflows, Calloc, Dynamic Data Structures

Day 2 – C/C++ Bug Patterns

The session introduces the concept of fuzzing in order to find unique crashes and exploitable cases, followed by an in-depth discussion around Static Program Analysis and advantages and limitations of Symbolic Execution processes.

Topics

Dumb Fuzzing, Generative Fuzzing, Fuzzing Internals, Lexical Analysis, Parsing, Intermediate Representations, Control Flow Analysis, Data Flow Analysis, Compiler Optimisations, SMT, Symbolic Execution.

Day 3 – C/C++ Bug Patterns cont.

This session delves into numerous examples of C Language Problems and Standard C Libraries. Unix APIs and Problems will be discussed, and the day concludes with an Introduction to Exploitation followed by several practical exercises.

Topics

Integers, Floating Point Numbers, printf, Stream IO, Tmpnam/access, Pthreads, Strings, Common Unix and Linux APIs, Vulnerable Program, Stack Layouts.

Day 4 – Open Source OS Kernel Auditing

The session starts with an overview of how to navigate the Linux Kernel. It will also touch on Memory Bugs in OS Kernels and examine different types of OS Kernel Attack Surfaces.

Topics

Source Code Structure, Useful APIs, Memory Allocation, Memory Copying, File Systems, System Calls, Device Drivers.

Day 5 – Secure Coding

This session goes over SMT Solving, Reverse Engineering and Code Review Strategies. Students get to put their newly acquired skills and knowledge into practice through hands-on exercises.

Topics

SMT-Lib, Z3, BitVectors, Small Programs, Large Programs, Symbol & Data Structure Recovery, Decompilation, Code Review.

Learning outcomes

Skills/competencies/knowledge that would be gained through this course:
  • Perform secure programming and identify potential flaws in codes to mitigate vulnerabilities.
  • Understand the auditing and review process of technical systems using code analysis tools.
  • Use security testing tools including 'fuzzing' static-analysis code scanning to perform code reviews.
  • Perform secure program testing, review, and assessment to identify potential flaws in codes and mitigate vulnerabilities.
  • Understand countermeasures and mitigations against potential exploitations of programming language weaknesses and vulnerabilities in systems and elements.

Who should attend

This course is aimed at technical staff. It is suitable for vulnerability researchers looking to discover bugs in C/C++ software. It is equally suitable for software developers aiming to improve the security of their code.

Cancellation policy

Courses will be held subject to sufficient registrations. UNSW Canberra reserves the right to cancel a course up to five working days prior to commencement of the course. If a course is cancelled, you will have the opportunity to transfer your registration or be issued a full refund. If registrant cancels within 10 days of course commencement, a 50% registration fee will apply. UNSW Canberra is a registered ACT provider under ESOS Act 2000-CRICOS provider Code 00098G.