Course

Syllabus

Gauging the threat- Bugs- CWE- CVE – Strings – Common String Manipulation errors – Improperly Bounded String Copies – Off-by-One Errors – Null-Termination Errors – String Truncation – String Errors without Functions – String vulnerabilities – Safe String handling functions. Dynamic Memory Management – C Memory management functions – Common C Memory Management Errors – Initialization Errors – Failing to Check Return Values – Dereferencing Null or Invalid Pointers – Referencing Freed Memory – Freeing Memory Multiple Times – Memory Leaks – Zero-Length Allocations – Mitigation Strategies. Integer Security – Introduction to Integer Types – Integer Data Types – Integer Conversions – Integer Operations – Integer Vulnerabilities -Mitigation Strategies. Formatted

Output – Variadic Functions – Formatted Output Functions – Vulnerabilities – Mitigation Strategies. Concurrency – Common Errors – Race Condition Vulnerabilities – Mitigation Strategies. Rules and recommendations of SEI CERT C coding Standards. Secure coding with C++, Java and Python.

Secure Data Structures – Arrays and Linked lists- Secure Stack- Secure Queue-Binary search Tree -Merkle Tree- Hash Tables – Bloom filter – Complexity.

Course Outcome

CO-PO Mapping

1. Goodrich MT, Tamassia R, Goldwasser MH. Data Structures and Algorithms in Java. Sixth edition, John Wiley & Sons Ltd; 2014.
2. Seyedeh Setareh Ghorshi. SafeDS: Safe Data Structures for C++, 2022.
3. Robert C. Seacord, The CERT C Coding Standard: 98 Rules for Developing Safe, Reliable, and Secure Systems , 2nd Edition, Pearson Education, 2016.
4. CERT C Coding Standard.
5. Available online: https://wiki.sei.cmu.edu/confluence/display/c/SEI+CERT+C+Coding+Standard.