Explore secure programming practices in C++ through this comprehensive conference talk. Delve into well-known vulnerability patterns and exploits while learning to navigate the C++ landscape more confidently. Discover programming patterns that help avoid dangerous language constructs and build a set of best practices based on the "smaller and cleaner language" within C++. Examine topics such as undefined behavior, compiler optimizations, integer overflows, buffer underflows, and incorrect type conversions. Learn to leverage tools, avoid loops, use safe casts, and implement proper memory management techniques. Gain insights into modern C++ features like enum classes, string literals, and smart pointers. Develop an awareness of potential pitfalls and cultivate a security-focused programming culture to write more robust and secure C++ code.
Overview
Syllabus
Introduction
Agenda
What kind of specs exists
C Core Guidelines
C Coding Standard
Common Weakness Enumeration
Undefined Behavior
Undefined Behavior Example
Compiler Optimizations
The Disappearing Memset
Live Demo
References
Era of the SAE
Exploitability
Sign Integer Overflow
Overflows
Buffer Underflow
Incorrect Type Conversion
The Good Thing
Use Your Tools
Avoid loops
Save casts
Allocation
Garbage Collection
Make Sure
No Semantics
enum class
string literal
loop
literals
struct
quote operator
semantics to numbers
sizes
fuzzers
taint
pointer
clever code
shared pointer
shared state
modern C
Taught by
NDC Conferences
