Beyond Ethical Hacking – Advanced Software Security

In addition to the solid knowledge of the use of security solutions for applied technologies, even for experienced programmers, it is necessary to have a deep understanding of the typical attack techniques that are possible due to various vulnerabilities, that is, security-related programming bugs. This course looks at secure coding from the point of view of attack techniques, but with the same purpose as any other SCADEMY Secure Coding Academy course: to learn software security best practices.

General web-based vulnerabilities are demonstrated by presenting the relevant attacks, while recommended coding techniques and mitigation methods are explained with the most important goal of avoiding associated problems. Besides server-side issues (primarily after the OWASP Top Ten), special focus is on client-side security addressing JavaScript, Ajax, and HTML5 security issues, which is followed by a discussion of web services and XML security. A brief introduction to the foundations of cryptography provides a common practical basis for understanding the purpose and operation of various algorithms.

Specifically for C and C++, we go into more detail regarding the on-stack and on-heap buffer overflow exploit. After presenting the attack techniques, we give an overview of practical protection methods that can be applied at different levels (hardware components, operating system, programming languages, compiler, source code or in production) to prevent the occurrence of various errors. , to detect them during development and before market launch, or to prevent them from being exploited during system operation. Finally, we discuss counterattacks, and then protective countermeasures, highlighting the cat-and-mouse nature of hacking and protection.