Cplus

C/C++

Learn about code vulnerability, why it happens, and how to eliminate it

Select a tutorial and start sharpening your skills!

This is a free version.

Interface Tour

Play me first, before you get started, in order to familiarize yourself with the interactive learning interface components. By completing this very short guide to the interface, we’ll have you moving faster through the learning modules.

5-8 MIN

Interface Tour

Stack Overflows - Primer

Part 1 will introduce concepts we’ll extend upon. This module will give you a brief introduction on how stack data structures are used to keep track of function/subroutines calls, specifically looking at how C/C++ programs save return addresses, parameters and local variables on the stack.

5-8 MIN

Stack Overflows - Primer
Available in Full Version only

Stack Overflows

Part 2 will focus on memory corruption of the stack. This module will allow you to interact with insecure code and show how important stack components can be overwritten to alter program flow.

5-8 MIN

Stack Overflows
Available in Full Version only

Off By One Overflow

An off by one overflow is a type of buffer overflow vulnerability that allows overflowing a buffer by one byte outside the space allocated. The following tutorial will demonstrate an off-by-one overflow vulnerability and presents remediation techniques and solutions to avoid such issues.

5-8 MIN

Off By One Overflow
Available in Full Version only

Heap Introduction

The following tutorial will give you a brief introduction on how dynamic memory allocation makes use of the heap, how the malloc family of functions creates and manages chunks of in use, and free, memory. Additionally we will see how memory linked lists are managed via unlink.

5-8 MIN

Heap Introduction
Available in Full Version only

Heap Overflows - Primer

Part 1 will introduce concepts we’ll extend upon. This module will give you a brief introduction on what dynamic memory structures look like, including memory meta data.

5-8 MIN

Heap Overflows - Primer
Available in Full Version only

Heap Overflows

Part 2 will focus on memory corruption of the heap. This module will allow you to interact with insecure code and show how important heap components can be overwritten, a first step for attackers to execute arbitrary code.

5-8 MIN

Heap Overflows
Available in Full Version only

Integer Overflows - Primer

Part 1 will introduce a common insecure design pattern for Integer Overflows. This module will allow you to interact with insecure code and show how Integer Overflows can lead to memory corruption, a first step for attackers to execute arbitrary code.

5-8 MIN

Integer Overflows - Primer
Available in Full Version only

Format String - Primer

Part 1 will focus on refreshing how format strings and format specifiers work at an in-memory level.

5-8 MIN

Format String - Primer
Available in Full Version only

Format String Attacks

Part 2 will focus on insecure use of format strings and how they can be used by an attacker to read arbitrary values from the program stack.

5-8 MIN

Format String Attacks
Available in Full Version only

Format String Server Attack

In this module, we will exploit a real format string vulnerability present within a remote secure access server. The techniques used for exploitation will help us demonstrate format string vulnerabilities and further present remediation techniques to prevent against such attacks.

5-8 MIN

Format String Server Attack
Available in Full Version only

Clearing Memory

In C/C++ applications, it is often useful to wipe data from memory once it is no longer needed. However, if not performed, applications are exposed to information disclosure vulnerabilities . The following module will cover the basics of how to clear process memory and present techniques and solutions to avoid such issues.

5-8 MIN

Clearing Memory
Available in Full Version only

Dangerous or Insecure Use Of API

The following module will give you a brief introduction on how common API\'s if implemented incorrectly can cause side effects that a malicious user can exploit to cause unexpected behavior, such as execution of unauthorized commands. We will also see the possible techniques and solution to avoiding such issues.

5-8 MIN

Dangerous or Insecure Use Of API
Available in Full Version only

Compiler Optimizations Bugs

Compiler optimization issues occur when compliers remove security critical code sections during the code optimization process. The following module will cover the basics of compiler optimization vulnerabilities and present techniques and solutions to avoid such issues.

5-8 MIN

Compiler Optimizations Bugs
Available in Full Version only

NULL Pointer Dereference

A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit. The following module explains NULL pointer dereference issues and presents possible techniques and solution to avoid such issues.

5-8 MIN

NULL Pointer Dereference
Available in Full Version only

Race Conditions

Race conditions arise from multiple processes/threads that operate on related entities in an OS that has preemptive scheduling. This module explains race condition issues and their exploits, and presents a few techniques that help avoid such issues.

5-8 MIN

Race Conditions