Description

Security
7.-8. May in Espoo (last reg. 17.4)
2 days
EUR 1.650 (FI)

Request more information

Leevi Lehtinen
phone: +358 40 546 1469
leevi.lehtinen@nohau.se

Lena Bernhardsson
+46 (0) 40 59 22 09
lena.bernhardsson@nohau.se

Course Description

Software written in C is at the heart of most embedded systems. It is a powerful and versatile language but its inherent flexibility is often also the cause of security weaknesses.

The security of these devices – like IoT devices, Industrial Control Systems, Automotive in-vehicle systems, smart meters etc. , especially if they are connected into a network, depends heavily on the architecture and design of the system and on its implementation.

Insecure devices can result in brand damage, financial liabilities, expensive product returns and even safety issues.

This 2-day course teaches you to design, code and test C applications with security in mind, going beyond normal coding best practice, you’ll understand and protect against:

Security intro

  • Security terminology
  • Who attacks embedded devices, why and how?

Common software attacks and how to protect against them

  • Command injection
  • Buffer overflow on the stack and heap, ROP gadgets
  • Null pointer dereference
  • Memory management vulnerabilities, use-after-free, double free
  • Integer overflow
  • Format string vulnerabilities
  • Side channel attacks
  • Information leakage in debug and error output

File I/O

  • Race Conditions, TOCTOU vulnerabilities, Temporary Files, Path Traversal

Intro to Cryptography

  • Understanding and implementing cryptography, code signing
  • Practical: Code signing and encryption using OpenSSL command line

Secure Software Development Lifecycle

  • Security Aims and Requirements
  • Threat modelling
  • Risk analysis and prioritizing threats

This course includes hands-on exercises.

Who is this course for?

Software developers and testers responsible for the implementation and testing of software security in embedded devices.

On-Site training

We also offer education On-Site, at your company – please ask! This course can be tailored to suit your particular hardware and software environment, if you like.

What our participants have said:

Trainers skills of the subject and ability in teaching: average 5,6 points (6,0 max, total 25 participants in Finland at this course). Participants reported that their knowledge has improved 39% during this training.

All trainers have years of experience working with embedded electronics products and the courses are designed to provide pragmatic and real-world advice.

Course Technical Requirements

This is a technical training course aimed at engineers, so a level of knowledge in the following is required:

  • Competent in C software development (writing and building code)
  • Basic Linux/Unix command line experience is helpful for practical’s.

Do you wish more information!

Contact us for offers, information or advice!