Software written in C is at the heart of most embedded systems. It is a powerful and versatile language but its inherent flexibility is often also the cause of security weaknesses.
The security of these devices – like IoT devices, Industrial Control Systems, Automotive in-vehicle systems, smart meters etc. , especially if they are connected into a network, depends heavily on the architecture and design of the system and on its implementation.
Insecure devices can result in brand damage, financial liabilities, expensive product returns and even safety issues.
This 2-day course teaches you to design, code and test C applications with security in mind, going beyond normal coding best practice, you’ll understand and protect against:
- Security terminology
- Who attacks embedded devices, why and how?
Common software attacks and how to protect against them
- Command injection
- Buffer overflow on the stack and heap, ROP gadgets
- Null pointer dereference
- Memory management vulnerabilities, use-after-free, double free
- Integer overflow
- Format string vulnerabilities
- Side channel attacks
- Information leakage in debug and error output
- Race Conditions, TOCTOU vulnerabilities, Temporary Files, Path Traversal
Intro to Cryptography
- Understanding and implementing cryptography, code signing
- Practical: Code signing and encryption using OpenSSL command line
Secure Software Development Lifecycle
- Security Aims and Requirements
- Threat modelling
- Risk analysis and prioritizing threats
This course includes hands-on exercises.
Who is this course for?
Software developers and testers responsible for the implementation and testing of software security in embedded devices.
We also offer education On-Site, at your company – please ask! This course can be tailored to suit your particular hardware and software environment, if you like.
What our participants have said:
Trainers skills of the subject and ability in teaching: average 5,6 points (6,0 max, total 25 participants in Finland at this course). Participants reported that their knowledge has improved 39% during this training.
All trainers have years of experience working with embedded electronics products and the courses are designed to provide pragmatic and real-world advice.
Course Technical Requirements
This is a technical training course aimed at engineers, so a level of knowledge in the following is required:
- Competent in C software development (writing and building code)
- Basic Linux/Unix command line experience is helpful for practical’s.