Are you a seasoned C/C++ programmer who wants to take their skills to the next level? Then this learning program is for you! Learn how to eliminate logical errors, harden critical code areas against fault attacks, and protect crypto algorithms against Side Channel attacks.
Most embedded security training focus on attacks, building setups and a lot of playing around with interesting hardware gadgets. While this is definitely interesting, it does not address the question of how to protect your device and application. In this program the emphasis is on defensive coding techniques and available countermeasures that developers can apply straight away!
This course consists of 5 parts:
- SCF Part 1. Memory Corruption Essentials >> Learn more
- SCF Part 2. FI for Software Developers >> Learn more
- SCF Part 3. SCA for Software Developers >> Learn more
- SCF Part 4. Countermeasures against SCA Attacks >> Learn more
- SCF Part 5. Understanding Leakage Detection >> Learn more
The curriculum for the software security learning path is focused on building three core capabilities:
- Challenge assumptions: making assumptions is a common but dangerous programming practice, e.g. it can lead to incorrectly validated input. You will learn how software programs are executed in the memory, what happens when a device operates out of bounds and how instantaneous power consumption can be used to extract secret information.
- Find vulnerabilities: because a device or application can be compromised when even a single vulnerability is identified by an attacker, the goal of a developer is to remove all vulnerabilities. You will learn how to eliminate the most common logical errors in software, add extra defense to the critical areas of code, and secure the crypto engines.
- Choose and implement defenses: while there are many possible defense mechanisms, each comes at a cost: execution time, required memory, access to hardware components such as RNGs. You will learn how to analyze the cost and effect tradeoff, and thus be able to make informed strategic decisions.
Get your skills in your own time.