Secure Coding Fundamentals (SCF)

Are you a seasoned C/C++ programmer who wants to take their skills to the next level? Then this learning program is for you! Learn how to eliminate logical errors, protect crypto algorithms against Side Channel Analysis attacks, and harden critical code areas against Fault Injection attacks. 

When you buy this course you have access for 1 year to all the materials and support.

Curriculum of this learning path

Most embedded security training materials focus on attacks, building setups, and playing around with interesting hardware gadgets. While this is definitely interesting, it does not address the question of how to protect your device and application. In this program, the emphasis is on defensive coding techniques and available countermeasures that developers can apply straight away!

This course consists of 3 parts: 

- SCF Part 1. Memory Corruption Essentials >> Learn more

- SCF Part 2. Side Channel Analysis and Countermeasures Software Developers >> Learn more

- SCF Part 3. Fault Injection and Countermeasures for Software Developers >> Learn more

Why take this Secure Coding Fundamentals learning path?

The curriculum for the software security learning path is focused on building three core capabilities:

- Challenge assumptions: making assumptions is a common but dangerous programming practice, e.g. it can lead to incorrectly validated input. You will learn how software programs are executed in the memory, what happens when a device operates out of bounds and how instantaneous power consumption can be used to extract secret information.

- Find vulnerabilities: because a device or application can be compromised when even a single vulnerability is identified by an attacker, the goal of a developer is to remove all vulnerabilities. You will learn how to eliminate the most common logical errors in software, add extra defense to the critical areas of code, and secure the crypto engines.

- Choose and implement defenses: while there are many possible defense mechanisms, each comes at a cost: execution time, required memory, access to hardware components such as RNGs. You will learn how to analyze the cost and effect tradeoff, and thus be able to make informed strategic decisions.