Secure Coding Learning Center
These courses are brought to you by Klocwork and Security Innovation, partners in providing tools and educational resources for software developers - learn more.
CWE-497 Exposure of System Data to an Unauthorized Control Sphere
Unhandled exception cases and overly descriptive error messages expose system information to attackers and enable them to refine their attacks. Learn to identify and address these weaknesses in your code.
CWE-129 Improper Validation of Array Index
Out-of-bounds array index references can cause diminished availability, loss of data integrity, leakage of sensitive information and alteration of program logic. Learn how to identify and mitigate vulnerable code.
Part 1 - CWE-170 Improper Null Termination
Learn to describe, identify and avoid these vulnerabilities. Walk through code examples and understand the security risks they impose.
Part 2 - CWE-401 Improper Release of Memory
Memory leaks pose major security risks including denial-of-service attacks. Learn how to describe, identify and avoid them in your code.
Part 3 - CWE-457 Use of Uninitialized Variable
This issue can expose software to DOS attacks and arbitrary code execution. Learn key strategies to mitigate this weakness.
Part 4 - CWE-476 NULL Pointer Dereference
Learn about this vulnerability type and the security impact it can have. Walk through code examples and learn how to avoid issues.
Demo - Detecting Security Defects in Code
Watch Klocwork on-the-fly source code analysis in action. See CWE memory vulnerabilities identified in code and how Klocwork Review can report on CWE software security defects across your code base.
CWE-377 Insecure Temporary Files
While many developers inherently trust application temporary files, the fact is they present a common entry path for attackers and pose many risks. Examine code examples and learn to avoid security issues.
CWE-77 Injection Vulnerabilities
Consequences of injection attacks include malicious code execution and theft of information. Learn to identify and correct vulnerable code.
Introduction to Secure Coding for C/C++
Learn fundamentals of secure coding and defensive coding principals for C/C++. Learn basics of buffer, stack and heap overflows and more.
Intro to Microsoft Security Development Lifecycle
Learn the benefits, steps and requirements for Security Development Lifecycle, as well as identifying the appropriate tools required.
OWASP Top Ten Threats and Mitigations
Identify and explain the threats in the OWASP Top 10, as well as the security principles and mitigation techniques related to them.