Secure Coding Learning Center


Title Description Duration View
CWE-415 Double Free Learn about the security impact of double free error conditions in C/C++ and walk through code examples where the issue exists. Examine a step-by-step attack scenario and learn about mitigation strategies. 20 mins
CWE-497 Exposure of System Data to an Unauthorized Control Sphere Unhandled exception cases and overly descriptive error messages expose system information to attackers and enable them to refine their attacks. Learn to identify and address these weaknesses in your code. 20 mins
CWE-129 Improper Validation of Array Index Out-of-bounds array index references can cause diminished availability, loss of data integrity, leakage of sensitive information and alteration of program logic. Learn how to identify and mitigate vulnerable code. 20 mins

Memory Flaws Boot Camp

Title Description Duration View
Part 1 - CWE-170 Improper Null Termination Learn to describe, identify and avoid these vulnerabilities. Walk through code examples and understand the security risks they impose. 15 mins
Part 2 - CWE-401 Improper Release of Memory Memory leaks pose major security risks including denial-of-service attacks. Learn how to describe, identify and avoid them in your code. 15 mins
Part 3 - CWE-457 Use of Uninitialized Variable This issue can expose software to DOS attacks and arbitrary code execution. Learn key strategies to mitigate this weakness. 15 mins
Part 4 - CWE-476 NULL Pointer Dereference Learn about this vulnerability type and the security impact it can have. Walk through code examples and learn how to avoid issues. 15 mins
Demo - Detecting Security Defects in Code Watch Klocwork on-the-fly static code analysis in action. See CWE memory vulnerabilities identified in code and how Klocwork can report on CWE software security defects across your code base. 6 mins

Stand-alone Courses

Title Description Duration View
CWE-377 Insecure Temporary Files While many developers inherently trust application temporary files, the fact is they present a common entry path for attackers and pose many risks. Examine code examples and learn to avoid security issues. 20 mins
CWE-77 Injection Vulnerabilities Consequences of injection attacks include malicious code execution and theft of information. Learn to identify and correct vulnerable code. 45 mins
Introduction to Secure Coding for C/C++ Learn fundamentals of secure coding and defensive coding principals for C/C++. Learn basics of buffer, stack and heap overflows and more. 90 mins
Intro to Microsoft Security Development Lifecycle Learn the benefits, steps and requirements for Security Development Lifecycle, as well as identifying the appropriate tools required. 60 mins
OWASP Top Ten Threats and Mitigations Identify and explain the threats in the OWASP Top 10, as well as the security principles and mitigation techniques related to them. 90 mins