[MUSIC] Welcome to the course identifying security
vulnerabilities in C and C++ programming. This course is the third of four
courses in the specialization, secure coding practices
brought to you by UC Davis. My name is Matt Bishop and
I'll be your instructor for this course. I'm a professor of computer science at
the University of California Davis. One of my areas of interest is
writing good programs that's sometimes called secure programming or
robust programming. I've been doing this since the mid 1980s,
so while I'm not the first one to do this by any means,
I have been doing it quite a while. This course builds upon the skills and coding practices learned in both
secure coding principles and security problems in programming
courses 1 and 2 in this specialization. This course uses the focusing
technique that asks you to think about what to watch out for, and
where to look to evaluate and ultimately remediate fragile C and
C++ programs. The techniques we'll be looking at will
make your programs perform accurately, and be resistant to attempts to
make it perform inaccurately. This is really what the term
secure programming means. I'll show you common errors
that people make, and then show you how to
program more robustly. I'll give you tips and best practices
that help you improve your programming style and help you to avoid common
problems like buffer overflows. Which may or
may not cause security problems but always cause robustness problems. Let me give a quick
overview of the modules. Module 1 discusses users,
privileges, and environments, and together we'll identify programs with
privilege and trusted environments. Module 2 delves into issues of
validation and verification, shows examples of buffer and
numeric overflow, and walks you through how input injections
work and what to do when you encounter. Module 3 shows how files,
sub processes and race conditions affect
the programming environment. Module 4 discusses the topics
of randomness and cryptography, among other things. Throughout the course, we will be looking
at code and I will point out where problems tend to occur, why the code is
non secure and what you can do about it. Whether you're learning as a means to move
up in your current position or to be able to step into a promising career in
the rapidly changing secure coding field, this course will help
you achieve those aims. I'm happy to be your instructor, and I look forward to sharing my
experience with you on this journey. Let's jump into the first module. [MUSIC]