Secure coding in C and C++ for medical devices (SECC-CCPPMD)

Total time
Location
At location
Starting date and place

Secure coding in C and C++ for medical devices (SECC-CCPPMD)

Fast Lane Institute for Knowledge Transfer GmbH
Logo Fast Lane Institute for Knowledge Transfer GmbH
Provider rating: starstarstarstarstar_half 8.9 Fast Lane Institute for Knowledge Transfer GmbH has an average rating of 8.9 (out of 33 reviews)

Need more information? Get more details on the site of the provider.

Starting dates and places

placeBerlin
31 Mar 2025 until 3 Apr 2025
placeMünchen
30 Jun 2025 until 3 Jul 2025
placeFrankfurt
15 Sep 2025 until 18 Sep 2025
placeHamburg
15 Dec 2025 until 18 Dec 2025

Description

Voraussetzungen

General C/C++ development

Zielgruppe

C/C++ developers developing medical devices

Detaillierter Kursinhalt

Day 1

  • Cyber security basics
    • What is security?
    • Threat and risk
    • Cyber security threat types – the CIA triad
    • Cyber security threat types – the STRIDE model
    • Consequences of insecure software
  • Regulations and standards
    • Healthcare data protection regulations
    • Regulations for medical devices
  • Cyber security in the healthcare sector
    • Threats to medical devices
    • Attackers and motivation
    • The problem of legacy systems

Memory management vulnerabilities

  • Assembly basics and calling conventions
    • x64 assembly essentials
    • Registers and addressing
    • Most common instructions
    • Ca…

Read the complete description

Frequently asked questions

There are no frequently asked questions yet. If you have any more questions or need help, contact our customer service.

Didn't find what you were looking for? See also: Medical, C/C++, Infection Control, Advanced Practice, and Acute Care.

Voraussetzungen

General C/C++ development

Zielgruppe

C/C++ developers developing medical devices

Detaillierter Kursinhalt

Day 1

  • Cyber security basics
    • What is security?
    • Threat and risk
    • Cyber security threat types – the CIA triad
    • Cyber security threat types – the STRIDE model
    • Consequences of insecure software
  • Regulations and standards
    • Healthcare data protection regulations
    • Regulations for medical devices
  • Cyber security in the healthcare sector
    • Threats to medical devices
    • Attackers and motivation
    • The problem of legacy systems

Memory management vulnerabilities

  • Assembly basics and calling conventions
    • x64 assembly essentials
    • Registers and addressing
    • Most common instructions
    • Calling conventions on x64
  • Buffer overflow
    • Memory management and security
    • Vulnerabilities in the real world
    • Buffer security issues
    • Buffer overflow on the stack

Day 2

Memory management vulnerabilities

  • Best practices and some typical mistakes
    • Unsafe functions
    • Dealing with unsafe functions
    • Lab – Fixing buffer overflow
    • What's the problem with asctime()?
    • Lab – The problem with asctime()
    • Using std::string in C++
  • Some typical mistakes leading to BOF
    • Unterminated strings
    • readlink() and string termination
    • Manipulating C-style strings in C++
    • Malicious string termination
    • Lab – String termination confusion
    • String length calculation mistakes
    • Off-by-one errors
    • Case study – Off-by-one error in VxWorks TCP 'Urgent Data' parsing
    • Allocating nothing

Memory management hardening

  • Securing the toolchain
    • Securing the toolchain in C and C++
    • Compiler warnings and security
    • Using FORTIFY_SOURCE
    • Lab – Effects of FORTIFY
    • AddressSanitizer (ASan)
    • RELRO protection against GOT hijacking
    • Heap overflow protection
    • Stack smashing protection
  • Runtime protections
    • Runtime instrumentation
    • Address Space Layout Randomization (ASLR)
    • Non-executable memory areas

Common software security weaknesses

  • Security features
    • Authentication
    • Authorization

Day 3

Common software security weaknesses

  • Security features (continued)
    • Password management

Common software security weaknesses

  • Input validation
    • Input validation principles
    • Denylists and allowlists
    • Case study – Improper input validation in Natus Xltek NeuroWorks 8
    • What to validate – the attack surface
    • Where to validate – defense in depth
    • When to validate – validation vs transformations
    • Output sanitization
    • Encoding challenges
    • Unicode challenges
    • Validation with regex
    • Regular expression denial of service (ReDoS)
    • Lab – ReDoS in C
    • Dealing with ReDoS
    • Integer handling problems

Day 4

Common software security weaknesses

  • Input validation
    • Injection
    • Process control
    • Files and streams
    • Format string issues

Time and state

  • Race conditions

Errors

  • Error and exception handling principles
  • Error handling
  • Exception handling

Code quality

  • Code quality and security
  • Data handling
  • Object oriented programming pitfalls

Wrap up

  • Secure coding principles
  • And now what?
There are no reviews yet.

Share your review

Do you have experience with this course? Submit your review and help other people make the right choice. As a thank you for your effort we will donate $1.- to Stichting Edukans.

There are no frequently asked questions yet. If you have any more questions or need help, contact our customer service.