Materials developed for CS1 focus on three important security vulnerabilities:

Integer errors

Integer errors can happen when assignments, mathematical operations, and external input lead to a result that is too large to fit within the range of values that can be stored in variables of a given data type. These errors can lead to loss of data due to overflow, truncation, or sign problems.

Injection module for: C++ Java
Answers (instructor access only): C++ Java
Security Injections 2.0 (demo) C++ Java
 

Input validation

Input validation vulnerabilities are caused by failure to verify that input data are within the right value range, contain the right data, or otherwise meet the appropriate specification.

Injection module for: C++     Java Python
Security Injections 2.0 (demo) C++   Java  Python
 

Buffer overflow

Buffer overflow involves writing a value outside the boundaries of a bounded, static-size array.

Injection module for: C++ Java  Python
Answers (instructor access only): C++ Java 
Security Injections 2.0 (demo) C++  Java  Python

 

 

Additional Modules


Best Practices for Secure Variables

Injection module for: Java

 

Exception Handling

Injection module for: Java

 

For more details regarding secure coding recommendations for C++ and Java, please refer to the   CERT Secure Coding Standards.

 
Copyright © Towson University