1 FP 201 PROGRAMMING FUNDAMENTALS FP 201 Programming

1 FP 201 PROGRAMMING FUNDAMENTALS FP 201 Programming Fundamentals 1. 0 • Introduction To C++ Programming 2. 0 • Basic C++ Program Structure 3. 0 • Program Control 4. 0 • Array And Structures 5. 0 • Function 6. 0 • Pointer 7. 0 • Secure Programming in C++ © 2011/2012 | PN NORHASLIZA BT MUHAMAD NOR

2 7. 0 SECURE PROGRAMMING IN C++ 7. 1 Understand the Secure Coding Principles FP 201 PROGRAMMING FUNDAMENTALS

3 FP 201 PROGRAMMING FUNDAMENTALS LEARNING OUTCOMES TOPIC 7. 1 By the end of this chapter students shall be able to : 1 • Describe what is secure coding. 2 • Explain why secure coding is important. 3 • Identify the general rule that should be followed to write secure programs.

4 FP 201 PROGRAMMING FUNDAMENTALS WHAT IS SECURE CODING? • Secure coding Coding that produces secure programs. • Secure Programs that cannot be manipulated into performing illegal operations. • Illegal operations Operations that compromise (menjejaskan) security and that program was not intended to perform according to its design.

5 FP 201 PROGRAMMING FUNDAMENTALS WHY IS SECURE CODING IS IMPORTANT? • Practicing secure coding techniques helps avoid most of the software defects(kecacatan) that responsible for causing vulnerabilities(kelemahan) and improves the quality of the software.

6 FP 201 PROGRAMMING FUNDAMENTALS RULE TO WRITE SECURE PROGRAMS 1) 2) 3) 4) 5) Coding style guidelines Input data validation Performance optimization Assertions and debug traces Enforcing security checks at compile time

A 1. An Exception is an indication/merujuk of a problem that occurs during a program’s execution, example. I. Insufficient memory II. Division by zero III. Array subscript out of bound IV. Invalid function parameter V. Arithmetic overflow Exception Handling Concept: Exception handling enables programmers to create applications that can resolve (or handle) exceptions

B 1. An exception is thrown by using the throw keyword from inside the try block. Exception handlers are declared with the keyword catch, which must be placed immediately after the try block: try { Dangerous. Statement throw exception(); } catch(<exception_class> <object>) { //perform error processing }

B 2. try block are created to surround areas of code that might have a problem. A try block is a block, surrounded by braces, in which an exception might be thrown. An exception is thrown by using the throw keyword inside the try block. try { Dangerous. Statement throw exception(); } 3. A catch block is the block immediately following a try block, in which exceptions are handled. The advantage of using catch block is all possible exceptions will be caught. If no catch handler matches the type of a thrown object, its continue search in next try block if there is, if not terminate. try { Dangerous. Statement throw exception(); } catch(<exception_class> <object>) { //perform error processing }

B 4. The statement throw use to process exception by catch handler associated with the try. 5. You will normally find throw statement at: �Inside try block �Inside catch block �When declaring a function try { Dangerous. Statement throw exception(); } catch(<exception_class> <object>) { //perform error processing }

D #include<iostream. h> #include<stdexcept> class Number { public : void display( int a) {int answer; try{ if(a>100) throw exception(); answer=100/a; cout<<"Your number divide by 100 : "<<answer; cout<<"n"; }catch(exception &){ cout<<"Exception occured : Enter number <=100. "<<endl; } } }; void main() { int x; cout<<"Enter number to divide by 100 : "; cin>>x; Number n; n. display(x); }

D #include <iostream. h> #include <stdexcept> int main() { try { int age; cout << "enter age: "; cin >> age; if(cin. fail()) throw exception(); cout << "your age "<<age<<endl; } catch(exception exc) { cout <<"error"<<endl; } system("pause"); return(0); }