Thanks a lot for the reply. What is your opinion on static checking tool and safe subset of C? Does that help? On Friday, July 13, 2018, Dean Pucsek <dean@lightbulbone.com> wrote:

Hello Wean,

It is certainly possible to learn how to program in C without spending any money; all it requires is a basic toolchain and a willingness to learn. don't sell yourself short by hinting that you might be "stupid" (you almost certainly aren't).

In order to get started with C I suggest setting up an environment to experiment in; for that look into installing LLVM/Clang ( http://releases.llvm.org/) there are pre-built binaries for most major operating systems. Once that is done all you need is a text editor (Notepad on Windows or one of the other many free options) and some patience. As for tutorials and resources, some options are:

- Searching on Google for "c tutorial"; one result that looks interesting is http://www.learn-c.org/. - Finding an open source project that interests you and trying to understand the code then implement a change. - While not free, may people swear by the K&R book as a great resource to start.

In terms of writing code that is free of undefined behaviour and vulnerabilities your best bet is to learn what code constructs cause those to occur and how to avoid them. A great book for this is The Art of Software Security Assessment by Mark Dowd, there is a PDF of Chapter 6 (C Language Issues) available at https://trailofbits.github.io/ ctf/vulnerabilities/references/Dowd_ch06.pdf.

Learning about C, undefined behaviour, and vulnerabilities doesn't happen overnight so be patient and enjoy the journey.

--Dean