Thanks a lot for the reply. What is your opinion on static checking tool
and safe subset of C? Does that help?
On Friday, July 13, 2018, Dean Pucsek <dean(a)lightbulbone.com> wrote:
Hello Wean,
It is certainly possible to learn how to program in C without spending any
money; all it requires is a basic toolchain and a willingness to learn.
don't sell yourself short by hinting that you might be "stupid" (you
almost
certainly aren't).
In order to get started with C I suggest setting up an environment to
experiment in; for that look into installing LLVM/Clang (
http://releases.llvm.org/) there are pre-built binaries for most major
operating systems. Once that is done all you need is a text editor (Notepad
on Windows or one of the other many free options) and some patience. As for
tutorials and resources, some options are:
- Searching on Google for "c tutorial"; one result that looks interesting
is
http://www.learn-c.org/.
- Finding an open source project that interests you and trying to
understand the code then implement a change.
- While not free, may people swear by the K&R book as a great resource to
start.
In terms of writing code that is free of undefined behaviour and
vulnerabilities your best bet is to learn what code constructs cause those
to occur and how to avoid them. A great book for this is The Art of
Software Security Assessment by Mark Dowd, there is a PDF of Chapter 6 (C
Language Issues) available at
https://trailofbits.github.io/
ctf/vulnerabilities/references/Dowd_ch06.pdf.
Learning about C, undefined behaviour, and vulnerabilities doesn't happen
overnight so be patient and enjoy the journey.
--Dean