Secure Coding in C and C++

Name: Secure Coding in C and C++
Price: 4.91 USD
Availability: InStock
ISBN: 9780321335722

ISBN-10: 0321335724

ISBN-13: 9780321335722

Edition: 2006

Authors: Robert C. Seacord

List price: $54.99

30 day, 100% satisfaction guarantee!

Marketplace

3 new & used from $4.91

what's this?

Rush Rewards U
Members Receive:

You have reached 400 XP and carrot coins. That is the daily max!

Description:

A code companion developers will turn to again and again as they seek to protect their systems from attackers.

Book details

List price: $54.99
Copyright year: 2006
Publisher: Addison Wesley Professional
Publication date: 9/9/2005
Binding: Paperback
Pages: 368
Size: 6.75" wide x 9.00" long x 0.75" tall
Weight: 0.792
Language: English

Fred Longis Senior Lecturer and Director of Learning and Teaching at Aberystwyth Universityrsquo;s Department of Computer Science, and SEI Visiting Scientist.Dhruv Mohindra, Senior Software Engineer at Persistent Systems Ltd., develops enterprise server monitoring software.Robert C. Seacordmanages CERTrsquo;s Secure Coding Initiative, and is adjunct professor at CMUrsquo;s School of Computer Science.Dean F. Sutherland, Senior Software Security Researcher at CERT, spent 14 years as a software engineer at Tartan, Inc.David Svoboda, CERT Software Security Engineer, has been primary developer on multiple CMU development projects since 1991.



Foreword


Preface


About the Author



Running with Scissors


Gauging the Threat


Security Concepts


C and C++


Development Platforms


Summary


Further Reading



Strings


String Characteristics


Common String Manipulation Errors


String Vulnerabilities


Process Memory Organization


Stack Smashing


Code Injection


Arc Injection


Mitigation Strategies


Notable Vulnerabilities


Summary


Further Reading



Pointer Subterfuge


Data Locations


Function Pointers


Data Pointers


Modifying the Instruction Pointer


Global Offset Table


The .dtors Section


Virtual Pointers


The atexit() and on_exit() Functions


The longjmp() Function


Exception Handling


Mitigation Strategies


Summary


Further Reading



Dynamic Memory Management


Dynamic Memory Management


Common Dynamic Memory Management Errors


Doug Lea's Memory Allocator


RtlHeap


Mitigation Strategies


Notable Vulnerabilities


Summary


Further Reading



Integer Security


Integers


Integer Conversions


Integer Error Conditions


Integer Operations


Vulnerabilities


Nonexceptional Integer Logic Errors


Mitigation Strategies


Notable Vulnerabilities


Summary


Further Reading



Formatted Output


Variadic Functions


Formatted Output Functions


Exploiting Formatted Output Functions


Stack Randomization


Mitigation Strategies


Notable Vulnerabilities


Summary


Further Reading



File I/O


Concurrency


Time of Check, Time of Use


Files as Locks and File Locking


File System Exploits


Mitigation Strategies


Summary



Recommended Practices


Secure Software Development Principles


Systems Quality Requirements Engineering


Threat Modeling


Use/Misuse Cases


Architecture and Design


Off-the-Shelf Software


Compiler Checks


Input Validation


Data Sanitization


Static Analysis


Quality Assurance


Memory Permissions


Defense in Depth


TSP-Secure


Summary


Further Reading References


Acronyms


Index