Secure Coding in C and C++
Robert C. Seacord - Collection The SEI Series in Software Engineering
Résumé
Learn the Root Causes of Software Vulnerabilities and How to Avoid Them
Commonly exploited software vulnerabilities are usually caused by avoidable software defects. Having analyzed nearly 18,000 vulnerability reports over the past ten years, the CERT/Coordination Center (CERT/CC) has determined that a relatively small number of root causes account for most of them. This book identifies and explains these causes and shows the steps that can be taken to prevent exploitation. Moreover, this book encourages programmers to adopt security best practices and develop a security mindset that can help protect software from tomorrow's attacks, not just today's.
Drawing on the CERT/CC's reports and conclusions, Robert Seacord systematically identifies the program errors most likely to lead to security breaches, shows how they can be exploited, reviews the potential consequences, and presents secure alternatives.
Coverage includes technical detail on how to
- Improve the overall security of any C/C++ application
- Thwart buffer overflows and stack-smashing attacks that exploit insecure string manipulation logic
- Avoid vulnerabilities and security flaws resulting from the incorrect use of dynamic memory management functions
- Eliminate integer-related problems: integer overflows, sign errors, and truncation errors
- Correctly use formatted output functions without introducing format-string vulnerabilities
- Avoid I/O vulnerabilities, including race conditions
Secure Coding in C and C++ presents hundreds of examples of secure code, insecure code, and exploits, implemented for Windows and Linux. If you're responsible for creating secure C or C++ software--or for keeping it safe--no other book offers you this much detailed, expert assistance.
L'auteur - Robert C. Seacord
Robert C. Seacord is a senior technical staff member at
the SEI. He has over 17 years of development experience,
including extensive work with Enterprise JavaBeans™,
CORBA, and Web technologies. He has previously been a
technical staff member at the X Consortium and IBM.
Sommaire
- Running with Scissors
- Strings
- Pointer Subterfuge
- Dynamic Memory Management
- Integer Security
- Formatted Output
- File I/O
- Recommended Practices
Caractéristiques techniques
PAPIER | |
Éditeur(s) | Addison Wesley |
Auteur(s) | Robert C. Seacord |
Collection | The SEI Series in Software Engineering |
Parution | 21/12/2005 |
Nb. de pages | 342 |
Format | 17,5 x 23,5 |
Couverture | Broché |
Poids | 530g |
Intérieur | Noir et Blanc |
EAN13 | 9780321335722 |
ISBN13 | 978-0-321-33572-2 |
Avantages Eyrolles.com
Consultez aussi
- Les meilleures ventes en Graphisme & Photo
- Les meilleures ventes en Informatique
- Les meilleures ventes en Construction
- Les meilleures ventes en Entreprise & Droit
- Les meilleures ventes en Sciences
- Les meilleures ventes en Littérature
- Les meilleures ventes en Arts & Loisirs
- Les meilleures ventes en Vie pratique
- Les meilleures ventes en Voyage et Tourisme
- Les meilleures ventes en BD et Jeunesse
- Informatique Développement d'applications Techniques de programmation Structures de données
- Informatique Développement d'applications Algorithmique et informatique appliquée Initiation à l'algorithmique et la programmation
- Informatique Développement d'applications Technologies objet
- Informatique Développement d'applications Programmation UNIX / Linux C sous Unix
- Informatique Développement d'applications Programmation graphique et multimédia Programmation graphique en C/C++
- Informatique Développement d'applications Langages C
- Informatique Développement d'applications Langages C++
- Informatique Développement d'applications Outils de développement Borland C++ Builder
- Informatique Développement d'applications Outils de développement Visual C++
- Informatique Développement d'applications Outils de développement Visual C++ .NET