This title is out of print.
Secure Coding in C and C++provides practical advice on safe practices in C and
C++ programming. Producing secure programs requires secure designs.
However, even the best designs can lead to insecure programs if developers are
unaware of the many security pitfalls inherent in C and C++ programming.
This book provides a detailed explanation of common programming errors in
C and C++ and describes how these errors can lead to code that is vulnerable
to exploitation. In particular, this book concentrates on security issues intrinsic
to the C and C++ programming languages and associated libraries. The intent
is that this book be useful to anyone involved in developing secure C and C++
programs regardless of the specific application.
**By targeting the C/C++ languages, this book focuses on the largest pie of
developers. There are specific pieces of information that can also help people
in other roles such as system analysis and project management. The content of
this book can also serve as a very good reference for programming courses at
|Online purchase price||$43.99|
This product is part of the following series. Click on a series title to see the full list of products in the series.
A code companion developers will turn to again and again as they seek to protect their systems from attackers.
° Important book because so many programs continue to be written in C/C++ -- languages that do not include any built-in security safeguards for programmers and the resulting code.
° Contains hundreds of examples of secure and insecure code as well as sample exploits.
° This book taps into invaluable CERT work in identifying, analyzing, and overcoming software vulnerabilities.
About the Author.
1. Running with Scissors.
Gauging the Threat
C and C++
Common String Manipulation Errors
Process Memory Organization
3. Pointer Subterfuge.
Modifying the Instruction Pointer
Global Offset Table
The .dtors Section
The atexit() and on_exit() Functions
The longjmp() Function
4. Dynamic Memory Management.
Dynamic Memory Management
Common Dynamic Memory Management Errors
Doug Lea's Memory Allocator
5. Integer Security.
Integer Error Conditions
Nonexceptional Integer Logic Errors
6. Formatted Output.
Formatted Output Functions
Exploiting Formatted Output Functions
7. File I/O.
Time of Check, Time of Use
Files as Locks and File Locking
File System Exploits
8. Recommended Practices.
Secure Software Development Principles
Systems Quality Requirements Engineering
Architecture and Design
Defense in Depth
Pearson offers special pricing when you package your text with other student resources. If you're interested in creating a cost-saving package for your students, contact your Pearson rep.
|Online purchase price||$43.99|
Robert Seacord began programming (professionally) for IBM in 1982 and has been programming in C since 1985, and in C++ since 1992. Robert is currently a Senior Vulnerability Analyst with the CERT/Coordination Center at the Software Engineering Institute (SEI). He is coauthor of Building Systems from Commercial Components (Addison-Wesley, 2002) and Modernizing Legacy Systems (Addison-Wesley, 2003). The CERT/CC, among other security-related activities, regularly analyzes software vulnerability reports and assesses the risk to the Internet and other critical infrastructure.
We're sorry! We don't recognize your username or password. Please try again.
The work is protected by local and international copyright laws and is provided solely for the use of instructors in teaching their courses and assessing student learning.
You have successfully signed out and will be required to sign back in should you need to download more resources.