Secure Coding in C and C++, 2/e (Paperback)

Robert C. Seacord



Learn the Root Causes of Software Vulnerabilities and How to Avoid Them


Commonly exploited software vulnerabilities are usually caused by avoidable software defects. Having analyzed tens of thousands of vulnerability reports since 1988, CERT has determined that a relatively small number of root causes account for most of the vulnerabilities.


Secure Coding in C and C++, Second Edition, identifies and explains these root causes and shows the steps that can be taken to prevent exploitation. Moreover, this book encourages programmers to adopt security best practices and to develop a security mindset that can help protect software from tomorrow’s attacks, not just today’s. Drawing on the CERT’s reports and conclusions, Robert C. Seacord systematically identifies the program errors most likely to lead to security breaches, shows how they can be exploited, reviews the potential consequences, and presents secure alternatives.


Coverage includes technical detail on how to

  • Improve the overall security of any C or C++ application
  • Thwart buffer overflows, stack-smashing, and return-oriented programming attacks that exploit insecure string manipulation logic
  • Avoid vulnerabilities and security flaws resulting from the incorrect use of dynamic memory management functions
  • Eliminate integer-related problems resulting from signed integer overflows, unsigned integer wrapping, and truncation errors
  • Perform secure I/O, avoiding file system vulnerabilities
  • Correctly use formatted output functions without introducing format-string vulnerabilities
  • Avoid race conditions and other exploitable vulnerabilities while developing concurrent code


The second edition features

  • Updates for C11 and C++11
  • Significant revisions to chapters on strings, dynamic memory management, and integer security
  • A new chapter on concurrency
  • Access to the online secure coding course offered through Carnegie Mellon’s Open Learning Initiative (OLI)


Secure Coding in C and C++, Second Edition, presents hundreds of examples of secure code, insecure code, and exploits, implemented for Windows and Linux. If you’re responsible for creating secure C or C++ software–or for keeping it safe–no other book offers you this much detailed, expert assistance.





《Secure Coding in C and C++,第二版》確定並解釋了這些根本原因,並展示了可以採取的步驟來防止利用。此外,本書鼓勵程式設計師採用安全最佳實踐,並培養一種安全意識,以保護軟體不受未來攻擊的影響,而不僅僅是當前的攻擊。根據CERT的報告和結論,Robert C. Seacord系統地識別了最有可能導致安全漏洞的程式錯誤,展示了它們如何被利用,回顧了潛在的後果,並提出了安全的替代方案。



《Secure Coding in C and C++,第二版》提供了數百個安全程式碼、不安全程式碼和攻擊的範例,並在Windows和Linux上實現。如果您負責創建安全的C或C++軟體,或者負責保護它的安全,沒有其他書籍能夠提供如此詳細和專業的協助。