Secure Coding in C and C++, 2/e (Paperback)

Robert C. Seacord

買這商品的人也買了...

商品描述

Learn the Root Causes of Software Vulnerabilities and How to Avoid Them

 

Commonly exploited software vulnerabilities are usually caused by avoidable software defects. Having analyzed tens of thousands of vulnerability reports since 1988, CERT has determined that a relatively small number of root causes account for most of the vulnerabilities.

 

Secure Coding in C and C++, Second Edition, identifies and explains these root causes and shows the steps that can be taken to prevent exploitation. Moreover, this book encourages programmers to adopt security best practices and to develop a security mindset that can help protect software from tomorrow’s attacks, not just today’s. Drawing on the CERT’s reports and conclusions, Robert C. Seacord systematically identifies the program errors most likely to lead to security breaches, shows how they can be exploited, reviews the potential consequences, and presents secure alternatives.

 

Coverage includes technical detail on how to

  • Improve the overall security of any C or C++ application
  • Thwart buffer overflows, stack-smashing, and return-oriented programming attacks that exploit insecure string manipulation logic
  • Avoid vulnerabilities and security flaws resulting from the incorrect use of dynamic memory management functions
  • Eliminate integer-related problems resulting from signed integer overflows, unsigned integer wrapping, and truncation errors
  • Perform secure I/O, avoiding file system vulnerabilities
  • Correctly use formatted output functions without introducing format-string vulnerabilities
  • Avoid race conditions and other exploitable vulnerabilities while developing concurrent code

 

The second edition features

  • Updates for C11 and C++11
  • Significant revisions to chapters on strings, dynamic memory management, and integer security
  • A new chapter on concurrency
  • Access to the online secure coding course offered through Carnegie Mellon’s Open Learning Initiative (OLI)

 

Secure Coding in C and C++, Second Edition, presents hundreds of examples of secure code, insecure code, and exploits, implemented for Windows and Linux. If you’re responsible for creating secure C or C++ software–or for keeping it safe–no other book offers you this much detailed, expert assistance.

 

商品描述(中文翻譯)

學習軟體漏洞的根本原因及如何避免它們

常見的軟體漏洞通常是由可避免的軟體缺陷引起的。自1988年以來,CERT已分析了數以萬計的漏洞報告,並確定了一小部分根本原因造成了大部分的漏洞。

《Secure Coding in C and C++,第二版》確定並解釋了這些根本原因,並展示了可以採取的步驟來防止利用。此外,本書鼓勵程式設計師採用安全最佳實踐,並培養一種安全意識,以保護軟體不受未來攻擊的影響,而不僅僅是當前的攻擊。根據CERT的報告和結論,Robert C. Seacord系統地識別了最有可能導致安全漏洞的程式錯誤,展示了它們如何被利用,回顧了潛在的後果,並提出了安全的替代方案。

內容包括如何提高任何C或C++應用程式的整體安全性,阻止利用不安全的字串操作邏輯的緩衝區溢位、堆疊破壞和返回導向編程攻擊,避免由於錯誤使用動態記憶體管理函數而導致的漏洞和安全缺陷,消除由於有符號整數溢位、無符號整數包裹和截斷錯誤引起的整數相關問題,執行安全的I/O,避免檔案系統漏洞,正確使用格式化輸出函數而不引入格式字串漏洞,開發並發程式碼時避免競爭條件和其他可利用的漏洞。

第二版的特點包括C11和C++11的更新,對字串、動態記憶體管理和整數安全性章節的重大修訂,以及一個新的並發章節。此外,還可以通過卡內基梅隆大學的開放學習計劃(OLI)線上安全編碼課程來獲取資源。

《Secure Coding in C and C++,第二版》提供了數百個安全程式碼、不安全程式碼和攻擊的範例,並在Windows和Linux上實現。如果您負責創建安全的C或C++軟體,或者負責保護它的安全,沒有其他書籍能夠提供如此詳細和專業的協助。