Home > Store > Security > Software Security

Secure Coding in C and C++, 2nd Edition

Register your product to gain access to bonus material or receive a coupon.

Secure Coding in C and C++, 2nd Edition

Best Value Purchase

Book + eBook Bundle

  • Your Price: $59.39
  • List Price: $98.98
  • Includes EPUB, MOBI, and PDF
  • About eBook Formats
  • This eBook includes the following formats, accessible from your Account page after purchase:

    ePub EPUB The open industry format known for its reflowable content and usability on supported mobile devices.

    MOBI MOBI The eBook format compatible with the Amazon Kindle and Amazon Kindle applications.

    Adobe Reader PDF The popular standard, used most often with the free Adobe® Reader® software.

    This eBook requires no passwords or activation to read. We customize your eBook by discretely watermarking it with your name, making it uniquely yours.

More Purchase Options

Book

  • Your Price: $43.99
  • List Price: $54.99
  • Usually ships in 24 hours.

eBook (Watermarked)

  • Your Price: $35.19
  • List Price: $43.99
  • Includes EPUB, MOBI, and PDF
  • About eBook Formats
  • This eBook includes the following formats, accessible from your Account page after purchase:

    ePub EPUB The open industry format known for its reflowable content and usability on supported mobile devices.

    MOBI MOBI The eBook format compatible with the Amazon Kindle and Amazon Kindle applications.

    Adobe Reader PDF The popular standard, used most often with the free Adobe® Reader® software.

    This eBook requires no passwords or activation to read. We customize your eBook by discretely watermarking it with your name, making it uniquely yours.

Description

  • Copyright 2013
  • Dimensions: 7" x 9-1/8"
  • Pages: 600
  • Edition: 2nd
  • Book
  • ISBN-10: 0-321-82213-7
  • ISBN-13: 978-0-321-82213-0

Learn the Root Causes of Software Vulnerabilities and How to Avoid Them

Commonly exploited software vulnerabilities are usually caused by avoidable software defects. Having analyzed tens of thousands of vulnerability reports since 1988, CERT has determined that a relatively small number of root causes account for most of the vulnerabilities.

Secure Coding in C and C++, Second Edition, identifies and explains these root causes and shows the steps that can be taken to prevent exploitation. Moreover, this book encourages programmers to adopt security best practices and to develop a security mindset that can help protect software from tomorrow’s attacks, not just today’s. Drawing on the CERT’s reports and conclusions, Robert C. Seacord systematically identifies the program errors most likely to lead to security breaches, shows how they can be exploited, reviews the potential consequences, and presents secure alternatives.

Coverage includes technical detail on how to

  • Improve the overall security of any C or C++ application
  • Thwart buffer overflows, stack-smashing, and return-oriented programming attacks that exploit insecure string manipulation logic
  • Avoid vulnerabilities and security flaws resulting from the incorrect use of dynamic memory management functions
  • Eliminate integer-related problems resulting from signed integer overflows, unsigned integer wrapping, and truncation errors
  • Perform secure I/O, avoiding file system vulnerabilities
  • Correctly use formatted output functions without introducing format-string vulnerabilities
  • Avoid race conditions and other exploitable vulnerabilities while developing concurrent code

The second edition features

  • Updates for C11 and C++11
  • Significant revisions to chapters on strings, dynamic memory management, and integer security
  • A new chapter on concurrency
  • Access to the online secure coding course offered through Carnegie Mellon’s Open Learning Initiative (OLI)

Secure Coding in C and C++, Second Edition, presents hundreds of examples of secure code, insecure code, and exploits, implemented for Windows and Linux. If you’re responsible for creating secure C or C++ software–or for keeping it safe–no other book offers you this much detailed, expert assistance.

Sample Content

Online Sample Chapter

Secure Coding in C and C++: Strings and Buffer Overflows

Sample Pages

Download the sample pages (includes Chapter 2 and Index)

Table of Contents

Foreword         xvii

Preface         xxi

Acknowledgments         xxv

About the Author         xxvii

Chapter 1: Running with Scissors         1

1.1 Gauging the Threat   5

1.2 Security Concepts   12

1.3 C and C++   17

1.4 Development Platforms   25

1.5 Summary   27

1.6 Further Reading   28

Chapter 2: Strings         29

2.1 Character Strings   29

2.2 Common String Manipulation Errors   42

2.3 String Vulnerabilities and Exploits   50

2.4 Mitigation Strategies for Strings   72

2.5 String-Handling Functions   84

2.6 Runtime Protection Strategies   101

2.7 Notable Vulnerabilities   117

2.8 Summary   118

2.9 Further Reading   120

Chapter 3: Pointer Subterfuge         121

3.1 Data Locations   122

3.2 Function Pointers   123

3.3 Object Pointers   124

3.4 Modifying the Instruction Pointer   125

3.5 Global Offset Table   127

3.6 The .dtorsSection   129

3.7 Virtual Pointers   131

3.8 The atexit()and on_exit()Functions   133

3.9 The longjmp()Function   134

3.10 Exception Handling   136

3.11 Mitigation Strategies   139

3.12 Summary   142

3.13 Further Reading   143

Chapter 4: Dynamic Memory Management         145

4.1 C Memory Management   146

4.2 Common C Memory Management Errors   151

4.3 C++ Dynamic Memory Management   162

4.4 Common C++ Memory Management Errors   172

4.5 Memory Managers   180

4.6 Doug Lea’s Memory Allocator   182

4.7 Double-Free Vulnerabilities   191

4.8 Mitigation Strategies   212

4.9 Notable Vulnerabilities   222

4.10 Summary   224

Chapter 5: Integer Security         225

5.1 Introduction to Integer Security   225

5.2 Integer Data Types   226

5.3 Integer Conversions   246

5.4 Integer Operations   256

5.5 Integer Vulnerabilities   283

5.6 Mitigation Strategies   288

5.7 Summary   307

Chapter 6: Formatted Output          309

6.1 Variadic Functions   310

6.2 Formatted Output Functions   313

6.3 Exploiting Formatted Output Functions   319

6.4 Stack Randomization   332

6.5 Mitigation Strategies   337

6.6 Notable Vulnerabilities   348

6.7 Summary   349

6.8 Further Reading   351

Chapter 7: Concurrency         353

7.1 Multithreading   354

7.2 Parallelism   355

7.3 Performance Goals   359

7.4 Common Errors   362

7.5 Mitigation Strategies   368

7.6 Mitigation Pitfalls   384

7.7 Notable Vulnerabilities   399

7.8 Summary   401

Chapter 8: File I/O         403

8.1 File I/O Basics   403

8.2 File I/O Interfaces   407

8.3 Access Control   413

8.4 File Identification   432

8.5 Race Conditions   450

8.6 Mitigation Strategies   461

8.7 Summary   472

Chapter 9: Recommended Practices         473

9.1 The Security Development Lifecycle   474

9.2 Security Training   480

9.3 Requirements   481

9.4 Design   486

9.5 Implementation   503

9.6 Verification   512

9.7 Summary   518

9.8 Further Reading   518

References         519

Acronyms          539

Index          545

More Information

ONE MONTH ACCESS!

WITH PURCHASE


Get unlimited 30-day access to thousands of Books & Training Videos about technology, professional development and digital media If you continue your subscription after your 30-day trial, you can receive 30% off a monthly subscription to the Safari Library for up to 12 months.