Secure Coding in C and C++

by Robert C. Seacord

Series:SEI Series in Software Engineering

Description

Learn the Root Causes of Software Vulnerabilities and How to Avoid Them Commonly exploited software vulnerabilities are usually caused by avoidable software defects. Having analyzed tens of thousands of vulnerability reports since 1988, CERT has determined that a relatively small number of root causes account for most of the vulnerabilities. Secure Coding in C and C++, Second Edition, identifies and explains these root causes and shows the steps that can be taken to prevent exploitation. show more Moreover, this book encourages programmers to adopt security best practices and to develop a security mindset that can help protect software from tomorrow’s attacks, not just today’s. Drawing on the CERT’s reports and conclusions, Robert C. Seacord systematically identifies the program errors most likely to lead to security breaches, shows how they can be exploited, reviews the potential consequences, and presents secure alternatives. Coverage includes technical detail on how to Improve the overall security of any C or C++ application Thwart buffer overflows, stack-smashing, and return-oriented programming attacks that exploit insecure string manipulation logic Avoid vulnerabilities and security flaws resulting from the incorrect use of dynamic memory management functions Eliminate integer-related problems resulting from signed integer overflows, unsigned integer wrapping, and truncation errors Perform secure I/O, avoiding file system vulnerabilities Correctly use formatted output functions without introducing format-string vulnerabilities Avoid race conditions and other exploitable vulnerabilities while developing concurrent code The second edition features Updates for C11 and C++11 Significant revisions to chapters on strings, dynamic memory management, and integer security A new chapter on concurrency Access to the online secure coding course offered through Carnegie Mellon’s Open Learning Initiative (OLI) Secure Coding in C and C++, Second Edition, presents hundreds of examples of secure code, insecure code, and exploits, implemented for Windows and Linux. If you’re responsible for creating secure C or C++ software–or for keeping it safe–no other book offers you this much detailed, expert assistance. show less

Recommendations

More Exceptional C : 40 New Engineering Puzzles, Programming Problems, and Solutions by Herb Sutter

More Exceptional C : 40 New Engineering Puzzles, Programming Problems, and Solutions

Herb Sutter

Advanced programming in the UNIX environment by W. Richard Stevens

Advanced programming in the UNIX environment

W. Richard Stevens

C++ Coding Standards: 101 Rules, Guidelines, and Best Practices by Herb Sutter

C++ Coding Standards: 101 Rules, Guidelines, and Best Practices

Herb Sutter

Modern C++ Design: Generic Programming and Design Patterns Applied by Andrei Alexandrescu

Modern C++ Design: Generic Programming and Design Patterns Applied

Andrei Alexandrescu

Expert C Programming by Peter van der Linden

Expert C Programming

Peter van der Linden

The C Programming Language (2nd Edition) by Brian W. Kernighan

The C Programming Language (2nd Edition)

Brian W. Kernighan

C++ Template Metaprogramming: Concepts, Tools, and Techniques from Boost and Beyond by David Abrahams

C++ Template Metaprogramming: Concepts, Tools, and Techniques from Boost and Beyond

David Abrahams

More Effective C : 35 New Ways to Improve Your Programs and Designs by Scott Meyers

More Effective C : 35 New Ways to Improve Your Programs and Designs

Scott Meyers

Exceptional C++: 47 Engineering Puzzles, Programming Problems, and Solutions by Herb Sutter

Exceptional C++: 47 Engineering Puzzles, Programming Problems, and Solutions

Herb Sutter

Secure Programming Cookbook for C and C : Recipes for Cryptography, Authentication, Input Validation & More by John Viega

Secure Programming Cookbook for C and C : Recipes for Cryptography, Authentication, Input Validation & More

John Viega

The CERT C Secure Coding Standard by Robert C. Seacord

The CERT C Secure Coding Standard

Robert C. Seacord

The C Standard Library: A Tutorial and Reference by Nicolai M. Josuttis

The C Standard Library: A Tutorial and Reference

Nicolai M. Josuttis

C Templates: The Complete Guide by David Vandevoorde

C Templates: The Complete Guide

David Vandevoorde

Programming: Principles and Practice Using C++ by Bjarne Stroustrup

Programming: Principles and Practice Using C++

Bjarne Stroustrup

C Common Knowledge: Essential Intermediate Programming by Stephen C. Dewhurst

C Common Knowledge: Essential Intermediate Programming

Stephen C. Dewhurst

Accelerated C++: Practical Programming by Example by Andrew Koenig

Accelerated C++: Practical Programming by Example

Andrew Koenig

Effective C++: 55 Specific Ways to Improve Your Programs and Designs (3rd Edition) by Scott Meyers

Effective C++: 55 Specific Ways to Improve Your Programs and Designs (3rd Edition)

Scott Meyers

Secure Coding: Principles and Practices by Mark G. Graff

Secure Coding: Principles and Practices

Mark G. Graff

Effective STL: 50 Specific Ways to Improve Your Use of the Standard Template Library by Scott Meyers

Effective STL: 50 Specific Ways to Improve Your Use of the Standard Template Library

Scott Meyers

The C++ Programming Language {2nd Edition} by Bjarne Stroustrup

The C++ Programming Language {2nd Edition}

Bjarne Stroustrup

Exceptional C++ Style: 40 New Engineering Puzzles, Programming Problems, and Solutions by Herb Sutter

Exceptional C++ Style: 40 New Engineering Puzzles, Programming Problems, and Solutions

Herb Sutter

Beyond the C Standard Library: An Introduction to Boost by Björn Karlsson

Beyond the C Standard Library: An Introduction to Boost

Björn Karlsson

The Design and Evolution of C++ by Bjarne Stroustrup

The Design and Evolution of C++

Bjarne Stroustrup

Gray Hat Python: Python Programming for Hackers and Reverse Engineers by Justin Seitz

Gray Hat Python: Python Programming for Hackers and Reverse Engineers

Justin Seitz

C++ Primer by Stanley B. Lippman

C++ Primer

Stanley B. Lippman

Effective C++: 50 Specific Ways to Improve Your Programs and Design (2nd Edition) by Scott Meyers

Effective C++: 50 Specific Ways to Improve Your Programs and Design (2nd Edition)

Scott Meyers

The C++ Programming Language {Special 3rd Edition} by Bjarne Stroustrup

The C++ Programming Language {Special 3rd Edition}

Bjarne Stroustrup

C++: How to Program by Harvey M. Deitel

C++: How to Program

Harvey M. Deitel

Writing Secure Code, Second Edition by Michael Howard

Writing Secure Code, Second Edition

Michael Howard

Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software by Michael Sikorski

Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software

Michael Sikorski

Effective modern C++: 42 Specific Ways to Improve Your Use of C++11 and C++14 by Scott Meyers

Effective modern C++: 42 Specific Ways to Improve Your Use of C++11 and C++14

Scott Meyers

Hacking: The Art of Exploitation by Jon Erickson

Hacking: The Art of Exploitation

Jon Erickson

Counter Hack Reloaded: A Step-by-Step Guide to Computer Attacks and Effective Defenses (2nd Edition) by Edward Skoudis

Counter Hack Reloaded: A Step-by-Step Guide to Computer Attacks and Effective Defenses (2nd Edition)

Edward Skoudis

C Concurrency in Action: Practical Multithreading by Anthony Williams

C Concurrency in Action: Practical Multithreading

Anthony Williams

Practical UNIX and Internet Security by Simson Garfinkel

Practical UNIX and Internet Security

Simson Garfinkel

Windows Debugging Notebook: Essential User Space WinDbg Commands by Roberto Alexis Farah

Windows Debugging Notebook: Essential User Space WinDbg Commands

Roberto Alexis Farah

C: A Reference Manual (5th Edition) by Samuel P. Harbison

C: A Reference Manual (5th Edition)

Samuel P. Harbison

Write Great Code, Volume 2: Thinking Low-Level, Writing High-Level by Randall Hyde

Write Great Code, Volume 2: Thinking Low-Level, Writing High-Level

Randall Hyde

Managing Projects with GNU Make (Nutshell Handbooks) by Robert Mecklenburg

Managing Projects with GNU Make (Nutshell Handbooks)

Robert Mecklenburg

The Security Development Lifecycle by Michael Howard

The Security Development Lifecycle

Michael Howard

21st Century C: C Tips from the New School by Ben Klemens

21st Century C: C Tips from the New School

Ben Klemens

Memory as a Programming Concept in C and C by Frantisek Franek

Memory as a Programming Concept in C and C

Frantisek Franek

The Shellcoder's Handbook: Discovering and Exploiting Security Holes by Chris Anley

The Shellcoder's Handbook: Discovering and Exploiting Security Holes

Chris Anley

The Practice of Programming by Brian W. Kernighan

The Practice of Programming

Brian W. Kernighan

Perl Cookbook [1st edition] by Tom Christiansen

Perl Cookbook [1st edition]

Tom Christiansen

Code Complete: A Practical Handbook of Software Construction by Steve McConnell

Code Complete: A Practical Handbook of Software Construction

Steve McConnell

Write Great Code: Volume 1: Understanding the Machine by Randall Hyde

Write Great Code: Volume 1: Understanding the Machine

Randall Hyde

The Web Application Hacker's Handbook: Discovering and Exploiting Security Flaws by Dafydd Stuttard

The Web Application Hacker's Handbook: Discovering and Exploiting Security Flaws

Dafydd Stuttard

Applied Cryptography: Protocols, Algorithms, and Source Code in C, Second Edition by Bruce Schneier

Applied Cryptography: Protocols, Algorithms, and Source Code in C, Second Edition

Bruce Schneier

Professional C by Marc Gregoire

Professional C

Marc Gregoire

Complete Recommendations

Member Reviews

Featured Recent Thumbs

All Ratings
3
2
2
No Rating

1 review

apotheon 236 reviews

I'm just over 10% in as of this writing, and I finally started getting to the part where it talks about secure coding techniques. Consequently, I'm not far enough into the book to comment on whether the actual core purpose of the book is well-presented and full of good advice. I can say that it's a little frustrating that the foregoing parts of the book have been the usual "this is why secure coding is important" and "these are examples of things that have blown up in the faces of the whole world" fluff expanded to take up ten percent of the book. I'm also slightly concerned that this author referred to [b:Secure Coding: Principles and Practices|1069723|Secure Coding Principles and Practices|Mark G. show more Graff|https://i.gr-assets.com/images/S/compressed.photo.goodreads.com/books/1521646329l/1069723._SX50_.jpg|1056398] in positive terms as if it is the best resource for secure software development process, given all the obsolete, broken, and generally ill-advised content in that book (see my review of Secure Coding: Principles And Practices for some details).

If the rest of the book presents good, practical advice for specific secure coding techniques, and stays away from bad advice about process-oriented ideas, it can still be worth four stars, though. I have high hopes, given the book's reputation and its author's pedigree. I'll try to remember to update this review later. show less

Ratings

jsburbidge 184 reviews