Secure Coding in C and C++

Secure Coding in C and C++

Robert C. Seacord

"The defense of data structures has no longer greater at a fee in line with the expansion and class of the assaults being made opposed to them. to handle this challenge, we needs to enhance the underlying techniques and strategies used to create our structures. particularly, we needs to construct defense in from the beginning, instead of append it as an afterthought. that is the element of safe Coding in C and C++. In cautious element, this booklet indicates software program builders the right way to construct top of the range platforms which are much less susceptible to high priced or even catastrophic assault. it is a publication that each developer should still learn earlier than the beginning of any critical project."
--Frank Abagnale, writer, lecturer, and prime advisor on fraud prevention and safe documents

Learn the basis explanations of software program Vulnerabilities and the way to prevent Them

Commonly exploited software program vulnerabilities are typically attributable to avoidable software program defects. Having analyzed approximately 18,000 vulnerability reviews over the last ten years, the CERT/Coordination middle (CERT/CC) has decided rather small variety of root factors account for many of them. This e-book identifies and explains those explanations and exhibits the stairs that may be taken to avoid exploitation. in addition, this booklet encourages programmers to undertake protection most sensible practices and enhance a safety approach which could support defend software program from tomorrow's assaults, not only today's.

Drawing at the CERT/CC's experiences and conclusions, Robert Seacord systematically identifies this system blunders probably to guide to protection breaches, exhibits how they are often exploited, experiences the capability outcomes, and provides safe alternatives.

Coverage comprises technical aspect on how to

  • Improve the final safety of any C/C++ application
  • Thwart buffer overflows and stack-smashing assaults that take advantage of insecure string manipulation logic
  • Avoid vulnerabilities and defense flaws because of the wrong use of dynamic reminiscence administration functions
  • Eliminate integer-related difficulties: integer overflows, signal error, and truncation errors
  • Correctly use formatted output services with out introducing format-string vulnerabilities
  • Avoid I/O vulnerabilities, together with race stipulations

Secure Coding in C and C++ offers thousands of examples of safe code, insecure code, and exploits, carried out for home windows and Linux. in case you are accountable for growing safe C or C++ software--or for maintaining it safe--no different publication will give you this a lot special, professional assistance.

Show sample text content

Download sample