Secure Coding in C and C++

Secure Coding in C and C++

Robert C. Seacord

"The safety of data structures has no longer more desirable at a cost in keeping with the expansion and class of the assaults being made opposed to them. to deal with this challenge, we needs to increase the underlying recommendations and strategies used to create our platforms. in particular, we needs to construct safety in from the beginning, instead of append it as an afterthought. that is the aspect of safe Coding in C and C++. In cautious element, this ebook exhibits software program builders the best way to construct top of the range structures which are much less susceptible to expensive or even catastrophic assault. it is a publication that each developer should still learn ahead of the beginning of any severe project."
--Frank Abagnale, writer, lecturer, and top advisor on fraud prevention and safe documents

Learn the foundation factors of software program Vulnerabilities and the way to prevent Them

Commonly exploited software program vulnerabilities are typically attributable to avoidable software program defects. Having analyzed approximately 18,000 vulnerability studies over the last ten years, the CERT/Coordination middle (CERT/CC) has decided fairly small variety of root reasons account for many of them. This ebook identifies and explains those explanations and indicates the stairs that may be taken to avoid exploitation. in addition, this publication encourages programmers to undertake safety top practices and enhance a safety attitude which may support shield software program from tomorrow's assaults, not only today's.

Drawing at the CERT/CC's stories and conclusions, Robert Seacord systematically identifies this system mistakes probably to steer to safeguard breaches, indicates how they are often exploited, experiences the aptitude results, and provides safe alternatives.

Coverage contains technical element on how to

  • Improve the final defense of any C/C++ application
  • Thwart buffer overflows and stack-smashing assaults that make the most insecure string manipulation logic
  • Avoid vulnerabilities and protection flaws because of the wrong use of dynamic reminiscence administration functions
  • Eliminate integer-related difficulties: integer overflows, signal mistakes, and truncation errors
  • Correctly use formatted output services with out introducing format-string vulnerabilities
  • Avoid I/O vulnerabilities, together with race stipulations

Secure Coding in C and C++ provides countless numbers of examples of safe code, insecure code, and exploits, carried out for home windows and Linux. in case you are liable for developing safe C or C++ software--or for maintaining it safe--no different ebook provide you with this a lot unique, professional assistance.

Show sample text content

Download sample