Secure Coding in C and C++ und über 1,5 Millionen weitere Bücher verfügbar für Amazon Kindle. Erfahren Sie mehr
1 neu ab EUR 18,94
Möchten Sie verkaufen?
Zur Rückseite klappen Zur Vorderseite klappen
Anhören Wird wiedergegeben... Angehalten   Sie hören eine Probe der Audible-Audioausgabe.
Weitere Informationen
Dieses Bild anzeigen

Secure Coding in C and C++ (Englisch) Taschenbuch – 2005


Alle 3 Formate und Ausgaben anzeigen Andere Formate und Ausgaben ausblenden
Amazon-Preis Neu ab Gebraucht ab
Kindle Edition
"Bitte wiederholen"
Taschenbuch, 2005
EUR 18,94
1 neu ab EUR 18,94

Hinweise und Aktionen

  • Sichern Sie Ihre Daten kostengünstig und sicher im europäischen Amazon Web-Services-Rechenzentrum. So einfach geht‘s

Jeder kann Kindle Bücher lesen — selbst ohne ein Kindle-Gerät — mit der KOSTENFREIEN Kindle App für Smartphones, Tablets und Computer.


Produktinformation

  • Taschenbuch: 368 Seiten
  • Verlag: Pearson; Auflage: 1st (2005)
  • Sprache: Englisch
  • ISBN-10: 8131705943
  • ISBN-13: 978-8131705940
  • Durchschnittliche Kundenbewertung: 4.5 von 5 Sternen  Alle Rezensionen anzeigen (2 Kundenrezensionen)
  • Amazon Bestseller-Rang: Nr. 6.722.490 in Bücher (Siehe Top 100 in Bücher)
  • Komplettes Inhaltsverzeichnis ansehen

Mehr über den Autor

Entdecken Sie Bücher, lesen Sie über Autoren und mehr

Produktbeschreibungen

Secure Coding in C and C++ provides practical advice on safe practices in C and C++ programming. Producing secure programs requires secure designs. However, even the best designs can lead to insecure programs if developers are unaware of the many security pitfalls inherent in C and C++ programming. This book provides a detailed explanation of common programming errors in C and C++ and describes how these errors can lead to code that is vulnerable to exploitation. In particular, this book concentrates on security issues intrinsic to the C and C++ programming languages and associated libraries. The intent is that this book be useful to anyone involved in developing secure C and C++ programs regardless of the specific application. **By targeting the C/C++ languages, this book focuses on the largest pie of developers. There are specific pieces of information that can also help people in other roles such as system analysis and project management. The content of this book can also serve as a very good reference for programming courses at various universities. Contents same as US/UK editions.

Welche anderen Artikel kaufen Kunden, nachdem sie diesen Artikel angesehen haben?

Kundenrezensionen

4.5 von 5 Sternen
5 Sterne
1
4 Sterne
1
3 Sterne
0
2 Sterne
0
1 Sterne
0
Beide Kundenrezensionen anzeigen
Sagen Sie Ihre Meinung zu diesem Artikel

Die hilfreichsten Kundenrezensionen

3 von 3 Kunden fanden die folgende Rezension hilfreich Von Roax am 3. März 2006
Format: Taschenbuch Verifizierter Kauf
The book aims to give an overview of programming errors that lead to possibly exploitable software defects. Some of these are errors you'd think only an amateur wouldn't avoid, others exploits are only possible due to complex combinations of compiler- or platform-specific behaviour and seemingly minor oversights. Each of the chapters is written by a different author, so they vary in quality and sometimes, as a programmer, you might be tempted to skip passages, because you just don't use the techniques described (good for you). But if you've got to review or refactor code you might come upon these techniques sooner or later, so it might be good to know about them anyway.
Examples and code fragments are understandable; as some of the techniques used in exploiting software defects are quite advanced magic it may sometimes necessary to reread sections.
Kommentar War diese Rezension für Sie hilfreich? Ja Nein Feedback senden...
Vielen Dank für Ihr Feedback. Wenn diese Rezension unangemessen ist, informieren Sie uns bitte darüber.
Wir konnten Ihre Stimmabgabe leider nicht speichern. Bitte erneut versuchen
0 von 1 Kunden fanden die folgende Rezension hilfreich Von Wolfgang M. BUCHTA am 10. Oktober 2008
Format: Taschenbuch
Sehr detailliert und anschaulich beschäftigt sich der Autor mit den Fallen, welche die Sprachen C und C++ für die Programmierer so bereit halten.

Zahlreiche Beispiele machen Probleme wie "buffer overflow", "arc injection" oder "integer security" anschaulich - zumindest für den Programmierer. Ams Lehrbuch und zum Selbststudium sehr empfehlenswert.
Kommentar War diese Rezension für Sie hilfreich? Ja Nein Feedback senden...
Vielen Dank für Ihr Feedback. Wenn diese Rezension unangemessen ist, informieren Sie uns bitte darüber.
Wir konnten Ihre Stimmabgabe leider nicht speichern. Bitte erneut versuchen

Die hilfreichsten Kundenrezensionen auf Amazon.com (beta)

Amazon.com: 11 Rezensionen
27 von 28 Kunden fanden die folgende Rezension hilfreich
A book for programmers 8. November 2005
Von R. Meyers - Veröffentlicht auf Amazon.com
Format: Taschenbuch
There seem to be three categories of computer security books. The first category is books written for system administrators or computer owners, and explains how to protect the computers under their control. The second category is the "true crime" genre that recounts the exploits of black hat hackers or explains the hacker culture (sometimes as "how-to" books for non-programmers). The third, and rarest, category is books for professional programmers that explain the coding idioms that make programs more secure or more insecure.

This book is an excellent contribution to the third category. It explains how certain ways of programming in C and C++ make programs vulnerable to security attacks. There are many code examples throughout the book illustrating the issues.

Although everything is explained in great detail, the treatment is not superficial. (No background in computer security is required, but the reader should be at least a journeyman C or C++ programmer.) Some of the security holes will surprise readers familiar with the basics of computer security. My favorite example: Many programmers know that the gets() function once was involved with compromising 10% of the computers on the Internet in a single day, but did you know that printf can also be a security flaw in some cases? The statement:
printf(s);
can allow an attacker to run any code of his choosing if s is a string provided by the attacker. Even more surprising is the printf attack has been used successfully on popular programs.

This book should be read by any programmer who does I/O across a network, or who writes applications that provide a captive environment for their users (data entry stations, information kiosks), or who writes programs to manipulate sensitive data. Even programmers merely curious about security issues will find this book a readable treatment. I guess the Black Hats can read the book to get more ideas for future attacks.

I can personally vouch for Seacord's expertise. He is a security analyst as the Computer Emergency Response Team/Coordination Center, and I've worked with him on the ANSI/ISO C Programming Language Standards Committee. I've found his information on computer security both educational and valuable.
[...]
9 von 9 Kunden fanden die folgende Rezension hilfreich
disturbing issues 23. Oktober 2005
Von W Boudville - Veröffentlicht auf Amazon.com
Format: Taschenbuch
Seacord gives an unsettling walkthrough of vulnerabilities present in much of C and C++ coding. Buffer overflows take up a significant portion of the discussion. Which leads into considering how these can be introduced into unwary code. Consider C. The common string functions of strcpy, strcat, gets, streadd() and others are shown to be very exposed to error or attack. C++ also has similar drawbacks.

The text explains that much of these trace back to some bad usages. Strings are defined to be null terminated. And bounds checking is often not done. While this is often true of code that the programmer writes, it is also true of various common C library functions, like those mentioned above. In fact, Seacord goes so far as to emphatically assert that gets() should never be used in your code. Instead, he suggests fgets() or gets_s().

Seacord also covers other topics, like dynamic memory management, which might have vulnerable heaps. Various 3rd party analysis tools are suggested, to find these errors.

Overall, the book can be quite disturbing, if you are maintaining a large body of C or C++ code. Might make you want to delve in and replace those gets(), at the very least.

While the text doesn't mention this, it turns out that recent languages like Java and C# have far more robust string handling abilities. They were written after the above flaws in C and C++ become apparent.
7 von 8 Kunden fanden die folgende Rezension hilfreich
The best how-to security book 5. Juli 2007
Von Charles Bradley - Veröffentlicht auf Amazon.com
Format: Taschenbuch
This is an important book for people that write computer programs and their managers.
It is also very well organized and well written. Seacord reveals how the bad guys take
advantage of bugs in programs to break into a system or damage it. It is the most
complete list of exploitable bug types that I am aware of.

Many examples are given, naming software that have been exploited by bad guys. Some
may protest that this provides the bad guys with a list of easy targets. All of the
vulnerable software has been updated to fix the bug, and the improved version has been
available for a long time.

Everyone that writes software intended to be used by someone else should read this book.
Every organization that writes software should have a copy.

Most of the security flaws are buffer overflows. Secord shows how, from the simple use of
gets() through mistakes triggered by subtle differences in the rules for signed and unsigned
integers of various sizes. There are other ways, and some are quite subtle, but still
preventable. The bad guys are not Jay Leno's "Dumb crooks."

The primary way to frustrate the bad guys is to not have any of the bugs they exploit.
Seacord admits zero bugs is an elusive goal and recommends defense in depth by the use of
various freeware or commercial packages intended to trap or prevent certain errors.
He lists and describes many, with their strengths and weaknesses.

Read this book and make your code better. Read it again, next year.

The following are my opinions, based on over 40 years writing software, but I doubt
Seacord would disagree. Every security bug is also a bug that can cause a crash or a
wrong output from a program. The major cause of fewer bugs is the attitude of the
programmer. Managers can affect the attitude of the programmers by their choice of
questions. Do not ask "Is it done yet?" Instead try approaches like: "Tell me about how
you validated the inputs and how you identified all the inputs." "Who reviewed your test
cases?" "How did you decide you had tested enough?" The fewer bugs of any kind in your
product, the less likely the bad guys are going to target it, other things being equal.
4 von 5 Kunden fanden die folgende Rezension hilfreich
Excellent resource! 22. November 2006
Von John McDonald - Veröffentlicht auf Amazon.com
Format: Taschenbuch
This book slipped under my radar, but I recently picked it up and was quite impressed.

This book is fairly unique in that it is accessible and well-written, yet, at the same time, unabashedly technical. It's quite simply a very good book, and it should prove valuable to readers new to software security, as well as experienced security consultants and vulnerability researchers.

I know the problem domain intimately, and was quite impressed at the level of thoroughness and the technical depth of the coverage. This book isn't merely a well-written exploration of known insecure programming idioms and attack techniques; there's actually a considerable amount of original research and material that you won't find elsewhere. Specifically, the coverage of integer issues goes above and beyond what has been previously written, and it's incredibly topical given the current trends in vulnerability research. Seacord's mastery of the C language and his ability to distill the practical rules of thumb out of the somewhat fragmented C standards really results in an excellent resource.
6 von 8 Kunden fanden die folgende Rezension hilfreich
Great Book 13. Oktober 2005
Von T. Anderson - Veröffentlicht auf Amazon.com
Format: Taschenbuch
This book is not only solid in the technical coverage it gives. It also gives a great overview of security concerns, history of how we got where we are, the types of threats and flaws that exist, who needs to be concerned, and what your role's responsibilities are in the security picture.

The technical advice is thorough and explained in a way that makes for a very interesting read. In other words, the author has a great style of writing.

This is must read for C++ and C developers, but I would also recommend it for any programmer or architect of any language.
Waren diese Rezensionen hilfreich? Wir wollen von Ihnen hören.