Secure Coding in C and C++ und über 1,5 Millionen weitere Bücher verfügbar für Amazon Kindle. Erfahren Sie mehr

Möchten Sie verkaufen? Hier verkaufen
Der Artikel ist in folgender Variante leider nicht verfügbar
Keine Abbildung vorhanden für
Farbe:
Keine Abbildung vorhanden

 
Beginnen Sie mit dem Lesen von Secure Coding in C and C++ auf Ihrem Kindle in weniger als einer Minute.

Sie haben keinen Kindle? Hier kaufen oder eine gratis Kindle Lese-App herunterladen.

Secure Coding in C and C++ [Englisch] [Taschenbuch]

Robert C. Seacord
4.5 von 5 Sternen  Alle Rezensionen anzeigen (2 Kundenrezensionen)

Erhältlich bei diesen Anbietern.


Weitere Ausgaben

Amazon-Preis Neu ab Gebraucht ab
Kindle Edition EUR 22,39  
Taschenbuch EUR 36,95  
Taschenbuch, 2005 --  

Hinweise und Aktionen

  • Sichern Sie Ihre Daten kostengünstig und sicher im europäischen Amazon Web-Services-Rechenzentrum. So einfach geht‘s


Kunden, die diesen Artikel angesehen haben, haben auch angesehen


Produktinformation

  • Taschenbuch: 368 Seiten
  • Verlag: Pearson; Auflage: 1st (2005)
  • Sprache: Englisch
  • ISBN-10: 8131705943
  • ISBN-13: 978-8131705940
  • Durchschnittliche Kundenbewertung: 4.5 von 5 Sternen  Alle Rezensionen anzeigen (2 Kundenrezensionen)
  • Amazon Bestseller-Rang: Nr. 6.432.374 in Bücher (Siehe Top 100 in Bücher)
  • Komplettes Inhaltsverzeichnis ansehen

Mehr über den Autor

Entdecken Sie Bücher, lesen Sie über Autoren und mehr

Produktbeschreibungen

Secure Coding in C and C++ provides practical advice on safe practices in C and C++ programming. Producing secure programs requires secure designs. However, even the best designs can lead to insecure programs if developers are unaware of the many security pitfalls inherent in C and C++ programming. This book provides a detailed explanation of common programming errors in C and C++ and describes how these errors can lead to code that is vulnerable to exploitation. In particular, this book concentrates on security issues intrinsic to the C and C++ programming languages and associated libraries. The intent is that this book be useful to anyone involved in developing secure C and C++ programs regardless of the specific application. **By targeting the C/C++ languages, this book focuses on the largest pie of developers. There are specific pieces of information that can also help people in other roles such as system analysis and project management. The content of this book can also serve as a very good reference for programming courses at various universities. Contents same as US/UK editions.

Welche anderen Artikel kaufen Kunden, nachdem sie diesen Artikel angesehen haben?


Kundenrezensionen

3 Sterne
0
2 Sterne
0
1 Sterne
0
4.5 von 5 Sternen
4.5 von 5 Sternen
Die hilfreichsten Kundenrezensionen
3 von 3 Kunden fanden die folgende Rezension hilfreich
4.0 von 5 Sternen Helpful 3. März 2006
Von Roax
Format:Taschenbuch|Verifizierter Kauf
The book aims to give an overview of programming errors that lead to possibly exploitable software defects. Some of these are errors you'd think only an amateur wouldn't avoid, others exploits are only possible due to complex combinations of compiler- or platform-specific behaviour and seemingly minor oversights. Each of the chapters is written by a different author, so they vary in quality and sometimes, as a programmer, you might be tempted to skip passages, because you just don't use the techniques described (good for you). But if you've got to review or refactor code you might come upon these techniques sooner or later, so it might be good to know about them anyway.
Examples and code fragments are understandable; as some of the techniques used in exploiting software defects are quite advanced magic it may sometimes necessary to reread sections.
War diese Rezension für Sie hilfreich?
0 von 1 Kunden fanden die folgende Rezension hilfreich
5.0 von 5 Sternen Höchst brauchbar! 10. Oktober 2008
Format:Taschenbuch
Sehr detailliert und anschaulich beschäftigt sich der Autor mit den Fallen, welche die Sprachen C und C++ für die Programmierer so bereit halten.

Zahlreiche Beispiele machen Probleme wie "buffer overflow", "arc injection" oder "integer security" anschaulich - zumindest für den Programmierer. Ams Lehrbuch und zum Selbststudium sehr empfehlenswert.
War diese Rezension für Sie hilfreich?
Die hilfreichsten Kundenrezensionen auf Amazon.com (beta)
Amazon.com: 4.7 von 5 Sternen  10 Rezensionen
27 von 28 Kunden fanden die folgende Rezension hilfreich
5.0 von 5 Sternen A book for programmers 8. November 2005
Von R. Meyers - Veröffentlicht auf Amazon.com
Format:Taschenbuch
There seem to be three categories of computer security books. The first category is books written for system administrators or computer owners, and explains how to protect the computers under their control. The second category is the "true crime" genre that recounts the exploits of black hat hackers or explains the hacker culture (sometimes as "how-to" books for non-programmers). The third, and rarest, category is books for professional programmers that explain the coding idioms that make programs more secure or more insecure.

This book is an excellent contribution to the third category. It explains how certain ways of programming in C and C++ make programs vulnerable to security attacks. There are many code examples throughout the book illustrating the issues.

Although everything is explained in great detail, the treatment is not superficial. (No background in computer security is required, but the reader should be at least a journeyman C or C++ programmer.) Some of the security holes will surprise readers familiar with the basics of computer security. My favorite example: Many programmers know that the gets() function once was involved with compromising 10% of the computers on the Internet in a single day, but did you know that printf can also be a security flaw in some cases? The statement:
printf(s);
can allow an attacker to run any code of his choosing if s is a string provided by the attacker. Even more surprising is the printf attack has been used successfully on popular programs.

This book should be read by any programmer who does I/O across a network, or who writes applications that provide a captive environment for their users (data entry stations, information kiosks), or who writes programs to manipulate sensitive data. Even programmers merely curious about security issues will find this book a readable treatment. I guess the Black Hats can read the book to get more ideas for future attacks.

I can personally vouch for Seacord's expertise. He is a security analyst as the Computer Emergency Response Team/Coordination Center, and I've worked with him on the ANSI/ISO C Programming Language Standards Committee. I've found his information on computer security both educational and valuable.
[...]
9 von 9 Kunden fanden die folgende Rezension hilfreich
5.0 von 5 Sternen disturbing issues 23. Oktober 2005
Von W Boudville - Veröffentlicht auf Amazon.com
Format:Taschenbuch
Seacord gives an unsettling walkthrough of vulnerabilities present in much of C and C++ coding. Buffer overflows take up a significant portion of the discussion. Which leads into considering how these can be introduced into unwary code. Consider C. The common string functions of strcpy, strcat, gets, streadd() and others are shown to be very exposed to error or attack. C++ also has similar drawbacks.

The text explains that much of these trace back to some bad usages. Strings are defined to be null terminated. And bounds checking is often not done. While this is often true of code that the programmer writes, it is also true of various common C library functions, like those mentioned above. In fact, Seacord goes so far as to emphatically assert that gets() should never be used in your code. Instead, he suggests fgets() or gets_s().

Seacord also covers other topics, like dynamic memory management, which might have vulnerable heaps. Various 3rd party analysis tools are suggested, to find these errors.

Overall, the book can be quite disturbing, if you are maintaining a large body of C or C++ code. Might make you want to delve in and replace those gets(), at the very least.

While the text doesn't mention this, it turns out that recent languages like Java and C# have far more robust string handling abilities. They were written after the above flaws in C and C++ become apparent.
6 von 7 Kunden fanden die folgende Rezension hilfreich
5.0 von 5 Sternen The best how-to security book 5. Juli 2007
Von Charles Bradley - Veröffentlicht auf Amazon.com
Format:Taschenbuch
This is an important book for people that write computer programs and their managers.
It is also very well organized and well written. Seacord reveals how the bad guys take
advantage of bugs in programs to break into a system or damage it. It is the most
complete list of exploitable bug types that I am aware of.

Many examples are given, naming software that have been exploited by bad guys. Some
may protest that this provides the bad guys with a list of easy targets. All of the
vulnerable software has been updated to fix the bug, and the improved version has been
available for a long time.

Everyone that writes software intended to be used by someone else should read this book.
Every organization that writes software should have a copy.

Most of the security flaws are buffer overflows. Secord shows how, from the simple use of
gets() through mistakes triggered by subtle differences in the rules for signed and unsigned
integers of various sizes. There are other ways, and some are quite subtle, but still
preventable. The bad guys are not Jay Leno's "Dumb crooks."

The primary way to frustrate the bad guys is to not have any of the bugs they exploit.
Seacord admits zero bugs is an elusive goal and recommends defense in depth by the use of
various freeware or commercial packages intended to trap or prevent certain errors.
He lists and describes many, with their strengths and weaknesses.

Read this book and make your code better. Read it again, next year.

The following are my opinions, based on over 40 years writing software, but I doubt
Seacord would disagree. Every security bug is also a bug that can cause a crash or a
wrong output from a program. The major cause of fewer bugs is the attitude of the
programmer. Managers can affect the attitude of the programmers by their choice of
questions. Do not ask "Is it done yet?" Instead try approaches like: "Tell me about how
you validated the inputs and how you identified all the inputs." "Who reviewed your test
cases?" "How did you decide you had tested enough?" The fewer bugs of any kind in your
product, the less likely the bad guys are going to target it, other things being equal.
6 von 8 Kunden fanden die folgende Rezension hilfreich
5.0 von 5 Sternen Great Book 13. Oktober 2005
Von T. Anderson - Veröffentlicht auf Amazon.com
Format:Taschenbuch
This book is not only solid in the technical coverage it gives. It also gives a great overview of security concerns, history of how we got where we are, the types of threats and flaws that exist, who needs to be concerned, and what your role's responsibilities are in the security picture.

The technical advice is thorough and explained in a way that makes for a very interesting read. In other words, the author has a great style of writing.

This is must read for C++ and C developers, but I would also recommend it for any programmer or architect of any language.
4 von 5 Kunden fanden die folgende Rezension hilfreich
5.0 von 5 Sternen Excellent resource! 22. November 2006
Von John McDonald - Veröffentlicht auf Amazon.com
Format:Taschenbuch
This book slipped under my radar, but I recently picked it up and was quite impressed.

This book is fairly unique in that it is accessible and well-written, yet, at the same time, unabashedly technical. It's quite simply a very good book, and it should prove valuable to readers new to software security, as well as experienced security consultants and vulnerability researchers.

I know the problem domain intimately, and was quite impressed at the level of thoroughness and the technical depth of the coverage. This book isn't merely a well-written exploration of known insecure programming idioms and attack techniques; there's actually a considerable amount of original research and material that you won't find elsewhere. Specifically, the coverage of integer issues goes above and beyond what has been previously written, and it's incredibly topical given the current trends in vulnerability research. Seacord's mastery of the C language and his ability to distill the practical rules of thumb out of the somewhat fragmented C standards really results in an excellent resource.
Waren diese Rezensionen hilfreich?   Wir wollen von Ihnen hören.
Kundenrezensionen suchen
Nur in den Rezensionen zu diesem Produkt suchen

Kunden diskutieren

Das Forum zu diesem Produkt
Diskussion Antworten Jüngster Beitrag
Noch keine Diskussionen

Fragen stellen, Meinungen austauschen, Einblicke gewinnen
Neue Diskussion starten
Thema:
Erster Beitrag:
Eingabe des Log-ins
 

Kundendiskussionen durchsuchen
Alle Amazon-Diskussionen durchsuchen
   


Ähnliche Artikel finden


Ihr Kommentar