Secure Programming Cookbook for C and C++ und über 1,5 Millionen weitere Bücher verfügbar für Amazon Kindle. Erfahren Sie mehr

Neu kaufen

oder
Loggen Sie sich ein, um 1-Click® einzuschalten.
oder
Mit kostenloser Probeteilnahme bei Amazon Prime. Melden Sie sich während des Bestellvorgangs an.
Gebraucht kaufen
Gebraucht - Sehr gut Informationen anzeigen
Preis: EUR 33,82

oder
 
   
Jetzt eintauschen
und EUR 8,45 Gutschein erhalten
Eintausch
Alle Angebote
Möchten Sie verkaufen? Hier verkaufen
Jeder kann Kindle Bücher lesen  selbst ohne ein Kindle-Gerät  mit der KOSTENFREIEN Kindle App für Smartphones, Tablets und Computer.
Beginnen Sie mit dem Lesen von Secure Programming Cookbook for C and C++ auf Ihrem Kindle in weniger als einer Minute.

Sie haben keinen Kindle? Hier kaufen oder eine gratis Kindle Lese-App herunterladen.

Secure Programming Cookbook for C and C++ (Classique Us) [Englisch] [Taschenbuch]

John Viega , Matt Messier
4.0 von 5 Sternen  Alle Rezensionen anzeigen (1 Kundenrezension)
Preis: EUR 73,39 kostenlose Lieferung Siehe Details.
  Alle Preisangaben inkl. MwSt.
o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o
Nur noch 5 auf Lager (mehr ist unterwegs).
Verkauf und Versand durch Amazon. Geschenkverpackung verfügbar.
Lieferung bis Mittwoch, 5. August: Wählen Sie an der Kasse Morning-Express. Siehe Details.
‹  Zurück zur Artikelübersicht

Inhaltsverzeichnis

Foreword Preface 1. Safe Initialization 1.1 Sanitizing the Environment 1.2 Restricting Privileges on Windows 1.3 Dropping Privileges in setuid Programs 1.4 Limiting Risk with Privilege Separation 1.5 Managing File Descriptors Safely 1.6 Creating a Child Process Securely 1.7 Executing External Programs Securely 1.8 Executing External Programs Securely 1.9 Disabling Memory Dumps in the Event of a Crash 2. Access Control 2.1 Understanding the Unix Access Control Model 2.2 Understanding the Windows Access Control Model 2.3 Determining Whether a User Has Access to a File on Unix 2.4 Determining Whether a Directory Is Secure 2.5 Erasing Files Securely 2.6 Accessing File Information Securely 2.7 Restricting Access Permissions for New Files on Unix 2.8 Locking Files 2.9 Synchronizing Resource Access Across Processes on Unix 2.10 Synchronizing Resource Access Across Processes on Windows 2.11 Creating Files for Temporary Use 2.12 Restricting Filesystem Access on Unix 2.13 Restricting Filesystem and Network Access on FreeBSD 3. Input Validation 3.1 Understanding Basic Data Validation Techniques 3.2 Preventing Attacks on Formatting Functions 3.3 Preventing Buffer Overflows 3.4 Using the SafeStr Library 3.5 Preventing Integer Coercion and Wrap-Around Problems 3.6 Using Environment Variables Securely 3.7 Validating Filenames and Paths 3.8 Evaluating URL Encodings 3.9 Validating Email Addresses 3.10 Preventing Cross-Site Scripting 3.11 Preventing SQL Injection Attacks 3.12 Detecting Illegal UTF-8 Characters 3.13 Preventing File Descriptor Overflows When Using select( ) 4. Symmetric Cryptography Fundamentals 4.1 Representing Keys for Use in Cryptographic Algorithms 4.2 Generating Random Symmetric Keys 4.3 Representing Binary Keys (or Other Raw Data) as Hexadecimal 4.4 Turning ASCII Hex Keys (or Other ASCII Hex Data) into Binary 4.5 Performing Base64 Encoding 4.6 Performing Base64 Decoding 4.7 Representing Keys (or Other Binary Data) as English Text 4.8 Converting Text Keys to Binary Keys 4.9 Using Salts, Nonces, and Initialization Vectors 4.10 Deriving Symmetric Keys from a Password 4.11 Algorithmically Generating Symmetric Keys from One Base Secret 4.12 Encrypting in a Single Reduced Character Set 4.13 Managing Key Material Securely 4.14 Timing Cryptographic Primitives 5. Symmetric Encryption 5.1 Deciding Whether to Use Multiple Encryption Algorithms 5.2 Figuring Out Which Encryption Algorithm Is Best 5.3 Selecting an Appropriate Key Length 5.4 Selecting a Cipher Mode 5.5 Using a Raw Block Cipher 5.6 Using a Generic CBC Mode Implementation 5.7 Using a Generic CFB Mode Implementation 5.8 Using a Generic OFB Mode Implementation 5.9 Using a Generic CTR Mode Implementation 5.10 Using CWC Mode 5.11 Manually Adding and Checking Cipher Padding 5.12 Precomputing Keystream in OFB, CTR, CCM, or CWC Modes (or with Stream Ciphers) 5.13 Parallelizing Encryption and Decryption in Modes That Allow It (Without Breaking Compatibility) 5.14 Parallelizing Encryption and Decryption in Arbitrary Modes (Breaking Compatibility) 5.15 Performing File or Disk Encryption 5.16 Using a High-Level, Error-Resistant Encryption and Decryption API 5.17 Performing Block Cipher Setup (for CBC, CFB, OFB, and ECB Modes) in OpenSSL 5.18 Using Variable Key-Length Ciphers in OpenSSL 5.19 Disabling Cipher Padding in OpenSSL in CBC Mode 5.20 Performing Additional Cipher Setup in OpenSSL 5.21 Querying Cipher Configuration Properties in OpenSSL 5.22 Performing Low-Level Encryption and Decryption with OpenSSL 5.23 Setting Up and Using RC4 5.24 Using One-Time Pads 5.25 Using Symmetric Encryption with Microsoft's CryptoAPI 5.26 Creating a CryptoAPI Key Object from Raw Key Data 5.27 Extracting Raw Key Data from a CryptoAPI Key Object 6. Hashes and Message Authentication 6.1 Understanding the Basics of Hashes and MACs 6.2 Deciding Whether to Support Multiple Message Digests or MACs 6.3 Choosing a Cryptographic Hash Algorithm 6.4 Choosing a Message Authentication Code 6.5 Incrementally Hashing Data 6.6 Hashing a Single String 6.7 Using a Cryptographic Hash 6.8 Using a Nonce to Protect Against Birthday Attacks 6.9 Checking Message Integrity 6.10 Using HMAC 6.11 Using OMAC (a Simple Block Cipher-Based MAC) 6.12 Using HMAC or OMAC with a Nonce 6.13 Using a MAC That's Reasonably Fast in Software and Hardware 6.14 Using a MAC That's Optimized for Software Speed 6.15 Constructing a Hash Function from a Block Cipher 6.16 Using a Block Cipher to Build a Full-Strength Hash Function 6.17 Using Smaller MAC Tags 6.18 Making Encryption and Message Integrity Work Together 6.19 Making Your Own MAC 6.20 Encrypting with a Hash Function 6.21 Securely Authenticating a MAC (Thwarting Capture Replay Attacks) 6.22 Parallelizing MACs 7. Public Key Cryptography 7.1 Determining When to Use Public Key Cryptography 7.2 Selecting a Public Key Algorithm 7.3 Selecting Public Key Sizes 7.4 Manipulating Big Numbers 7.5 Generating a Prime Number (Testing for Primality) 7.6 Generating an RSA Key Pair 7.7 Disentangling the Public and Private Keys in OpenSSL 7.8 Converting Binary Strings to Integers for Use with RSA 7.9 Converting Integers into Binary Strings for Use with RSA 7.10 Performing Raw Encryption with an RSA Public Key 7.11 Performing Raw Decryption Using an RSA Private Key 7.12 Signing Data Using an RSA Private Key 7.13 Verifying Signed Data Using an RSA Public Key 7.14 Securely Signing and Encrypting with RSA 7.15 Using the Digital Signature Algorithm (DSA) 7.16 Representing Public Keys and Certificates in Binary (DER Encoding) 7.17 Representing Keys and Certificates in Plaintext (PEM Encoding) 8. Authentication and Key Exchange 8.1 Choosing an Authentication Method 8.2 Getting User and Group Information on Unix 8.3 Getting User and Group Information on Windows 8.4 Restricting Access Based on Hostname or IP Address 8.5 Generating Random Passwords and Passphrases 8.6 Testing the Strength of Passwords 8.7 Prompting for a Password 8.8 Throttling Failed Authentication Attempts 8.9 Performing Password-Based Authentication with crypt( ) 8.10 Performing Password-Based Authentication with MD5-MCF 8.11 Performing Password-Based Authentication with PBKDF2 8.12 Authenticating with PAM 8.13 Authenticating with Kerberos 8.14 Authenticating with HTTP Cookies 8.15 Performing Password-Based Authentication and Key Exchange 8.16 Performing Authenticated Key Exchange Using RSA 8.17 Using Basic Diffie-Hellman Key Agreement 8.18 Using Diffie-Hellman and DSA Together 8.19 Minimizing the Window of Vulnerability When Authenticating Without a PKI 8.20 Providing Forward Secrecy in a Symmetric System 8.21 Ensuring Forward Secrecy in a Public Key System 8.22 Confirming Requests via Email 9. Networking 9.1 Creating an SSL Client 9.2 Creating an SSL Server 9.3 Using Session Caching to Make SSL Servers More Efficient 9.4 Securing Web Communication on Windows Using the WinInet API 9.5 Enabling SSL without Modifying Source Code 9.6 Using Kerberos Encryption 9.7 Performing Interprocess Communication Using Sockets 9.8 Performing Authentication with Unix Domain Sockets 9.9 Performing Session ID Management 9.10 Securing Database Connections 9.11 Using a Virtual Private Network to Secure Network Connections 9.12 Building an Authenticated Secure Channel Without SSL 10. Public Key Infrastructure 10.1 Understanding Public Key Infrastructure (PKI) 10.2 Obtaining a Certificate 10.3 Using Root Certificates 10.4 Understanding X.509 Certificate erification Methodology 10.5 Performing X.509 Certificate Verification with OpenSSL 10.6 Performing X.509 Certificate Verification with CryptoAPI 10.7 Verifying an SSL Peer's Certificate 10.8 Adding Hostname Checking to Certificate erification 10.9 Using a Whitelist to Verify Certificates 10.10 Obtaining Certificate Revocation Lists with OpenSSL 10.11 Obtaining CRLs with CryptoAPI 10.12 Checking Revocation Status via OCSP with OpenSSL 11. Random Numbers 11.1 Determining What Kind of Random Numbers to Use 11.2 Using a Generic API for Randomness and Entropy 11.3 Using the Standard Unix Randomness Infrastructure 11.4 Using the Standard Windows Randomness Infrastructure 11.5 Using an Application-Level Generator 11.6 Reseeding a Pseudo-Random Number Generator 11.7 Using an Entropy Gathering Daemon-Compatible Solution 11.8 Getting Entropy or Pseudo-Randomness Using EGADS 11.9 Using the OpenSSL Random Number API 11.10 Getting Random Integers 11.11 Getting a Random Integer in a Range 11.12 Getting a Random Floating-Point Value with Uniform Distribution 11.13 Getting Floating-Point Values with Nonuniform Distributions 11.14 Getting a Random Printable ASCII String 11.15 Shuffling Fairly 11.16 Compressing Data with Entropy into a Fixed-Size Seed 11.17 Getting Entropy at Startup 11.18 Statistically Testing Random Numbers 11.19 Performing Entropy Estimation and Management 11.20 Gathering Entropy from the Keyboard 11.21 Gathering Entropy from Mouse Events on Windows 11.22 Gathering Entropy from Thread Timings 11.23 Gathering Entropy from System State 12. Anti-Tampering 12.1 Understanding the Problem of Software Protection 12.2 Detecting Modification 12.3 Obfuscating Code 12.4 Performing Bit and Byte Obfuscation 12.5 Performing Constant Transforms on Variables 12.6 Merging Scalar Variables 12.7 Splitting Variables 12.8 Disguising Boolean Values 12.9 Using Function Pointers 12.10 Restructuring Arrays 12.11 Hiding Strings 12.12 Detecting Debuggers 12.13 Detecting Unix Debuggers 12.14 Detecting Windows Debuggers 12.15 Detecting SoftICE 12.16 Countering Disassembly 12.17 Using Self-Modifying Code 13. Other Topics 13.1 Performing Error Handling 13.2 Erasing Data from Memory Securely 13.3 Preventing Memory from Being Paged to Disk 13.4 Using Variable Arguments Properly 13.5 Performing Proper Signal Handling 13.6 Protecting against Shatter Attacks on Windows ...

‹  Zurück zur Artikelübersicht