In weniger als einer Minute können Sie mit dem Lesen von Secure Programming Cookbook for C and C++ auf Ihrem Kindle beginnen. Sie haben noch keinen Kindle? Hier kaufen Oder fangen Sie mit einer unserer gratis Kindle Lese-Apps sofort an zu lesen.

An Ihren Kindle oder ein anderes Gerät senden

 
 
 

Kostenlos testen

Jetzt kostenlos reinlesen

An Ihren Kindle oder ein anderes Gerät senden

Jeder kann Kindle Bücher lesen  selbst ohne ein Kindle-Gerät  mit der KOSTENFREIEN Kindle App für Smartphones, Tablets und Computer.
Secure Programming Cookbook for C and C++: Recipes for Cryptography, Authentication, Input Validation & More
 
 

Secure Programming Cookbook for C and C++: Recipes for Cryptography, Authentication, Input Validation & More [Kindle Edition]

John Viega , Matt Messier
4.0 von 5 Sternen  Alle Rezensionen anzeigen (1 Kundenrezension)

Kindle-Preis: EUR 32,44 Inkl. MwSt. und kostenloser drahtloser Lieferung über Amazon Whispernet

Weitere Ausgaben

Amazon-Preis Neu ab Gebraucht ab
Kindle Edition EUR 32,44  
Taschenbuch EUR 55,80  


Produktbeschreibungen

Pressestimmen

"This is a book that's long overdue and makes for an interesting and deeply technical read on a topic that we should all core about more. Yes, it's limited to C and C++ readers, but with the majority of key applications being written in these languages that's where the biggest benefit can be had - give the sample chapter a read, and you'll soon be on your way to the books store to buy the rest of it." "A powerful and initially somewhat scary book that will quickly get you thinking about security while you program - as opposed to as an afterthought." - Paul Hudson, LinuxFormat, Christmas 03 - Rating 10/10 - Top Stuff Award

Kurzbeschreibung

Password sniffing, spoofing, buffer overflows, and denial of service: these are only a few of the attacks on today's computer systems and networks. At the root of this epidemic is poorly written, poorly tested, and insecure code that puts everyone at risk. Clearly, today's developers need help figuring out how to write code that attackers won't be able to exploit. But writing such code is surprisingly difficult.

Secure Programming Cookbook for C and C++ is an important new resource for developers serious about writing secure code. It contains a wealth of solutions to problems faced by those who care about the security of their applications. It covers a wide range of topics, including safe initialization, access control, input validation, symmetric and public key cryptography, cryptographic hashes and MACs, authentication and key exchange, PKI, random numbers, and anti-tampering. The rich set of code samples provided in the book's more than 200 recipes will help programmers secure the C and C++ programs they write for both Unix® (including Linux®) and Windows® environments. Readers will learn:

  • How to avoid common programming errors, such as buffer overflows, race conditions, and format string problems
  • How to properly SSL-enable applications
  • How to create secure channels for client-server communication without SSL
  • How to integrate Public Key Infrastructure (PKI) into applications
  • Best practices for using cryptography properly
  • Techniques and strategies for properly validating input to programs
  • How to launch programs securely
  • How to use file access mechanisms properly
  • Techniques for protecting applications from reverse engineering
The book's web site supplements the book by providing a place to post new recipes, including those written in additional languages like Perl, Java, and Python. Monthly prizes will reward the best recipes submitted by readers.

Secure Programming Cookbook for C and C++ is destined to become an essential part of any developer's library, a code companion developers will turn to again and again as they seek to protect their systems from attackers and reduce the risks they face in today's dangerous world.

Produktinformation

  • Format: Kindle Edition
  • Dateigröße: 1555 KB
  • Seitenzahl der Print-Ausgabe: 792 Seiten
  • Gleichzeitige Verwendung von Geräten: Keine Einschränkung
  • Verlag: O'Reilly Media; Auflage: 1 (9. Februar 2009)
  • Verkauf durch: Amazon Media EU S.à r.l.
  • Sprache: Englisch
  • ASIN: B0043EWU16
  • Text-to-Speech (Vorlesemodus): Aktiviert
  • X-Ray:
  • Durchschnittliche Kundenbewertung: 4.0 von 5 Sternen  Alle Rezensionen anzeigen (1 Kundenrezension)
  • Amazon Bestseller-Rang: #290.443 Bezahlt in Kindle-Shop (Siehe Top 100 Bezahlt in Kindle-Shop)

  •  Ist der Verkauf dieses Produkts für Sie nicht akzeptabel?

Mehr über den Autor

Entdecken Sie Bücher, lesen Sie über Autoren und mehr

Kundenrezensionen

5 Sterne
0
3 Sterne
0
2 Sterne
0
1 Sterne
0
4.0 von 5 Sternen
4.0 von 5 Sternen
Die hilfreichsten Kundenrezensionen
4 von 4 Kunden fanden die folgende Rezension hilfreich
4.0 von 5 Sternen Nice book - if you need it! 4. Dezember 2005
Format:Taschenbuch
Ich bespreche heute das Buch "Secure Programming Cookbook for C and C++" von John Viega und Matt Messier, und zwar in der englischen Ausgabe. Es trägt den bezeichnenden Untertitel "Recipes for Cryptography, Authentication, Networking, Input Validation & More", und das kann man ziemlich genau so auch als kurze Inhaltsangabe durchgehen lassen.
Es enthält jede Menge kurze oder auch teilweise nicht so kurze Anleitungen darüber, wie man häufig auftretende Probleme aus den oben genannten Bereichen in C und C++ möglichst sicher löst. Beispiele für solche Anleitungen sind:
- wie erstelle ich einen SSL-Client (und wie mache ich ihn schneller)
- wie verhindere ich Pufferüberläufe
- wie finde ich heraus, welchen Verschlüsselungsalgorithmus ich verwenden sollte
Die Anleitungen sind meißtens in sich abgeschlossen, stimmig und kratzen wie ich finde auch nicht nur an der Oberfläche des Problems. Um zu beurteilen, wie sicher die angeboten Lösungen tatsächlich sind fehlt mir allerdings das nötige Expertenwissen, zumindest sind mir keine offensichtlichen Fehler aufgefallen. Häufig gibt es Verweise auf fertige Bibliotheken, die das Problem bereits lösen, was ich persönlich oft nützlicher finde als eine extensive Besprechung einer eigenen Implementierung.
Die Authoren haben versucht, sowohl Windows als auch Linux unter einen Hut zu bringen, was ihnen wie ich finde auch recht gut gelingt. Zum Ende möchte ich noch eine Empfehlung zum Kauf des Buches abgeben: Dies ist kein Buch für jeden C / C++ - Programmierer, insbesondere angesichts des nicht ganz kleinen Preises (aber das sind wir von Fachbüchern ja gewohnt, oder?).
Lesen Sie weiter... ›
War diese Rezension für Sie hilfreich?
Die hilfreichsten Kundenrezensionen auf Amazon.com (beta)
Amazon.com: 4.2 von 5 Sternen  12 Rezensionen
16 von 17 Kunden fanden die folgende Rezension hilfreich
5.0 von 5 Sternen Bought it for one reason but ended up using it. 16. Oktober 2003
Von "lucincia" - Veröffentlicht auf Amazon.com
Format:Taschenbuch
To be truthful, I bought this book because the "gang" I hang out with is mentioned in the Acknowledgments section of the book. That was the ONLY reason when I sent money to Amazon.Com and purchased it for the dusty collection on my bookshelf.
But, when I got it and chuckled over the Acknowledgements section, I started to mindlessly flip through the book. Mindless page flipping soon turned to semi-conscious scanning. Semi-conscious scanning soon turned to serious reading. I find myself reading the book more and more, jumping back and forth between sections I find interesting and useful.
As a Windows C++ programmer for in-house tools, I do not dwell much on secure programming concepts. Yes, this is very, very bad way to program, so those of you reading this review should not try it at home. This book has shown the errors of my ways, revealed security issues that I have overlooked by accident or on purpose and gave concepts and examples that I can apply in my projects.
This book is one reference that I will be going back over and over again. The authors and editors have done a wonderful job to make the reading flow nice and easy. It is also very well laid out by stating the problem you may encounter, followed by a solution and then detailed discussion section with code samples.
For any C/C++ programmer making software to be used by more than one person, this reference book is a must.
You can still read the Acknowledgments and marvel at my name on there, of course.
17 von 19 Kunden fanden die folgende Rezension hilfreich
5.0 von 5 Sternen Voluminous and comprehensive 17. August 2003
Von W Boudville - Veröffentlicht auf Amazon.com
Format:Taschenbuch
If you are interested in encryption, you should probably get Bruce Schneier's Applied Cryptography, which is generally considered the standard summary of the field. But suppose you actually want to use some of the symmetric key or public key methods he describes? If you want to code from scratch, his book is a good starting point. But if you want to quickly avail yourself of the best existing methods and you don't want to reinvent the wheel by recoding? Also, it can be risky to do that. A mistake made in coding a crypto algorithm might render it insecure. Better to use reviewed, tested code.
If this describes your needs and you code in C or C++, then this book will be invaluable. Extensive code fragments that show how you can interface to existing crypto packages. Very detailed. You won't find theorems or any elegant maths here. No Chinese Remainder Theorem or Fermat's theorems. You have to already know or accept the theoretical underpinnings.
Given this, the book takes you into the nitty gritty of every major publicly available cryptosystem. With up to date assessments of their comparative strengths.
All of the above is aimed at application developers. The book also has sections for sysadmins of both unix and Microsoft operating systems, replete with suggestions on patching and good practice.
Don't be daunted by the book's heft. It is encyclopaedic in scope, and access is reasonably random access. The authors have striven to comprehensively span the field. You don't have to read from start to finish before you can commence using it.
9 von 10 Kunden fanden die folgende Rezension hilfreich
5.0 von 5 Sternen best o'reilly book I've ever purchased 8. August 2003
Von Brian Wotring - Veröffentlicht auf Amazon.com
Format:Taschenbuch
If you develop software, any kind of software, you need this book.
The importance of understanding the security surrounding the development of software is finally being realized. This book provides a complete reference for the secure implementation of common operations that software developers often fail to do correctly.
One of the best things about this book is that it covers so many topics that are often left out of secure programming texts. It is in cookbook format which is really nice for quick reference as well as accommodating readers that have different levels of experience in this area. Both the problem and the solution are explained and real source code is provided leaving the reader with an understanding of the risks, and practical solutions that can be incorporated into their software projects.
The topics that impressed me most were: privilege separation, secure child process creation, executing external processes, safe file and string operations, random number generation, input validation, and the ways to safeguard against many types of attacks. There are also many good tips for safeguarding networked applications. For the more intensive apps, there is in-depth coverage of symmetric and public key crypto, key management, using OpenSSL, and dealing with X.509 certs (including validation techniques).
It's nice to see so much useful information related to secure software development packed into a single resource!
7 von 8 Kunden fanden die folgende Rezension hilfreich
3.0 von 5 Sternen A task-oriented reference guide 16. Oktober 2003
Von Ein Kunde - Veröffentlicht auf Amazon.com
Format:Taschenbuch
This well-written book covers a lot of topics that I have not read in other books.
Its strengths include:
--Good coverage of cryptography programming
--Task-oriented solutions to specific programming problems
--Easy to navigate "cookbook" style ("with recipes" as the authors call them)
However, some areas of improvement might be:
--Could use more coverage of important subjects (buffer overflows, etc.)
--spends a lot of space on narrower examples (like explaining certain APIs that are documented well online)
--Sometimes jumps into material without much background explanation (which was confusing for me)
It is probably not the first book you should read on the subject. This is more of a recipe guide that is useful if you get stuck on coding a particular topic that happens to be covered. The authors have done a good job of explaining what coverage they do and don't include.
7 von 8 Kunden fanden die folgende Rezension hilfreich
5.0 von 5 Sternen A valuable tool on the programmers bookshelf 16. September 2003
Von Dan W. - Veröffentlicht auf Amazon.com
Format:Taschenbuch
There are many books on how to write programs in C and C++, and many people learn to write programs from them. What few (if any) of them tell you is the safe way to develop programs. With the release of Secure Programming Cookbook there is now a wealth of knowledge on the subject in one handy tome.
The examples are clearly written and show clearly how the recipe will help in specific or general situations. There are a lot of solid discussion of input validation, environment handling, string handling, access controls, and cryptography. In fact there was more crypto discussion than I expected, but it's all very good and if not applicable today, hopefully it will be some day.
This book is jam packed with excellent examples and discussion of ways to prevent programs from doing bad, and most of the time unexpected or unplanned, things. The diligent C or C++ programmer should add this as yet another volume on the bookshelf tool chest that is next to their desk. Smart programmers will realize that having this book will only help them in the long run.
Waren diese Rezensionen hilfreich?   Wir wollen von Ihnen hören.
Kundenrezensionen suchen
Nur in den Rezensionen zu diesem Produkt suchen

Kunden diskutieren

Das Forum zu diesem Produkt
Diskussion Antworten Jüngster Beitrag
Noch keine Diskussionen

Fragen stellen, Meinungen austauschen, Einblicke gewinnen
Neue Diskussion starten
Thema:
Erster Beitrag:
Eingabe des Log-ins
 

Kundendiskussionen durchsuchen
Alle Amazon-Diskussionen durchsuchen
   


Ähnliche Artikel finden