𝔖 Scriptorium
✦   LIBER   ✦
📁

Secure coding in C and C¦

✍ Scribed by Seacord, Robert C

Publisher
Addison-Wesley Professional
Year
2013
Tongue
English
Leaves
800
Series
SEI Series in Software Engineering
Edition
2. ed
Category
Library
⬇  Acquire This Volume

No coin nor oath required. For personal study only.

✦ Synopsis

Learn the Root Causes of Software Vulnerabilities and How to Avoid Them Commonly exploited software vulnerabilities are usually caused by avoidable software defects. Having analyzed tens of thousands of vulnerability reports since 1988, CERT has determined that a relatively small number of root causes account for most of the vulnerabilities." ""Secure Coding in C and C++, Second Edition, "identifies and explains these root causes and shows the steps that can be taken to prevent exploitation. Moreover, this book encourages programmers to adopt security best practices and to develop a security mindset that can help protect software from tomorrow's attacks, not just today's. Drawing on the CERT's reports and conclusions, Robert C. Seacord systematically identifies the program errors most likely to lead to security breaches, shows how they can be exploited, reviews the potential consequences, and presents secure alternatives. Coverage includes technical detail on how toImprove the overall security of any C or C++ applicationThwart buffer overflows, stack-smashing, and return-oriented programming attacks that exploit insecure string manipulation logicAvoid vulnerabilities and security flaws resulting from the incorrect use of dynamic memory management functionsEliminate integer-related problems resulting from signed integer overflows, unsigned integer wrapping, and truncation errorsPerform secure I/O, avoiding file system vulnerabilitiesCorrectly use formatted output functions without introducing format-string vulnerabilitiesAvoid race conditions and other exploitable vulnerabilities while developing concurrent code The second edition featuresUpdates for C11 and C++11 Significant revisions to chapters on strings, dynamic memory management, and integer securityA new chapter on concurrencyAccess to the online secure coding course offered through Carnegie Mellon's Open Learning Initiative (OLI)" ""Secure Coding in C and C++, Second Edition, "presents hundreds of examples of secure code, insecure code, and exploits, implemented for Windows and Linux. If you're responsible for creating secure C or C++ software-or for keeping it safe-no other book offers you this much detailed, expert assistance.

✦ Table of Contents

Title Page......Page 2
Copyright Page......Page 3
Dedication Page......Page 6
Contents......Page 7
About Secure Coding in C and C++......Page 17
Audience......Page 19
Organization and Content......Page 20
Acknowledgments......Page 22
About the Author......Page 23
Chapter 1. Running with Scissors......Page 25
1.1. Gauging the Threat......Page 28
1.2. Security Concepts......Page 34
1.3. C and C++......Page 38
1.4. Development Platforms......Page 44
1.6. Further Reading......Page 46
2.1. Character Strings......Page 47
2.2. Common String Manipulation Errors......Page 56
2.3. String Vulnerabilities and Exploits......Page 62
2.4. Mitigation Strategies for Strings......Page 81
2.5. String-Handling Functions......Page 90
2.6. Runtime Protection Strategies......Page 104
2.7. Notable Vulnerabilities......Page 116
2.8. Summary......Page 117
2.9. Further Reading......Page 118
3.1. Data Locations......Page 119
3.2. Function Pointers......Page 120
3.3. Object Pointers......Page 121
3.4. Modifying the Instruction Pointer......Page 122
3.5. Global Offset Table......Page 123
3.6. The .dtors Section......Page 125
3.7. Virtual Pointers......Page 126
3.8. The atexit⠀) and on_exit⠀) Functions......Page 128
3.9. The longjmp⠀) Function......Page 129
3.10. Exception Handling......Page 130
3.11. Mitigation Strategies......Page 133
3.12. Summary......Page 135
3.13. Further Reading......Page 136
4.1. C Memory Management......Page 137
4.2. Common C Memory Management Errors......Page 141
4.3. C++ Dynamic Memory Management......Page 149
4.4. Common C++ Memory Management Errors......Page 157
4.5. Memory Managers......Page 164
4.6. Doug Lea’s Memory Allocator......Page 165
4.7. Double-Free Vulnerabilities......Page 174
4.8. Mitigation Strategies......Page 191
4.9. Notable Vulnerabilities......Page 199
4.10. Summary......Page 201
5.2. Integer Data Types......Page 202
5.3. Integer Conversions......Page 219
5.4. Integer Operations......Page 228
5.5. Integer Vulnerabilities......Page 249
5.6. Mitigation Strategies......Page 253
5.7. Summary......Page 267
Chapter 6. Formatted Output......Page 269
6.1. Variadic Functions......Page 270
6.2. Formatted Output Functions......Page 272
6.3. Exploiting Formatted Output Functions......Page 277
6.4. Stack Randomization......Page 287
6.5. Mitigation Strategies......Page 291
6.6. Notable Vulnerabilities......Page 299
6.7. Summary......Page 300
6.8. Further Reading......Page 301
7.1. Multithreading......Page 302
7.2. Parallelism......Page 303
7.3. Performance Goals......Page 306
7.4. Common Errors......Page 309
7.5. Mitigation Strategies......Page 314
7.6. Mitigation Pitfalls......Page 327
7.7. Notable Vulnerabilities......Page 338
7.8. Summary......Page 340
8.1. File I/O Basics......Page 342
8.2. File I/O Interfaces......Page 345
8.3. Access Control......Page 349
8.4. File Identification......Page 364
8.5. Race Conditions......Page 379
8.6. Mitigation Strategies......Page 387
8.7. Summary......Page 395
9.1. The Security Development Lifecycle......Page 397
9.2. Security Training......Page 402
9.3. Requirements......Page 403
9.4. Design......Page 407
9.5. Implementation......Page 420
9.6. Verification......Page 427
9.8. Further Reading......Page 431
References......Page 433
Acronyms......Page 450
Index......Page 457

✦ Subjects

Computer Science;Programming;Science;Computers;Programming Languages;Software;Technology

📜 SIMILAR VOLUMES

Secure Coding in C and C++
📁 Secure Coding in C and C++
✍ Robert C. Seacord 📂 Library 📅 2013 🏛 Addison-Wesley Professional 🌐 English

Learn the Root Causes of Software Vulnerabilities and How to Avoid Them Commonly exploited software vulnerabilities are usually caused by avoidable software defects. Having analyzed tens of thousands of vulnerability reports since 1988, CERT has determined that a relatively small number of root caus

Secure coding in C and C++
📁 Secure coding in C and C++
✍ Seacord, Robert C 📂 Library 📅 2005;2008 🏛 Addison-Wesley Professional 🌐 English

""The security of information systems has not improved at a rate consistent with the growth and sophistication of the attacks being made against them. To address this problem, we must improve the underlying strategies and techniques used to create our systems. Specifically, we must build security in

Secure coding in C and C++
📁 Secure coding in C and C++
✍ Seacord, Robert C. 📂 Library 📅 2013 🏛 Addison-Wesley 🌐 English

Commonly exploited software vulnerabilities are usually caused by avoidable software defects. Having analyzed tens of thousands of vulnerability reports since 1988, CERT has determined that a relatively small number of root causes account for most of the vulnerabilities. Secure Coding in C and C++,

Secure Coding in C and C++
📁 Secure Coding in C and C++
✍ Robert C. Seacord 📂 Library 📅 2013 🏛 Addison-Wesley Professional 🌐 English

Learn the Root Causes of Software Vulnerabilities and How to Avoid Them Commonly exploited software vulnerabilities are usually caused by avoidable software defects. Having analyzed tens of thousands of vulnerability reports since 1988, CERT has determined that a relatively small number of root c

Secure Coding in C and C++
📁 Secure Coding in C and C++
✍ Robert Seacord 📂 Library 📅 2013 🏛 Addison-Wesley Professional 🌐 English

Узнайте коренные причины уязвимостей в программном обеспечении и как их избежать. Обычно эксплуатируемые уязвимости программ вызваны предотвратимыми дефектами программного обеспечения. Проанализировав десятки тысяч отчетов уязвимости с 1988 года, CERT определил, что относительно небольшое количество