Search Images Maps Play YouTube News Gmail Drive More »
My library | Help | Advanced Book Search | Web History | Sign in

Books

Secure Programming Cookbook for C and C++:

Recipes for Cryptography, Authentication, Input Validation & More
Front Cover
1 Review
O'Reilly Media, Inc., Feb 9, 2009 - Computers - 792 pages

Password sniffing, spoofing, buffer overflows, and denial of service: these are only a few of the attacks on today's computer systems and networks. At the root of this epidemic is poorly written, poorly tested, and insecure code that puts everyone at risk. Clearly, today's developers need help figuring out how to write code that attackers won't be able to exploit. But writing such code is surprisingly difficult.

Secure Programming Cookbook for C and C++ is an important new resource for developers serious about writing secure code. It contains a wealth of solutions to problems faced by those who care about the security of their applications. It covers a wide range of topics, including safe initialization, access control, input validation, symmetric and public key cryptography, cryptographic hashes and MACs, authentication and key exchange, PKI, random numbers, and anti-tampering. The rich set of code samples provided in the book's more than 200 recipes will help programmers secure the C and C++ programs they write for both Unix® (including Linux®) and Windows® environments. Readers will learn:

  • How to avoid common programming errors, such as buffer overflows, race conditions, and format string problems
  • How to properly SSL-enable applications
  • How to create secure channels for client-server communication without SSL
  • How to integrate Public Key Infrastructure (PKI) into applications
  • Best practices for using cryptography properly
  • Techniques and strategies for properly validating input to programs
  • How to launch programs securely
  • How to use file access mechanisms properly
  • Techniques for protecting applications from reverse engineering
The book's web site supplements the book by providing a place to post new recipes, including those written in additional languages like Perl, Java, and Python. Monthly prizes will reward the best recipes submitted by readers.

Secure Programming Cookbook for C and C++ is destined to become an essential part of any developer's library, a code companion developers will turn to again and again as they seek to protect their systems from attackers and reduce the risks they face in today's dangerous world.
  

What people are saying - Write a review

We haven't found any reviews in the usual places.

Related books

Network Security with OpenSSL: Cryptography for Secure Communications
Network Security with OpenSSL: Cryptography for Secure Communications
John Viega,Matt Messier,Pravir Chandra
Limited preview - 2009
Building Secure Software: How to Avoid Security Problems the Right Way
Building Secure Software: How to Avoid Security Problems the Right Way
John Viega,Gary McGraw
No preview available - 2001
Writing Secure Code
Writing Secure Code
Michael Howard,David LeBlanc
Limited preview - 2009
All related books »

Selected pages

Contents

Safe Initialization
Access Control
Input Validation
Symmetric Cryptography Fundamentals
Symmetric Encryption
Hashes and Message Authentication
Public Key Cryptography
Authentication and Key Exchange
Networking
Public Key Infrastructure
Random Numbers
AntiTampering
Other Topics
Index
Copyright

Common terms and phrases

algorithm allocated array attacker Authentication and Key BIGNUM binary block cipher Book buffer cbData certificate Chapter Chapter11 client context object create CryptoAPI cryptographic cryptographic hash function decryption discussed in Recipe DWORD eMatter Edition encoding encryption entropy environment variable error example file descriptor flag hash function Here’s HMAC hostname implementation include stdlib.h include string.h input integer interface Key Exchange keystream length macros memory Message Authentication nonce NULL number of bytes OpenSSL output padding password perform PKCS plaintext pointer private key privileges PRNG Problem You want protocol public key cryptography random number requires result return FALSE server setuid SHA1 signature size_t socket Solution SPC_BLOCK_SZ specified static string struct tion Title Unix unsigned char unsigned int valid VeriSign void Windows

References to this book

From other books

Handbook of Information Security, Information Warfare, Social, Legal, and ...
Handbook of Information Security, Information Warfare, Social, Legal, and ...
Hossein Bidgoli
Limited preview - 2006

From Google Scholar

Tampering with Motes: Real-World Physical Attacks on Wireless ...
Alexander Becher, Zinaida Benenson, Maximillian Dornseif
Mobile Agent Security Through Multi-agent Cryptographic Protocols
Stephen R Tate - 2004
Secure Software Development by Example
Building More Secure Software with Improved Development Processes
Basic Training
All Scholar search results »

About the author (2009)

John is CTO of the SaaS Business Unit at McAfee, his second stint at McAfee. Previously, he was their Chief Security Architect, after which he founded and served as CEO of Stonewall Software, which focused on making anti-virus technology faster, better and cheaper. John was also the founder of Secure Software (now part of Fortify). John is author of many security books, including Building Secure Software (Addison-Wesley), Network Security with OpenSSL (O'Reilly), and the forthcoming Myths of Security (O'Reilly). He is responsible for numerous software security tools and is the original author of Mailman, the GNU mailing list manager. He has done extensive standards work in the IEEE and IETF and co-invented GCM, a cryptographic algorithm that NIST has standardized. John is also an active advisor to several security companies, including Fortify and Bit9. He holds a MS and BA from the University of Virginia.

Matt Messier, Director of Engineering at Secure Software, is a security authority who has been programming for nearly two decades. Besides coauthoring Network Security with OpenSSL, Matt coauthored the Safe C String Library, RATS, and EGADS, an Entropy Gathering and Distribution System used for securely seeding pseudo-random number generators. Prior to joining Secure Software, Matt worked for IBM and Lotus, on source and assembly level debugging techniques, and operating system concepts.

Bibliographic information

QR code for Secure Programming Cookbook for C and C++
TitleSecure Programming Cookbook for C and C++: Recipes for Cryptography, Authentication, Input Validation & More
AuthorsJohn Viega, Matt Messier
PublisherO'Reilly Media, Inc., 2009
ISBN0596552181, 9780596552183
Length792 pages
Subjects ›  › 

Computers / Programming Languages / C
  
Export CitationBiBTeX EndNote RefMan