Secure Programming Cookbook for C and C++: Recipes for Cryptography, Authentication, Input Validation & More

Front Cover
"O'Reilly Media, Inc.", Jul 14, 2003 - Computers - 792 pages
1 Review

Password sniffing, spoofing, buffer overflows, and denial of service: these are only a few of the attacks on today's computer systems and networks. At the root of this epidemic is poorly written, poorly tested, and insecure code that puts everyone at risk. Clearly, today's developers need help figuring out how to write code that attackers won't be able to exploit. But writing such code is surprisingly difficult.

Secure Programming Cookbook for C and C++ is an important new resource for developers serious about writing secure code. It contains a wealth of solutions to problems faced by those who care about the security of their applications. It covers a wide range of topics, including safe initialization, access control, input validation, symmetric and public key cryptography, cryptographic hashes and MACs, authentication and key exchange, PKI, random numbers, and anti-tampering. The rich set of code samples provided in the book's more than 200 recipes will help programmers secure the C and C++ programs they write for both Unix® (including Linux®) and Windows® environments. Readers will learn:

  • How to avoid common programming errors, such as buffer overflows, race conditions, and format string problems
  • How to properly SSL-enable applications
  • How to create secure channels for client-server communication without SSL
  • How to integrate Public Key Infrastructure (PKI) into applications
  • Best practices for using cryptography properly
  • Techniques and strategies for properly validating input to programs
  • How to launch programs securely
  • How to use file access mechanisms properly
  • Techniques for protecting applications from reverse engineering
The book's web site supplements the book by providing a place to post new recipes, including those written in additional languages like Perl, Java, and Python. Monthly prizes will reward the best recipes submitted by readers.

Secure Programming Cookbook for C and C++ is destined to become an essential part of any developer's library, a code companion developers will turn to again and again as they seek to protect their systems from attackers and reduce the risks they face in today's dangerous world.
  

What people are saying - Write a review

We haven't found any reviews in the usual places.

Related books

Contents

III
VI
VII
VIII
IX
X
XI
XII
CXV
CXVI
CXVII
CXVIII
CXIX
CXX
CXXI
CXXII

XIII
XIV
XV
XVI
XVII
XVIII
XIX
XX
XXI
XXII
XXIII
XXIV
XXV
XXVI
XXVII
XXIX
XXX
XXXI
XXXII
XXXIII
XXXIV
XXXV
XXXVI
XXXVII
XXXVIII
XXXIX
XL
XLI
XLII
XLIII
XLIV
XLV
XLVI
XLVII
XLVIII
XLIX
L
LI
LII
LIII
LIV
LV
LVI
LVIII
LIX
LX
LXI
LXII
LXIII
LXIV
LXV
LXVI
LXVII
LXVIII
LXIX
LXX
LXXI
LXXII
LXXIII
LXXIV
LXXV
LXXVI
LXXVII
LXXVIII
LXXIX
LXXX
LXXXI
LXXXII
LXXXIII
LXXXIV
LXXXVI
LXXXVII
LXXXVIII
LXXXIX
XC
XCI
XCII
XCIII
XCIV
XCV
XCVI
XCVII
XCVIII
XCIX
C
CI
CII
CIII
CIV
CV
CVI
CVII
CVIII
CIX
CX
CXI
CXII
CXIV
CXXIII
CXXV
CXXVI
CXXVII
CXXVIII
CXXIX
CXXX
CXXXI
CXXXII
CXXXIII
CXXXIV
CXXXV
CXXXVI
CXXXVII
CXXXVIII
CXXXIX
CXL
CXLI
CXLII
CXLIII
CXLIV
CXLV
CXLVI
CXLVII
CXLVIII
CXLIX
CL
CLI
CLII
CLIII
CLV
CLVI
CLVII
CLVIII
CLIX
CLX
CLXI
CLXII
CLXIII
CLXIV
CLXV
CLXVI
CLXVII
CLXVIII
CLXIX
CLXX
CLXXI
CLXXII
CLXXIII
CLXXIV
CLXXV
CLXXVI
CLXXVII
CLXXVIII
CLXXIX
CLXXX
CLXXXI
CLXXXII
CLXXXIII
CLXXXIV
CLXXXV
CLXXXVI
CLXXXVII
CLXXXVIII
CLXXXIX
CXC
CXCI
CXCII
CXCIII
CXCIV
CXCV
CXCVI
CXCVII
CXCVIII
CXCIX
CC
CCI
CCII
CCIII
CCIV
CCV
CCVI
CCVII
CCVIII
CCIX
CCX
CCXII
CCXIII
CCXIV
CCXV
CCXVI
CCXVII
CCXVIII
CCXIX
CCXX
CCXXI
CCXXII
Copyright

Common terms and phrases

References to this book

About the author (2003)

John Viega, Founder and Chief Scientist of Secure Software (www.securesoftware.com), is a well-known security expert, and coauthor of Building Secure Software (Addison-Wesley) and Network Security with OpenSSL (O'Reilly). John is responsible for numerous software security tools, and is the original author of Mailman, the GNU mailing list manager. He holds a B.A. and M.S. in Computer Science from the University of Virginia. Mr. Viega is also an Adjunct Professor of Computer Science at Virginia Tech (Blacksburg, VA) and a Senior Policy Researcher at the Cyberspace Policy Institute, and he serves on the Technical Advisory Board for the Open Web Applications Security Project. He also founded a Washington, D.C. area security interest group that conducts monthly lectures presented by leading experts in the field. He is the author or coauthor of nearly 80 technical publications, including numerous refereed research papers and trade articles.

Matt Messier, Director of Engineering at Secure Software, is a security authority who has been programming for nearly two decades. Besides coauthoring Network Security with OpenSSL, Matt coauthored the Safe C String Library, RATS, and EGADS, an Entropy Gathering and Distribution System used for securely seeding pseudo-random number generators. Prior to joining Secure Software, Matt worked for IBM and Lotus, on source and assembly level debugging techniques, and operating system concepts.

Bibliographic information