Poised Solutions Library

Poised Solutions Tech Library

book review
secure coding in C and C++

 Poised Solutions

Secure Coding in C and C++ Book Review

IT Security
IT Library
Secure Coding in C and C++

Secure Coding in C and C++

Amazon UKAmazon USA
Secure Coding in C and C++
Author:
Robert C Seacord
Publisher:
Addison-Wesley
Published:
2006
Pages:
341

Secure Coding in C and C++

Secure Coding in C and C++ Chapters

Secure Coding in C and C++ Chapters
  1. Running with Scissors
    • Gauging the Threat
      • What is the Cost?
      • Who is the Threat?
      • Software Security
    • Security Concepts
      • Security Policy
      • Security Flaws
      • Vulnerabilities
      • Exploits
      • Mitigations
    • C and C++
      • A Brief History
      • What Is the Problem with C?
      • Legacy Code
      • Other Languages
    • Development Platforms
      • Operating Systems
      • Compilers
  2. Strings
    • String Characteristics
      • Strings in C++
    • Common String Manipulation Errors
      • Unbounded String Copies
      • Off-by-One Errors
      • Null-Termination Errors
      • String Truncation
      • String Errors without Functions
    • String Vulnerabilities
      • Security Flaw
      • Buffer Overflow
    • Process Memory Organization
      • Stack Management
    • Stack Smashing
    • Code Injection
    • Arc Injection
    • Mitigation Strategies
      • Prevention
      • String Streams
      • Detection and Recovery
    • Notable Vulnerabilities
      • Remote Login
      • Kerberos
      • Metamail
  3. Pointer Subterfuge
    • Data Locations
    • Function Pointers
    • Data Pointers
    • Modifying the Instruction Pointer
    • Global Offset Table
    • The .dtors Section
    • Virtual Pointers
    • The atexit() and on_exit() Functions
    • The longjmp() Function
    • Exception Handling
      • Structured Exception Handling
      • System Default Exception Handling
    • Mitigation Strategies
      • W^X
      • Canaries
  4. Dynamic Memory Management
    • Dynamic Memory Management
    • Common Dynamic Memory Management Errors
      • Initialization
      • Failing to Check Return Values
      • Referencing Freed Memory
      • Freeing Memory Multiple Times
      • Improperly Paired Memory Management Functions
      • Failure to Distinguish Scalars and Arrays
      • Improper Use of Allocation Functions
    • Doug Lea's Memory Allocator
      • Memory Management
      • Buffer Overflows
      • Double-Free Vulnerabilities
      • Writing to Freed Memory
    • RtlHeap
      • Memory Management in Win32
      • RtlHeap Data Structures
      • Buffer Overflows
      • Buffer Overflows (Redux)
      • Writing to Freed Memory
      • Double-Free
      • Look-Aside Table
    • Mitigation Strategies
      • Null Pointers
      • Consistent Memory Management Conventions
      • Heap Integrity Detection
      • phkmalloc
      • Randomization
      • Guard Pages
      • OpenBSD
      • Runtime Analysis Tools
      • Windows XP SP2
    • Notable Vulnerabilities
      • CVS Buffer Overflow Vulnerability
      • Microsoft Data Access Components (MDAC)
      • CVS Server Double-Free
      • Vulnerabilities in MIT Kerberos 5
  5. Integer Security
    • Integers
      • Integer Representation
      • Integer Types
      • Integer Ranges
    • Integer Conversions
      • Integer Promotions
      • Integer Conversion Rank
      • Conversions from Unsigned Integer Types
      • Conversions from Signed Integer Types
      • Signed or Unsigned Characters
      • Usual Arithmetic Conversions
    • Integer Error Conditions
      • Integer Overflow
      • Sign Errors
      • Truncation Errors
    • Integer Operations
      • Addition
      • Subtraction
      • Multiplication
      • Division
    • Vulnerabilities
      • Integer Overflows
      • Sign Errors
      • Truncation Errors
    • Nonexceptional Integer Logic Errors
    • Mitigation Strategies
      • Range Checking
      • Strong Typing
      • Compiler Checks
      • Safe Integer Operations
      • Arbitrary Precision Arithmetic
      • Testing
      • Source Code Audit
    • Notable Vulnerabilities
      • XDR Library
      • Window DirectX MIDI Library
      • Bash
  6. Formatted Output
    • Variadic Functions
      • ANSI C Standard Arguments
      • UNIX System V Varargs
    • Formatted Output Functions
      • Format Strings
      • GCC
      • Visual C++ .NET
    • Exploiting Formatted Output Functions
      • Buffer Overflows
      • Output Streams
      • Crashing a Program
      • Viewing Stack Content
      • Viewing Memory Content
      • Overwriting Memory
      • Internationalization
    • Stack Randomization
      • Thwarting Stack Randomization
      • Writing Addresses in Two Words
      • Direct Argument Access
    • Mitigation Strategies
      • Dynamic Use of Static Content
      • Restricting Bytes Written
      • ISO/IEC TR 24731
      • iostream versus stdio
      • Testing
      • Compiler Checks
      • Lexical Analysis
      • Static Taint Analysis
      • Modifying the Variadic Function Implementation
      • Exec Shield
      • FormatGuard
      • Libsafe
      • Static Binary Analysis
    • Notable Vulnerabilities
      • Washington University FTP Daemon
      • CDE ToolTalk
  7. File I/O
    • Concurrency
      • Race Conditions
      • Mutual Exclusion and Deadlock
    • Time of Check, Time of Use
    • Files as Locks and File Locking
    • File System Exploits
      • Symbolic Linking Exploits
      • Temporary File Open Exploits
      • unlink() Race Exploit
      • Trusted Filenames
      • Nonunique Temp File Names
    • Mitigation Strategies
      • Closing the Race Window
      • Eliminating the Race Object
      • Controlling Access to the Race Object
      • Race Detection Tools
  8. Recommended Practices
    • Secure Software Development Principles
      • Economy of Mechanism
      • Fail-Safe Defaults
      • Complete Mediation
      • Open Design
      • Separation of Privilege
      • Least Privilege
      • Least Common Mechanism
      • Psychological Acceptability
    • System Quality Requirements Engineering
    • Threat Modeling
    • Use/Misuse Cases
    • Architecture and Design
    • Off-the-Shelf Software
      • Vulnerabilities in Existing Code
      • Secure Wrappers
    • Compiler Checks
    • Input Validation
    • Data Sanitization
      • Black Listing
      • White Listing
      • Testing
    • Static Analysis
      • Fortify
      • Prexis
      • Prevent
      • PREfix and PREfast
    • Quality Assurance
      • Penetration Testing
      • Fuzz Testing
      • Code Audits
      • Developer Guidelines and Checklists
      • Independent Security Review
    • Memory Permissions
      • W^X
      • PaX
      • Data Execution Prevention
    • Defense in Depth
    • TSP-Secure
      • Planning and Tracking
      • Quality Management
Secure Coding in C and C++ Appendices
  1. References
  2. Acronyms
  3. Index
Hardening
Hardening Linux

Hardening Linux

Security Engineering

Security Engineering

Security Warrior

Security Warrior

Linux Firewalls

Linux Firewalls

Network Security Bible

Network Security Bible

Secure Coding in C and C++

Secure Coding in C and C++

Linux Network Security

Linux Network Security

Compilers Principles Techniques and Tools

Compilers Principles Techniques and Tools

Firewalls and Internet Security

Firewalls and Internet Security

Network Security Assessment

Network Security Assessment

File System Forensic Analysis

File System Forensic Analysis

Beautiful Security

Beautiful Security

Secrets and Lies Digital Security in a Networked World

Secrets and Lies Digital Security in a Networked World

Linux Security Toolkit

Linux Security Toolkit

Secure Coding

Secure Coding

Secure Architectures with OpenBSD

Secure Architectures with OpenBSD

Schneier on Security

Schneier on Security

Incident Response

Incident Response

Apache Security

Apache Security

Network Security Hacks

Network Security Hacks

Beyond Fear

Beyond Fear

Information Technology Law

Information Technology Law

Learning NAGIOS 3.0

Learning NAGIOS 3.0

Linux iptables Pocket Reference

Linux iptables Pocket Reference

Oracle Security

Oracle Security

Silence on the Wire

Silence on the Wire

Absolute BSD

Absolute BSD

The Rootkit Arsenal

The Rootkit Arsenal

Viruses Revealed

Viruses Revealed

TCP/IP Network Administration

TCP/IP Network Administration

Aggressive Network Self Defense

Aggressive Network Self Defense

Teach Yourself SQL

Teach Yourself SQL

The Art of War

The Art of War

The Book of Five Rings

The Book of Five Rings

Firefox Hacks

Firefox Hacks

LPIC 1

LPIC 1

Hacking Exposed

Hacking Exposed

Thank You for Arguing

Thank You for Arguing

Poised Solutions Library
Programming Books  |  Administration Books  |  Cyber Security Books
Computer Science Books  |  Electronic Books  |  Literature Books

Cyber Security Hardening  |  Cyber Security Monitoring
Cyber Security Encryption  |  Cyber Security Penetration

© Poised Solutions Copyright 2008 - 2009

Poised Solutions Web Development and Web Design by Poised Solutions IT Practice

Guild of Developers  •  PantheonOS  •  Cyber Security