Password sniffing, spoofing, buffer overflows, and denial of service:
these are only a few of the attacks on today's computer systems and
networks. At the root of this epidemic is poorly written, poorly tested,
and insecure code that puts everyone at risk. Clearly, today's
developers need help figuring out how to write code that attackers won't
be able to exploit. But writing such code is surprisingly difficult.
Secure Programming Cookbook for C and C++ is an important new resource
for developers serious about writing secure code. It contains a wealth
of solutions to problems faced by those who care about the security of
their applications. It covers a wide range of topics, including safe
initialization, access control, input validation, symmetric and public
key cryptography, cryptographic hashes and MACs, authentication and key
exchange, PKI, random numbers, and anti-tampering. The rich set of code
samples provided in the book's more than 200 recipes will help
programmers secure the C and C++ programs they write for both Unix(R)
(including Linux(R)) and Windows(R) environments. Readers will learn:
- How to avoid common programming errors, such as buffer overflows, race
conditions, and format string problems
- How to properly SSL-enable applications
- How to create secure channels for client-server communication without
SSL
- How to integrate Public Key Infrastructure (PKI) into applications
- Best practices for using cryptography properly
- Techniques and strategies for properly validating input to programs
- How to launch programs securely
- How to use file access mechanisms properly
- Techniques for protecting applications from reverse engineering
The book's web site supplements the book by providing a place to post
new recipes, including those written in additional languages like Perl,
Java, and Python. Monthly prizes will reward the best recipes submitted
by readers.
Secure Programming Cookbook for C and C++ is destined to become an
essential part of any developer's library, a code companion developers
will turn to again and again as they seek to protect their systems from
attackers and reduce the risks they face in today's dangerous world.
