|
 |
|
 |
 |
Secure Programming Cookbook for C and C++: Recipes for Cryptography, Authentication,...
|
by John Viega and Matt Messier
Sales Rank: 188049
|
Discount: 11 %
$27.99
At Amazon
|
|
Paperback: 790 pages
Publisher: O'Reilly Media, Inc. July 14, 2003
Language: English
ISBN-10: 0596003943
ISBN-13: 978-0596003944
Product Dimensions:
9 x 6.9 x 1.5 inches
Shipping Weight: 2.4 pounds
Book Description
Password sniffing, spoofing, buffer overflows, and denial of service: these are only a few of the attacks on today's computer systems and networks. At the root of this epidemic is poorly written, poorly tested, and insecure code that puts everyone at risk. Clearly, today's developers need help figuring out how to write code that attackers won't be able to exploit. But writing such code is surprisingly difficult. Secure Programming Cookbook for C and C++ is an important new resource for developers serious about writing secure code. It contains a wealth of solutions to problems faced by those who care about the security of their applications. It covers a wide range of topics, including safe initialization, access control, input validation, symmetric and public key cryptography, cryptographic hashes and MACs, authentication and key exchange, PKI, random numbers, and anti-tampering. The rich set of code samples provided in the book's more than 200 recipes will help programmers secure the C and C++ programs they write for both Unix® (including Linux®) and Windows® environments. Readers will learn: - How to avoid common programming errors, such as buffer overflows, race conditions, and format string problems
- How to properly SSL-enable applications
- How to create secure channels for client-server communication without SSL
- How to integrate Public Key Infrastructure (PKI) into applications
- Best practices for using cryptography properly
- Techniques and strategies for properly validating input to programs
- How to launch programs securely
- How to use file access mechanisms properly
- Techniques for protecting applications from reverse engineering
The book's web site supplements the book by providing a place to post new recipes, including those written in additional languages like Perl, Java, and Python. Monthly prizes will reward the best recipes submitted by readers. Secure Programming Cookbook for C and C++ is destined to become an essential part of any developer's library, a code companion developers will turn to again and again as they seek to protect their systems from attackers and reduce the risks they face in today's dangerous world.
About The Author
John Viega, Founder and Chief Scientist of Secure Software (www.securesoftware.com), is a well-known security expert, and coauthor of Building Secure Software (Addison-Wesley) and Network Security with OpenSSL (O'Reilly). John is responsible for numerous software security tools, and is the original author of Mailman, the GNU mailing list manager. He holds a B.A. and M.S. in Computer Science from the University of Virginia. Mr. Viega is also an Adjunct Professor of Computer Science at Virginia Tech (Blacksburg, VA) and a Senior Policy Researcher at the Cyberspace Policy Institute, and he serves on the Technical Advisory Board for the Open Web Applications Security Project. He also founded a Washington, D.C. area security interest group that conducts monthly lectures presented by leading experts in the field. He is the author or coauthor of nearly 80 technical publications, including numerous refereed research papers and trade articles. Matt Messier, Director of Engineering at Secure Software, is a security authority who has been programming for nearly two decades. Besides coauthoring Network Security with OpenSSL, Matt coauthored the Safe C String Library, RATS, and EGADS, an Entropy Gathering and Distribution System used for securely seeding pseudo-random number generators. Prior to joining Secure Software, Matt worked for IBM and Lotus, on source and assembly level debugging techniques, and operating system concepts.
Customer Reviews & Comments
I hadn't anticipated the heavy amount of crypto related chapters in this book. I honestly had only read about the input validation, avoiding overflows, and access control portions. It turns out it covers those areas plus a wide range of crypto related code. It goes over the fundamentals of Symmetric Crypto in great detail, from simple base64 encoding to parallelizing Encryption and decryption in arbitrary modes. All of the crypto related portions of this book are very clear. I highly recommend this book if you are doing any kind of crypto, whether it's simply encrypting a password, a file, or setting up a socket based secure communication tunnel. The Networking chapter is a very good reference section for creating SSL clients and servers, as well as using kerberos or securing your connections to your database. There is almost 80 pages of information related to generating random numbers and data from using /dev/random to gathering entropy from Mouse Evens on Win32. The one chapter I didn't expect to see here that was quite good was Chapter 12, Anti-Tampering. This chapter goes over obfuscating your code, detecting binary modifications, disguising boolean values, etc. It even shows you how to detect SoftICE and other debuggers, which can be useful for attempting to block people from cracking your commercial software. Although, I believe all attempts end up being rather futile when someone is determined enough. This book really is a must for anyone who is programming. If not just for the basics of protecting yourself from overflows and validating input and environment variables, than definitely for the extremely well written sections on crypto. This book has earned a permanent spot next to K&R and UNP on my desk.
Comment | Permalink |
(Report this)
|
Secure Programming Cookbook for C and C++: Recipes for Cryptography, Authentication,...
Discount: 11 %
Available from Amazon
Price: $27.99
| |
|
|
|
|
