Secure Programming Cookbook for C and C++: Recipes for Cryptography, Authentication, Input Validation & More (Paperback)

John Viega, Matt Messier

  • 出版商: O'Reilly
  • 出版日期: 2003-08-19
  • 定價: $2,625
  • 售價: 9.5$2,494
  • 語言: 英文
  • 頁數: 792
  • 裝訂: Paperback
  • ISBN: 0596003943
  • ISBN-13: 9780596003944
  • 相關分類: C 程式語言C++ 程式語言資訊安全
  • 立即出貨 (庫存=1)

買這商品的人也買了...

商品描述

Password sniffing, spoofing, buffer overflows, and denial of service: these are only a few of the attacks on today's computer systems and networks. At the root of this epidemic is poorly written, poorly tested, and insecure code that puts everyone at risk. Clearly, today's developers need help figuring out how to write code that attackers won't be able to exploit. But writing such code is surprisingly difficult.

Secure Programming Cookbook for C and C++ is an important new resource for developers serious about writing secure code. It contains a wealth of solutions to problems faced by those who care about the security of their applications. It covers a wide range of topics, including safe initialization, access control, input validation, symmetric and public key cryptography, cryptographic hashes and MACs, authentication and key exchange, PKI, random numbers, and anti-tampering. The rich set of code samples provided in the book's more than 200 recipes will help programmers secure the C and C++ programs they write for both Unix® (including Linux®) and Windows® environments. Readers will learn:

  • How to avoid common programming errors, such as buffer overflows, race conditions, and format string problems
  • How to properly SSL-enable applications
  • How to create secure channels for client-server communication without SSL
  • How to integrate Public Key Infrastructure (PKI) into applications
  • Best practices for using cryptography properly
  • Techniques and strategies for properly validating input to programs
  • How to launch programs securely
  • How to use file access mechanisms properly
  • Techniques for protecting applications from reverse engineering
The book's web site supplements the book by providing a place to post new recipes, including those written in additional languages like Perl, Java, and Python. Monthly prizes will reward the best recipes submitted by readers.

Secure Programming Cookbook for C and C++ is destined to become an essential part of any developer's library, a code companion developers will turn to again and again as they seek to protect their systems from attackers and reduce the risks they face in today's dangerous world.

商品描述(中文翻譯)

「密碼竊聽、偽造、緩衝區溢位和阻斷服務攻擊:這些只是當今電腦系統和網絡所面臨的攻擊中的一部分。這個流行病的根源在於編寫不良、測試不足和不安全的代碼,這使得每個人都處於風險之中。顯然,當今的開發人員需要幫助,以找出如何編寫攻擊者無法利用的代碼。但是,編寫這樣的代碼卻出奇地困難。

《C和C++安全編程食譜》是一個對於認真編寫安全代碼的開發人員來說非常重要的新資源。它包含了大量解決那些關心應用程序安全的人所面臨問題的解決方案。它涵蓋了各種主題,包括安全初始化、訪問控制、輸入驗證、對稱和公鑰加密、加密哈希和MAC、身份驗證和密鑰交換、PKI、隨機數字和防篡改。書中提供的200多個配方中的豐富代碼示例將幫助程序員為Unix®(包括Linux®)和Windows®環境中編寫的C和C++程序提供安全保護。讀者將學到:

- 如何避免常見的編程錯誤,如緩衝區溢位、競態條件和格式字符串問題
- 如何正確啟用應用程序的SSL功能
- 如何在沒有SSL的情況下創建客戶端-服務器通信的安全通道
- 如何將公鑰基礎設施(PKI)集成到應用程序中
- 正確使用加密的最佳實踐
- 正確驗證程序輸入的技術和策略
- 如何安全地啟動程序
- 如何正確使用文件訪問機制
- 保護應用程序免受逆向工程的技術

該書的網站通過提供一個地方來發布新的配方,包括使用Perl、Java和Python等其他語言編寫的配方,來補充該書。每月的獎品將獎勵讀者提交的最佳配方。

《C和C++安全編程食譜》注定成為任何開發人員圖書館中不可或缺的一部分,開發人員將一次又一次地求助於它,以保護他們的系統免受攻擊者的侵害,減少他們在當今危險世界中面臨的風險。」