Secure Programming Cookbook for C and C++

Secure Programming Cookbook for C and C++

Author: John Viega

Publisher: "O'Reilly Media, Inc."

Published: 2003-07-14

Total Pages: 792

ISBN-13: 0596552181

DOWNLOAD EBOOK

Password sniffing, spoofing, buffer overflows, and denial of service: these are only a few of the attacks on today's computer systems and networks. At the root of this epidemic is poorly written, poorly tested, and insecure code that puts everyone at risk. Clearly, today's developers need help figuring out how to write code that attackers won't be able to exploit. But writing such code is surprisingly difficult. Secure Programming Cookbook for C and C++ is an important new resource for developers serious about writing secure code. It contains a wealth of solutions to problems faced by those who care about the security of their applications. It covers a wide range of topics, including safe initialization, access control, input validation, symmetric and public key cryptography, cryptographic hashes and MACs, authentication and key exchange, PKI, random numbers, and anti-tampering. The rich set of code samples provided in the book's more than 200 recipes will help programmers secure the C and C++ programs they write for both Unix® (including Linux®) and Windows® environments. Readers will learn: How to avoid common programming errors, such as buffer overflows, race conditions, and format string problems How to properly SSL-enable applications How to create secure channels for client-server communication without SSL How to integrate Public Key Infrastructure (PKI) into applications Best practices for using cryptography properly Techniques and strategies for properly validating input to programs How to launch programs securely How to use file access mechanisms properly Techniques for protecting applications from reverse engineering The book's web site supplements the book by providing a place to post new recipes, including those written in additional languages like Perl, Java, and Python. Monthly prizes will reward the best recipes submitted by readers. Secure Programming Cookbook for C and C++ is destined to become an essential part of any developer's library, a code companion developers will turn to again and again as they seek to protect their systems from attackers and reduce the risks they face in today's dangerous world.


The CERT Oracle Secure Coding Standard for Java

The CERT Oracle Secure Coding Standard for Java

Author: Fred Long

Publisher: Addison-Wesley Professional

Published: 2012

Total Pages: 739

ISBN-13: 0321803957

DOWNLOAD EBOOK

"In the Java world, security is not viewed as an add-on a feature. It is a pervasive way of thinking. Those who forget to think in a secure mindset end up in trouble. But just because the facilities are there doesn't mean that security is assured automatically. A set of standard practices has evolved over the years. The Secure(R) Coding(R) Standard for Java(TM) is a compendium of these practices. These are not theoretical research papers or product marketing blurbs. This is all serious, mission-critical, battle-tested, enterprise-scale stuff." --James A. Gosling, Father of the Java Programming Language An essential element of secure coding in the Java programming language is a well-documented and enforceable coding standard. Coding standards encourage programmers to follow a uniform set of rules determined by the requirements of the project and organization, rather than by the programmer's familiarity or preference. Once established, these standards can be used as a metric to evaluate source code (using manual or automated processes). The CERT(R) Oracle(R) Secure Coding Standard for Java(TM) provides rules designed to eliminate insecure coding practices that can lead to exploitable vulnerabilities. Application of the standard's guidelines will lead to higher-quality systems-robust systems that are more resistant to attack. Such guidelines are required for the wide range of products coded in Java-for devices such as PCs, game players, mobile phones, home appliances, and automotive electronics. After a high-level introduction to Java application security, seventeen consistently organized chapters detail specific rules for key areas of Java development. For each area, the authors present noncompliant examples and corresponding compliant solutions, show how to assess risk, and offer references for further information. Each rule is prioritized based on the severity of consequences, likelihood of introducing exploitable vulnerabilities, and cost of remediation. The standard provides secure coding rules for the Java SE 6 Platform including the Java programming language and libraries, and also addresses new features of the Java SE 7 Platform. It describes language behaviors left to the discretion of JVM and compiler implementers, guides developers in the proper use of Java's APIs and security architecture, and considers security concerns pertaining to standard extension APIs (from the javax package hierarchy).The standard covers security issues applicable to these libraries: lang, util, Collections, Concurrency Utilities, Logging, Management, Reflection, Regular Expressions, Zip, I/O, JMX, JNI, Math, Serialization, and JAXP.


Extreme C

Extreme C

Author: Kamran Amini

Publisher: Packt Publishing Ltd

Published: 2019-10-31

Total Pages: 823

ISBN-13: 1789341353

DOWNLOAD EBOOK

Push the limits of what C - and you - can do, with this high-intensity guide to the most advanced capabilities of C Key FeaturesMake the most of C’s low-level control, flexibility, and high performanceA comprehensive guide to C’s most powerful and challenging featuresA thought-provoking guide packed with hands-on exercises and examplesBook Description There’s a lot more to C than knowing the language syntax. The industry looks for developers with a rigorous, scientific understanding of the principles and practices. Extreme C will teach you to use C’s advanced low-level power to write effective, efficient systems. This intensive, practical guide will help you become an expert C programmer. Building on your existing C knowledge, you will master preprocessor directives, macros, conditional compilation, pointers, and much more. You will gain new insight into algorithm design, functions, and structures. You will discover how C helps you squeeze maximum performance out of critical, resource-constrained applications. C still plays a critical role in 21st-century programming, remaining the core language for precision engineering, aviations, space research, and more. This book shows how C works with Unix, how to implement OO principles in C, and fully covers multi-processing. In Extreme C, Amini encourages you to think, question, apply, and experiment for yourself. The book is essential for anybody who wants to take their C to the next level. What you will learnBuild advanced C knowledge on strong foundations, rooted in first principlesUnderstand memory structures and compilation pipeline and how they work, and how to make most out of themApply object-oriented design principles to your procedural C codeWrite low-level code that’s close to the hardware and squeezes maximum performance out of a computer systemMaster concurrency, multithreading, multi-processing, and integration with other languagesUnit Testing and debugging, build systems, and inter-process communication for C programmingWho this book is for Extreme C is for C programmers who want to dig deep into the language and its capabilities. It will help you make the most of the low-level control C gives you.


Secure Programming with Static Analysis

Secure Programming with Static Analysis

Author: Brian Chess

Publisher: Pearson Education

Published: 2007-06-29

Total Pages: 1101

ISBN-13: 0132702029

DOWNLOAD EBOOK

The First Expert Guide to Static Analysis for Software Security! Creating secure code requires more than just good intentions. Programmers need to know that their code will be safe in an almost infinite number of scenarios and configurations. Static source code analysis gives users the ability to review their work with a fine-toothed comb and uncover the kinds of errors that lead directly to security vulnerabilities. Now, there’s a complete guide to static analysis: how it works, how to integrate it into the software development processes, and how to make the most of it during security code review. Static analysis experts Brian Chess and Jacob West look at the most common types of security defects that occur today. They illustrate main points using Java and C code examples taken from real-world security incidents, showing how coding errors are exploited, how they could have been prevented, and how static analysis can rapidly uncover similar mistakes. This book is for everyone concerned with building more secure software: developers, security engineers, analysts, and testers.


Secure Coding

Secure Coding

Author: Mark Graff

Publisher: "O'Reilly Media, Inc."

Published: 2003

Total Pages: 224

ISBN-13: 0596002424

DOWNLOAD EBOOK

The authors look at the problem of bad code in a new way. Packed with advice based on the authors' decades of experience in the computer security field, this concise and highly readable book explains why so much code today is filled with vulnerabilities, and tells readers what they must do to avoid writing code that can be exploited by attackers. Writing secure code isn't easy, and there are no quick fixes to bad code. To build code that repels attack, readers need to be vigilant through each stage of the entire code lifecycle: Architecture, Design, Implementation, Testing and Operations. Beyond the technical, Secure Coding sheds new light on the economic, psychological, and sheer practical reasons why security vulnerabilities are so ubiquitous today. It presents a new way of thinking about these vulnerabilities and ways that developers can compensate for the factors that have produced such unsecured software in the past.


Checking C Programs with Lint

Checking C Programs with Lint

Author: Ian F. Darwin

Publisher: "O'Reilly Media, Inc."

Published: 1988

Total Pages: 94

ISBN-13: 9780937175309

DOWNLOAD EBOOK

Using lint. Dealing with lint's concerns. Using lint in detail. Limits to lint. Under the hood. An evaluation of lint. Future directions. Appendixes. Bibliography. Index.


C# 7 and .NET Core Cookbook

C# 7 and .NET Core Cookbook

Author: Dirk Strauss

Publisher: Packt Publishing Ltd

Published: 2017-04-25

Total Pages: 614

ISBN-13: 1787289206

DOWNLOAD EBOOK

Quick solutions to common programming problems with the latest features of C# 7.0, .NET Core 1.1, and Visual Studio 2017 About This Book Easy-to-follow recipes to get you up-and-running with the new features of C# 7 and .NET Core 1.1 Practical solutions to assist you with microservices and serverless computing in C# Explore the new Visual Studio environment and write more secure code in it Who This Book Is For The book will appeal to C# and .NET developers who have a basic familiarity with C# and the Visual Studio 2015 environment What You Will Learn Writing better and less code to achieve the same result as in previous versions of C# Working with analyzers in Visual Studio Working with files, streams, and serialization Writing high-performant code in C# and understanding multi-threading Demystifying the Rx library using Reactive extensions Exploring .Net Core 1.1 and ASP.NET MVC Securing your applications and learning new debugging techniques Designing and building a microservice architecture Using Azure and AWS for serverless computing with C# In Detail C# has recently been open-sourced and C# 7 comes with a host of new features for building powerful, cross-platform applications. This book will be your solution to some common programming problems that you come across with C# and will also help you get started with .NET Core 1.1. Through a recipe-based approach, this book will help you overcome common programming challenges and get your applications ready to face the modern world. We start by running you through new features in C# 7, such as tuples, pattern matching, and so on, giving you hands-on experience with them. Moving forward, you will work with generics and the OOP features in C#. You will then move on to more advanced topics, such as reactive extensions, Regex, code analyzers, and asynchronous programming. This book will also cover new, cross-platform .NET Core 1.1 features and teach you how to utilize .NET Core on macOS. Then, we will explore microservices as well as serverless computing and how these benefit modern developers. Finally, you will learn what you can do with Visual Studio 2017 to put mobile application development across multiple platforms within the reach of any developer. Style and approach A unique recipe-based guide that will help you gain a solid understanding of the new concepts in C# 7.0 and Visual Studio 2017


C++17 STL Cookbook

C++17 STL Cookbook

Author: Jacek Galowicz

Publisher: Packt Publishing Ltd

Published: 2017-06-28

Total Pages: 523

ISBN-13: 1787121763

DOWNLOAD EBOOK

Over 90 recipes that leverage the powerful features of the Standard Library in C++17 About This Book Learn the latest features of C++ and how to write better code by using the Standard Library (STL). Reduce the development time for your applications. Understand the scope and power of STL features to deal with real-world problems. Compose your own algorithms without forfeiting the simplicity and elegance of the STL way. Who This Book Is For This book is for intermediate-to-advanced C++ programmers who want to get the most out of the Standard Template Library of the newest version of C++: C++ 17. What You Will Learn Learn about the new core language features and the problems they were intended to solve Understand the inner workings and requirements of iterators by implementing them Explore algorithms, functional programming style, and lambda expressions Leverage the rich, portable, fast, and well-tested set of well-designed algorithms provided in the STL Work with strings the STL way instead of handcrafting C-style code Understand standard support classes for concurrency and synchronization, and how to put them to work Use the filesystem library addition available with the C++17 STL In Detail C++ has come a long way and is in use in every area of the industry. Fast, efficient, and flexible, it is used to solve many problems. The upcoming version of C++ will see programmers change the way they code. If you want to grasp the practical usefulness of the C++17 STL in order to write smarter, fully portable code, then this book is for you. Beginning with new language features, this book will help you understand the language's mechanics and library features, and offers insight into how they work. Unlike other books, ours takes an implementation-specific, problem-solution approach that will help you quickly overcome hurdles. You will learn the core STL concepts, such as containers, algorithms, utility classes, lambda expressions, iterators, and more, while working on practical real-world recipes. These recipes will help you get the most from the STL and show you how to program in a better way. By the end of the book, you will be up to date with the latest C++17 features and save time and effort while solving tasks elegantly using the STL. Style and approach This recipe-based guide will show you how to make the best use of C++ together with the STL to squeeze more out of the standard language


C++ System Programming Cookbook

C++ System Programming Cookbook

Author: Onorato Vaticone

Publisher: Packt Publishing Ltd

Published: 2020-02-21

Total Pages: 279

ISBN-13: 1838648755

DOWNLOAD EBOOK

A problem-solution-based guide to help you overcome hurdles effectively while working with kernel APIs, filesystems, networks, threads, and process communications Key FeaturesLearn to apply the latest C++ features (from C++11, 14, 17, and 20) to facilitate systems programmingCreate robust and concurrent systems that make the most of the available hardware resourcesDelve into C++ inbuilt libraries and frameworks to design robust systems as per your business needsBook Description C++ is the preferred language for system programming due to its efficient low-level computation, data abstraction, and object-oriented features. System programming is about designing and writing computer programs that interact closely with the underlying operating system and allow computer hardware to interface with the programmer and the user. The C++ System Programming Cookbook will serve as a reference for developers who want to have ready-to-use solutions for the essential aspects of system programming using the latest C++ standards wherever possible. This C++ book starts out by giving you an overview of system programming and refreshing your C++ knowledge. Moving ahead, you will learn how to deal with threads and processes, before going on to discover recipes for how to manage memory. The concluding chapters will then help you understand how processes communicate and how to interact with the console (console I/O). Finally, you will learn how to deal with time interfaces, signals, and CPU scheduling. By the end of the book, you will become adept at developing robust systems applications using C++. What you will learnGet up to speed with the fundamentals including makefile, man pages, compilation, and linking and debuggingUnderstand how to deal with time interfaces, signals, and CPU schedulingDevelop your knowledge of memory managementUse processes and threads for advanced synchronizations (mutexes and condition variables)Understand interprocess communications (IPC): pipes, FIFOs, message queues, shared memory, and TCP and UDPDiscover how to interact with the console (console I/O)Who this book is for This book is for C++ developers who want to gain practical knowledge of systems programming. Though no experience of Linux system programming is assumed, intermediate knowledge of C++ is necessary.


Embedded Programming with Modern C++ Cookbook

Embedded Programming with Modern C++ Cookbook

Author: Igor Viarheichyk

Publisher: Packt Publishing Ltd

Published: 2020-04-17

Total Pages: 399

ISBN-13: 1838823204

DOWNLOAD EBOOK

Explore various constraints and challenges that embedded developers encounter in their daily tasks and learn how to build effective programs using the latest standards of C++ Key FeaturesGet hands-on experience in developing a sample application for an embedded Linux-based systemExplore advanced topics such as concurrency, real-time operating system (RTOS), and C++ utilitiesLearn how to test and debug your embedded applications using logs and profiling toolsBook Description Developing applications for embedded systems may seem like a daunting task as developers face challenges related to limited memory, high power consumption, and maintaining real-time responses. This book is a collection of practical examples to explain how to develop applications for embedded boards and overcome the challenges that you may encounter while developing. The book will start with an introduction to embedded systems and how to set up the development environment. By teaching you to build your first embedded application, the book will help you progress from the basics to more complex concepts, such as debugging, logging, and profiling. Moving ahead, you will learn how to use specialized memory and custom allocators. From here, you will delve into recipes that will teach you how to work with the C++ memory model, atomic variables, and synchronization. The book will then take you through recipes on inter-process communication, data serialization, and timers. Finally, you will cover topics such as error handling and guidelines for real-time systems and safety-critical systems. By the end of this book, you will have become proficient in building robust and secure embedded applications with C++. What you will learnGet to grips with the fundamentals of an embedded systemUnderstand how to optimize code for the targeted hardware platformsExplore cross-compilation, build types, and remote debuggingDiscover the importance of logging for debugging and root cause analysis of failuresUncover concepts such as interrupt service routine, memory model, and ring bufferRecognize the need for custom memory management in embedded systemsDelve into static code analyzers and tools to improve code qualityWho this book is for This book is for developers, electronic hardware professionals, and software and system-on-chip engineers who want to build effective embedded programs in C++. Familiarity with the C++ programming language is expected, but no previous knowledge of embedded systems is required.