Secure Programming Cookbook for C and C++: Recipes for Cryptography, Authentication, Input Validation & More
Password sniffing, spoofing, buffer overflows, and denial of service: these are only a few of the attacks on today's computer systems and networks. At the root of this epidemic is poorly written, poorly tested, and insecure code that puts everyone at risk. Clearly, today's developers need help figuring out how to write code that attackers won't be able to exploit. But writing such code is surprisingly difficult. Secure Programming Cookbook for C and C++ is an important new resource for developers serious about writing secure code. It contains a wealth of solutions to problems faced by those who care about the security of their applications. It covers a wide range of topics, including safe initialization, access control, input validation, symmetric and public key cryptography, cryptographic hashes and Macs, authentication and key exchange, Pki, random numbers, and anti-tampering. The rich set of code samples provided in the book's more than 200 recipes will help programmers secure the C and C++ programs they write for both Unix (including Linux) and Windows environments. Readers will learn: How to avoid common programming errors, such as buffer overflows, race conditions, and format string problems How to properly Ssl-enable applications How to create secure channels for client-server communication without Ssl How to integrate Public Key Infrastructure (Pki) into applications Best practices for using cryptography properly Techniques and strategies for properly validating input to programs How to launch programs securely How to use file access mechanisms properly Techniques for protecting applications from reverse engineering The book's web site supplements the book by providing a place to post new recipes, including those written in additional languages like Perl, Java, and Python. Monthly prizes will reward the best recipes submitted by readers. Secure Programming Cookbook for C and C++ is destined to become an e
Bought it for one reason but ended up using it.
By "lucincia" - October 16, 2003
To be truthful, I bought this book because the "gang" I hang out with is mentioned in the Acknowledgments section of the book. That was the ONLY reason when I sent money to Amazon.Com and purchased it for the dusty collection on my bookshelf.But, when I got it and chuckled over the Acknowledgements section, I started to mindlessly flip through the book. Mindless page flipping soon turned to semi-conscious scanning. Semi-conscious scanning soon turned to serious reading. I find myself reading the book more and more, jumping back and forth between sections I find interesting and useful.As a Windows C++ programmer for in-house tools, I do not dwell much on secure programming concepts. Yes, this is very, very bad way to program, so those of you reading this review should not try it at home. This book has shown the errors of my ways, revealed security issues that I have overlooked by accident or on purpose and gave concepts and examples that I can apply in my... read more
Voluminous and comprehensive
By W Boudville - August 17, 2003
If you are interested in encryption, you should probably get Bruce Schneier's Applied Cryptography, which is generally considered the standard summary of the field. But suppose you actually want to use some of the symmetric key or public key methods he describes? If you want to code from scratch, his book is a good starting point. But if you want to quickly avail yourself of the best existing methods and you don't want to reinvent the wheel by recoding? Also, it can be risky to do that. A mistake made in coding a crypto algorithm might render it insecure. Better to use reviewed, tested code.If this describes your needs and you code in C or C++, then this book will be invaluable. Extensive code fragments that show how you can interface to existing crypto packages. Very detailed. You won't find theorems or any elegant maths here. No Chinese Remainder Theorem or Fermat's theorems. You have to already know or accept the theoretical underpinnings. Given this, the book takes you into... read more
best o'reilly book I've ever purchased
By Brian Wotring - August 8, 2003
If you develop software, any kind of software, you need this book.The importance of understanding the security surrounding the development of software is finally being realized. This book provides a complete reference for the secure implementation of common operations that software developers often fail to do correctly.One of the best things about this book is that it covers so many topics that are often left out of secure programming texts. It is in cookbook format which is really nice for quick reference as well as accommodating readers that have different levels of experience in this area. Both the problem and the solution are explained and real source code is provided leaving the reader with an understanding of the risks, and practical solutions that can be incorporated into their software projects.The topics that impressed me most were: privilege separation, secure child process creation, executing external processes, safe file and string operations, random number... read more
In homes around the country, parents are fighting a difficult battle: trying to get their picky eaters to eat healthy foods without ruining family mealtime. We all know that it is critical for kids ...