Secure Coding in C and C++,9780321335722

Secure Coding in C and C++

by
Edition: 1st
ISBN13: 9780321335722
ISBN10: 0321335724
Format: Paperback
Pub. Date: 2005-09-09
Publisher(s): Addison-Wesley Professional
Upgraded Edition: Click here!
List Price: $58.84

Rent Book

Select for Price
Add to Cart
There was a problem. Please try again later.

New Book

We're Sorry
Sold Out

Used Book

We're Sorry
Sold Out

eBook

We're Sorry
Not Available

Buy from our Marketplace starting at $8.11

How Marketplace Works:

  • This item is offered by an independent seller and not shipped from our warehouse
  • Item details like edition and cover design may differ from our description; see seller's comments before ordering.
  • Sellers much confirm and ship within two business days; otherwise, the order will be cancelled and refunded.
  • Marketplace purchases cannot be returned to eCampus.com. Contact the seller directly for inquiries; if no response within two days, contact customer service.
  • Additional shipping costs apply to Marketplace purchases. Review shipping costs at checkout.

Summary

A code companion developers will turn to again and again as they seek to protect their systems from attackers.

Author Biography

Robert Seacord began programming (professionally) for IBM in 1982 and has been programming in C since 1985, and in C++ since 1992. Robert is currently a Senior Vulnerability Analyst with the CERT/Coordination Center at the Software Engineering Institute (SEI). He is coauthor of Building Systems from Commercial Components (Addison-Wesley, 2002) and Modernizing Legacy Systems (Addison-Wesley, 2003). The CERT/CC, among other security-related activities, regularly analyzes software vulnerability reports and assesses the risk to the Internet and other critical infrastructure.



Table of Contents

Foreword xiii
Preface xvii
About the Author xxiii
Chapter 1 Running with Scissors 1(24)
1.1 Gauging the Threat
4(6)
What Is the Cost?
5(1)
Who Is the Threat?
6(3)
Software Security
9(1)
1.2 Security Concepts
10(6)
Security Policy
12(1)
Security Flaws
12(1)
Vulnerabilities
13(1)
Exploits
14(1)
Mitigations
15(1)
1.3 C and C++
16(3)
A Brief History
16(1)
What Is the Problem with C?
17(1)
Legacy Code
18(1)
Other Languages
19(1)
1.4 Development Platforms
19(4)
Operating Systems
20(1)
Compilers
21(2)
1.5 Summary
23(1)
1.6 Further Reading
24(1)
Chapter 2 Strings 25(52)
2.1 String Characteristics
25(2)
Strings in C++
26(1)
2.2 Common String Manipulation Errors
27(6)
Unbounded String Copies
27(2)
Off-by-One Errors
29(2)
Null-Termination Errors
31(1)
String Truncation
32(1)
String Errors without Functions
32(1)
2.3 String Vulnerabilities
33(3)
Security Flaw
34(1)
Buffer Overflows
35(1)
2.4 Process Memory Organization
36(4)
Stack Management
37(3)
2.5 Stack Smashing
40(4)
2.6 Code Injection
44(4)
2.7 Arc Injection
48(3)
2.8 Mitigation Strategies
51(21)
Prevention
51(13)
String Streams
64(3)
Detection and Recovery
67(5)
2.9 Notable Vulnerabilities
72(2)
Remote Login
72(1)
Kerberos
72(1)
Metamail
73(1)
2.10 Summary
74(1)
2.11 Further Reading
75(2)
Chapter 3 Pointer Subterfuge 77(20)
3.1 Data Locations
78(1)
3.2 Function Pointers
78(2)
3.3 Data Pointers
80(1)
3.4 Modifying the Instruction Pointer
81(2)
3.5 Global Offset Table
83(1)
3.6 The .dtors Section
84(3)
3.7 Virtual Pointers
87(1)
3.8 The atexit() and on_exit() Functions
88(2)
3.9 The longjmp() Function
90(2)
3.10 Exception Handling
92(3)
Structured Exception Handling
92(2)
System Default Exception Handling
94(1)
3.11 Mitigation Strategies
95(1)
W^X
95(1)
Canaries
95(1)
3.12 Summary
96(1)
3.13 Further Reading
96(1)
Chapter 4 Dynamic Memory Management 97(54)
4.1 Dynamic Memory Management
98(2)
4.2 Common Dynamic Memory Management Errors
100(7)
Initialization
100(2)
Failing to Check Return Values
102(2)
Referencing Freed Memory
104(1)
Freeing Memory Multiple Times
104(2)
Improperly Paired Memory Management Functions
106(1)
Failure to Distinguish Scalars and Arrays
106(1)
Improper Use of Allocation Functions
107(1)
4.3 Doug Lea's Memory Allocator
107(13)
Memory Management
108(3)
Buffer Overflows
111(6)
Double-Free Vulnerabilities
117(3)
Writing to Freed Memory
120(1)
4.4 RtlHeap
120(18)
Memory Management in Win32
120(3)
RtlHeap Data Structures
123(3)
Buffer Overflows
126(3)
Buffer Overflows (Redux)
129(4)
Writing to Freed Memory
133(1)
Double-Free
134(3)
Look-Aside Table
137(1)
4.5 Mitigation Strategies
138(8)
Null Pointers
138(1)
Consistent Memory Management Conventions
138(1)
Heap Integrity Detection
139(1)
phkmalloc
140(1)
Randomization
141(1)
Guard Pages
142(1)
OpenBSD
142(1)
Runtime Analysis Tools
143(2)
Windows XP SP2
145(1)
4.6 Notable Vulnerabilities
146(3)
CVS Buffer Overflow Vulnerability
147(1)
Microsoft Data Access Components (MDAC)
147(1)
CVS Server Double-Free
148(1)
Vulnerabilities in MIT Kerberos 5
149(1)
4.7 Summary
149(1)
4.8 Further Reading
149(2)
Chapter 5 Integer Security 151(52)
5.1 Integers
152(7)
Integer Representation
152(1)
Integer Types
153(4)
Integer Ranges
157(2)
5.2 Integer Conversions
159(5)
Integer Promotions
159(1)
Integer Conversion Rank
160(1)
Conversions From Unsigned Integer Types
161(1)
Conversions From Signed Integer Types
161(1)
Signed or Unsigned Characters
162(2)
Usual Arithmetic Conversions
164(1)
5.3 Integer Error Conditions
164(3)
Integer Overflow
164(2)
Sign Errors
166(1)
Truncation Errors
167(1)
5.4 Integer Operations
167(14)
Addition
169(3)
Subtraction
172(2)
Multiplication
174(3)
Division
177(4)
5.5 Vulnerabilities
181(5)
Integer Overflow
182(1)
Sign Errors
183(1)
Truncation Errors
184(2)
5.6 Nonexceptional Integer Logic Errors
186(1)
5.7 Mitigation Strategies
187(10)
Range Checking
188(1)
Strong Typing
189(1)
Compiler-Generated Runtime Checks
190(1)
Safe Integer Operations
191(5)
Arbitrary Precision Arithmetic
196(1)
Testing
196(1)
Source Code Audit
197(1)
5.8 Notable Vulnerabilities
197(3)
XDR Library
197(1)
Windows DirectX MIDI Library
198(1)
Bash
199(1)
5.9 Summary
200(1)
5.10 Further Reading
201(2)
Chapter 6 Formatted Output 203(44)
6.1 Variadic Functions
204(4)
ANSI C Standard Arguments
205(3)
UNIX System V Varargs
208(1)
6.2 Formatted Output Functions
208(5)
Format Strings
209(2)
GCC
211(1)
Visual C++ .NET
212(1)
6.3 Exploiting Formatted Output Functions
213(12)
Buffer Overflow
214(1)
Output Streams
215(1)
Crashing a Program
216(1)
Viewing Stack Content
216(2)
Viewing Memory Content
218(2)
Overwriting Memory
220(4)
Internationalization
224(1)
6.4 Stack Randomization
225(6)
Thwarting Stack Randomization
226(1)
Writing Addresses in Two Words
227(1)
Direct Argument Access
227(4)
6.5 Mitigation Strategies
231(11)
Dynamic Use of Static Content
231(1)
Restricting Bytes Written
232(1)
ISO/IEC TR 24731
233(1)
iostream versus stdio
234(1)
Testing
234(2)
Compiler Checks
236(1)
Lexical Analysis
236(1)
Static Taint Analysis
237(1)
Modifying the Variadic Function Implementation
237(2)
Exec Shield
239(1)
FormatGuard
240(1)
Libsafe
241(1)
Static Binary Analysis
241(1)
6.6 Notable Vulnerabilities
242(1)
Washington University FTP Daemon
242(1)
CDE ToolTalk
243(1)
6.7 Summary
243(2)
6.8 Further Reading
245(2)
Chapter 7 File I/O 247(28)
7.1 Concurrency
247(3)
Race Conditions
248(1)
Mutual Exclusion and Deadlock
248(2)
7.2 Time of Check, Time of Use
250(2)
7.3 Files as Locks and File Locking
252(2)
7.4 File System Exploits
254(8)
Symbolic Linking Exploits
255(2)
Temporary File Open Exploits
257(3)
unlink() Race Exploit
260(1)
Trusted Filenames
261(1)
Nonunique Temp File Names
261(1)
7.5 Mitigation Strategies
262(10)
Closing the Race Window
262(4)
Eliminating the Race Object
266(3)
Controlling Access to the Race Object
269(2)
Race Detection Tools
271(1)
7.6 Summary
272(3)
Chapter 8 Recommended Practices 275(34)
8.1 Secure Software Development Principles
277(5)
Economy of Mechanism
278(1)
Fail-Safe Defaults
278(1)
Complete Mediation
278(1)
Open Design
279(1)
Separation of Privilege
279(1)
Least Privilege
279(2)
Least Common Mechanism
281(1)
Psychological Acceptability
281(1)
8.2 Systems Quality Requirements Engineering
282(1)
8.3 Threat Modeling
283(1)
8.4 Use/Misuse Cases
284(2)
8.5 Architecture and Design
286(2)
8.6 Off-the-Shelf Software
288(2)
Vulnerabilities in Existing Code
288(1)
Secure Wrappers
289(1)
8.7 Compiler Checks
290(1)
8.8 Input Validation
291(1)
8.9 Data Sanitization
292(3)
Black Listing
293(1)
White Listing
294(1)
Testing
294(1)
8.10 Static Analysis
295(3)
Fortify
296(1)
Prexis
297(1)
Prevent
297(1)
PREfix and PREfast
298(1)
8.11 Quality Assurance
298(4)
Penetration Testing
299(1)
Fuzz Testing
299(1)
Code Audits
300(1)
Developer Guidelines and Checklists
300(1)
Independent Security Review
301(1)
8.12 Memory Permissions
302(2)
W^X
302(1)
PaX
303(1)
Data Execution Prevention
303(1)
8.13 Defense in Depth
304(1)
8.14 TSP-Secure
304(3)
Planning and Tracking
305(1)
Quality Management
306(1)
8.15 Summary
307(1)
8.16 Further Reading
308(1)
References 309(14)
Acronyms 323(6)
Index 329

Excerpts

The CERT Coordination Centerreg; (CERT/CC) was formed by the Defense Advanced Research Projects Agency (DARPA) in November 1988 in response to the Morris worm incident, which brought 10 percent of Internet systems to a halt in November 1988. The CERT/CC is located in Pittsburgh, Pennsylvania, at the Software Engineering Institute (SEI), a federally funded research and development center sponsored by the U.S. Department of Defense.The initial focus of the CERT/CC was incident response and analysis. Incidents include successful attacks such as compromises and denial of service, as well as attack attempts, probes, and scans. Since 1988, the CERT/CC has received more than 22,665 hotline calls reporting computer security incidents or requesting information, and has handled more than 319,992 computer security incidents. The number of incidents reported each year continues to grow.Responding to incidents, while necessary, is insufficient to secure the Internet and interconnected information systems. Analysis indicates that the majority of incidents are caused by trojans, social engineering, and the exploitation of software vulnerabilities, including software defects, design decisions, configuration decisions, and unexpected interactions between systems. The CERT/CC monitors public sources of vulnerability information and regularly receives reports of vulnerabilities. Since 1995, more than 16,726 vulnerabilities have been reported. When a report is received, the CERT/CC analyzes the potential vulnerability and works with technology producers to inform them of security deficiencies in their products and to facilitate and track their response to those problems. Similar to incident reports, vulnerability reports continue to grow at an alarming rate. While managing vulnerabilities pushes the process upstream, it is again insufficient to address the issues of Internet and information system security. To address the growing number of both vulnerabilities and incidents, it is increasingly apparent that the problem must be attacked at the source by working to prevent the introduction of software vulnerabilities during software development and ongoing maintenance. Analysis of existing vulnerabilities indicates that a relatively small number of root causes account for the majority of vulnerabilities. The goal of this book is to educate developers about these root causes and the steps that can be taken so that vulnerabilities are not introduced. AudienceSecure Coding in C and C++ should be useful to anyone involved in the development or maintenance of software in C and C++. For a C/C++ programmer, this book will teach you how to identify common programming errors that result in software vulnerabilities, understand how these errors are exploited, and implement a solution in a secure fashion. For a software project manager, this book identifies the risks and consequences of software vulnerabilities to guide investments in developing secure software. For a computer science student, this book will teach you programming practices that will help you to avoid developing bad habits and enable you to develop secure programs during your professional career. For a security analyst, this book provides a detailed description of common vulnerabilities, identifies ways to detect these vulnerabilities, and offers practical avoidance strategies. Organization and ContentSecure Coding in C and C++ provides practical guidance on secure practices in C and C++ programming. Producing secure programs requires secure designs. However, even the best designs can lead to insecure programs if developers are unaware of the many security pitfalls inherent in C and C++ programming. This book provides a detailed explanation of common programming errors in C and C++ and describes how these errors can lead to code that is vulnerable to exploitation. The book concentrates on security issues int

An electronic version of this book is available through VitalSource.

This book is viewable on PC, Mac, iPhone, iPad, iPod Touch, and most smartphones.

By purchasing, you will be able to view this book online, as well as download it, for the chosen number of days.

Digital License

You are licensing a digital product for a set duration. Durations are set forth in the product description, with "Lifetime" typically meaning five (5) years of online access and permanent download to a supported device. All licenses are non-transferable.

More details can be found here.

A downloadable version of this book is available through the eCampus Reader or compatible Adobe readers.

Applications are available on iOS, Android, PC, Mac, and Windows Mobile platforms.

Please view the compatibility matrix prior to purchase.