Secure coding in C and C++ / (Record no. 2960)

MARC details
000 -LEADER
fixed length control field 08495cam a22002417a 4500
020 ## - INTERNATIONAL STANDARD BOOK NUMBER
International Standard Book Number 9780321822130 (pbk.)
020 ## - INTERNATIONAL STANDARD BOOK NUMBER
International Standard Book Number 0321822137 (pbk.)
040 ## - CATALOGING SOURCE
Transcribing agency CUS
082 00 - DEWEY DECIMAL CLASSIFICATION NUMBER
Classification number 005.8
Item number SEA/S
100 1# - MAIN ENTRY--PERSONAL NAME
Personal name Seacord, Robert C.
245 10 - TITLE STATEMENT
Title Secure coding in C and C++ /
Statement of responsibility, etc. Robert C. Seacord ; [foreword by Richard D. Pethia].
246 3# - VARYING FORM OF TITLE
Title proper/short title Secure coding in C and C plus plus
250 ## - EDITION STATEMENT
Edition statement 2nd ed.
260 ## - PUBLICATION, DISTRIBUTION, ETC. (IMPRINT)
Place of publication, distribution, etc. Upper Saddle River, NJ :
Name of publisher, distributor, etc. Addison-Wesley,
Date of publication, distribution, etc. c2013.
300 ## - PHYSICAL DESCRIPTION
Extent xxvii, 569 p. :
Other physical details ill. ;
Dimensions 24 cm.
500 ## - GENERAL NOTE
General note "A CERT book"--Cover.
504 ## - BIBLIOGRAPHY, ETC. NOTE
Bibliography, etc Includes bibliographical references (p. 519-537) and index.
505 ## - FORMATTED CONTENTS NOTE
Formatted contents note Chapter 1 Running with Scissors<br/>1.1 Gauging the Threat<br/>What Is the Cost?<br/>Who Is the Threat?<br/>Software Security<br/>1.2 Security Concepts<br/>Security Policy<br/>Security Flaws<br/>Vulnerabilities<br/>Exploits<br/>Mitigations<br/>1.3 C and C++<br/>A Brief History<br/>What Is the Problem with C?<br/>Legacy Code<br/>Other Languages<br/>1.4 Development Platforms<br/>Operating Systems<br/>Compilers<br/>1.5 Summary<br/>1.6 Further Reading<br/>Chapter 2 Strings<br/>2.1 Character Strings<br/>String Data Type<br/>UTF-8<br/>Wide Strings<br/>String Literals<br/>Strings in C++<br/>Character Types<br/>Sizing Strings<br/>2.2 Common String Manipulation Errors<br/>Improperly Bounded String Copies<br/>Off-by-One Errors<br/>Null-Termination Errors<br/>String Truncation<br/>String Errors without Functions<br/>2.3 String Vulnerabilities and Exploits<br/>Tainted Data<br/>Security Flaw: IsPasswordOK<br/>Buffer Overflows<br/>Process Memory Organization<br/>Stack Management<br/>Stack Smashing<br/>Code Injection<br/>Arc Injection<br/>Return-Oriented Programming<br/>2.4 Mitigation Strategies for Strings<br/>String Handling<br/>Cll Annex K Bounds-Checking Interfaces<br/>Dynamic Allocation Functions<br/>C++ std::basic_string<br/>Invalidating String Object References<br/>Other Common Mistakes in basic_string Usage<br/>2.5 String-Handling Functions<br/>getsO<br/>C99<br/>Cll Annex K Bounds-Checking Interfaces: gets_sC)<br/>Dynamic Allocation Functions<br/>strcpyO and strcatC)<br/>C99<br/>strncpyC) and strncat()<br/>memcpyO and memmoveC)<br/>strlenO<br/>2.6<br/>2.7<br/>2.8<br/>2.9<br/>Runtime Protection Strategies<br/>Detection and Recovery<br/>Input Validation<br/>Object Size Checking<br/>Visual Studio Compiler-Generated Runtime Checks<br/>Stack Canaries<br/>Stack-Smashing Protector (ProPolice)<br/>Operating System Strategies<br/>Detection and Recovery<br/>Nonexecutable Stacks<br/>PaX<br/>Future Directions<br/>Notable Vulnerabilities<br/>Remote Login<br/>Kerheros<br/>Summary<br/>Further Reading<br/>Chapter 3 Pointer Subterfuge<br/>3.1<br/>3.2<br/>3.3<br/>3.4<br/>3.5<br/>3.6<br/>3.7<br/>3.8<br/>3.9<br/>3.10<br/>3.11<br/>3.12<br/>3.13<br/>Data Locations<br/>Function Pointers<br/>Object Pointers<br/>Modifying the Instruction Pointer<br/>Global Offset Table<br/>The .dtors Section<br/>Virtual Pointers<br/>The atexitO and on_exitO Functions<br/>The longjmpO Function<br/>Exception Handling<br/>Structured Exception Handling<br/>System Default Exception Handling<br/>Mitigation Strategies<br/>Stack Canaries<br/>VV^X<br/>Encoding and Decoding Function Pointers<br/>Summary<br/>Further Reading<br/>Chapter 4 Dynamic Memory Management<br/>4.1 C Memory Management<br/>C Standard Memory Management Functions<br/>Alignment<br/>all oca O and Variable-Length Arrays<br/>4.2 Common C Memory Management Errors<br/>Initialization Errors<br/>Failing to Check Return Values<br/>Dereferencing Null or Invalid Pointers<br/>Referencing Freed Memory<br/>Freeing Memory Multiple Times<br/>Memory Leaks<br/>Zero-Length Allocations<br/>OR #400<br/>4.3 C++ Dynamic Memory Management<br/>Allocation Functions<br/>Deallocation Functions<br/>Garbage Collection<br/>4.4 Common C++ Memory Management Errors<br/>Failing to Correctly Check for Allocation Failure<br/>Improperly Paired Memory Management Functions<br/>Freeing Memory Multiple Times<br/>Deallocation Function Throws an Exception<br/>4.5 Memory Managers<br/>4.6 Doug Lea's Memory Allocator<br/>Buffer Overflows on the Heap<br/>4.7 Double-Free Vulnerabilities<br/>Writing to Freed Memory<br/>RtlHeap<br/>Buffer Overflows (Redux)<br/>4.8 Mitigation Strategies<br/>Null Pointers<br/>Consistent Memory Management Conventions<br/>phkmalloc<br/>Randomization<br/>OpenBSD<br/>The jemalloc Memory Manager<br/>Static Analysis<br/>Runtime Analysis Tools<br/>4.9 Notable Vulnerabilities<br/>CVS Buffer Overflow Vulnerability<br/>Microsoft Data Access Components (MDAC)<br/>CVS Server Double-Free<br/>Vulnerabilities in MIT Kerberos 5<br/>4.10 Summary<br/>Chapter 5 Integer Security<br/>5.1 Introduction to Integer Security<br/>5.2 Integer Data Types<br/>Unsigned Integer Types 227<br/>Wraparound<br/>Signed Integer Types<br/>Signed Integer Ranges<br/>Integer Overflow<br/>Character Types<br/>Data Models<br/>Other Integer Types<br/>5.3 Integer Conversions<br/>Converting Integers<br/>Integer Conversion Rank<br/>Integer Promotions<br/>Usual Arithmetic Conversions<br/>Conversions from Unsigned Integer Types<br/>Conversions from Signed Integer Types<br/>Conversion Implications<br/>5.4 Integer Operations<br/>Assignment<br/>Addition<br/>Subtraction<br/>Multiplication<br/>Division and Remainder<br/>Shifts<br/>5.5 Integer Vulnerabilities<br/>Vulnerabilities<br/>Wraparound<br/>Conversion and Truncation Errors<br/>Nonexceptional Integer Logic Errors<br/>5.6 Mitigation Strategies<br/>Integer Type Selection<br/>Abstract Data Types<br/>Arbitrary-Precision Arithmetic<br/>Range Checking<br/>Precondition and Postcondition Testing<br/>Secure Integer Libraries<br/>Overflow Detection<br/>Compiler-Generated Runtime Checks<br/>Verifiably In-Range Operations<br/>As-If Infinitely Ranged Integer Model<br/>Testing and Analysis<br/>5.7 Summary<br/>Chapter 6 Formatted Output<br/>6.1 Variadic Functions<br/>6.2 Formatted Output Functions<br/>Format Strings<br/>GCC<br/>Visual C++<br/>6.3 Exploiting Formatted Output Functions<br/>Buffer Overflow<br/>Output Streams<br/>Crashing a Program<br/>Viewing Stack Content<br/>Viewing Memory Content<br/>Overwriting Memory<br/>Internationalization<br/>Wide-Character Format String Vulnerabilities<br/>6.4 Stack Randomization<br/>Defeating Stack Randomization<br/>Writing Addresses in Two Words<br/>Direct Argument Access<br/>6.5 Mitigation Strategies<br/>Exclude User Input from Format Strings<br/>Dynamic Use of Static Content<br/>Restricting Bytes Written<br/>Cll Annex K Bounds-Checking Interfaces<br/>iostream versus stdio<br/>Testing<br/>Compiler Checks<br/>Static Taint Analysis<br/>Modifying the Variadic Function Implementation<br/>Fxec Shield<br/>FormatGuard<br/>Static Binary Analysis<br/>6.6 Notable Vulnerabilities<br/>Washington University FTP Daemon<br/>CDF ToolTalk<br/>Fttercap Version NG-0.7.2<br/>6.7 Summary<br/>6.8 Further Reading<br/>Chapter 7 Concurrency<br/>7.1 Multithreading<br/>7.2 Parallelism<br/>Data Parallelism<br/>Task Parallelism<br/>7.3 Performance Goals<br/>Amdahl's Law<br/>7.4 Common Errors<br/>Race Conditions<br/>Corrupted Values<br/>Volatile Objects<br/>7.5 Mitigation Strategies<br/>Memory Model<br/>Synchronization Primitives<br/>Thread Role Analysis (Research)<br/>Immutable Data Structures<br/>Concurrent Code Properties<br/>7.6 Mitigation Pitfalls<br/>Deadlock<br/>Prematurely Releasing a Lock<br/>Contention<br/>The ABA Problem<br/>7.7 Notable Vulnerabilities<br/>DoS Attacks in Multicore Dynamic Random-Access Memory<br/>(DRAM) Systems<br/>Concurrency Vulnerabilities in System Call Wrappers<br/>7.8 Summary<br/>Chapter 8 File I/O<br/>8.1 File I/O Basics<br/>File Systems<br/>Special Files<br/>8.2 File I/O Interfaces<br/>Data Streams<br/>Opening and Closing Files<br/>POSIX<br/>File I/O in C++<br/>8.3 Access Control<br/>UNIX File Permissions<br/>Process Privileges<br/>Changing Privileges<br/>Managing Privileges<br/>Managing Permissions<br/>8.4 File Identification<br/>Directory Traversal<br/>Equivalence Errors<br/>Symbolic Links<br/>Canonicalization<br/>Hard Links<br/>Device Files<br/>File Attributes<br/>8.5 Race Conditions<br/>Time of Check, Time of Use (TOCTOU)<br/>Create without Replace<br/>Exclusive Access<br/>Shared Directories<br/>8.6 Mitigation Strategies<br/>Closing the Race Window<br/>Eliminating the Race Object<br/>Controlling Access to the Race Object<br/>Race Detection Tools<br/>8.7 Summary<br/>Chapter 9 Recommended Practices<br/>9.1 The Security Development Lifecycle<br/>TSP-Secure<br/>Planning and Tracking<br/>Quality Management<br/>9.2 Security Training<br/>9.3 Requirements<br/>Secure Coding Standards<br/>Security Quality Requirements Engineering<br/>Use/Misuse Cases<br/>9.4 Design<br/>Secure Software Development Principles<br/>Threat Modeling<br/>Analyze Attack Surface<br/>Vulnerabilities in Existing Code<br/>Secure Wrappers<br/>Input Validation<br/>Trust Boundaries<br/>Blacklisting<br/>Whitelisting<br/>Testing<br/>9.5 Implementation<br/>Compiler Security Features<br/>As-If Infinitely Ranged (AIR) Integer Model<br/>Safe-Secure C/C++<br/>Static Analysis<br/>Source Code Analysis Laboratory (SCALe)<br/>Defense in Depth<br/>9.6 Verification<br/>Static Analysis<br/>Penetration Testing<br/>Fuzz Testing<br/>Code Audits<br/>Developer Guidelines and Checklists<br/>Independent Security Review<br/>Attack Surface Review<br/>9.7 Summary<br/>9.8 Further Reading
650 #0 - SUBJECT
Keyword Computer security.
650 #0 - SUBJECT
Keyword C (Computer program language)
650 #0 - SUBJECT
Keyword C++ (Computer program language)
942 ## - ADDED ENTRY ELEMENTS (KOHA)
Koha item type General Books
Holdings
Withdrawn status Lost status Damaged status Not for loan Home library Current library Shelving location Date acquired Full call number Accession number Date last seen Koha item type
        Central Library, Sikkim University Central Library, Sikkim University General Book Section 16/06/2016 005.8 SEA/S P42523 16/06/2016 General Books
SIKKIM UNIVERSITY
University Portal | Contact Librarian | Library Portal

Powered by Koha