Secure Programming Cookbook for C and C++

Author: John Viega
Publisher: "O'Reilly Media, Inc."
ISBN: 0596552181
Category : Computers
Languages : en
Pages : 792

Book Description
Password sniffing, spoofing, buffer overflows, and denial of service: these are only a few of the attacks on today's computer systems and networks. At the root of this epidemic is poorly written, poorly tested, and insecure code that puts everyone at risk. Clearly, today's developers need help figuring out how to write code that attackers won't be able to exploit. But writing such code is surprisingly difficult. Secure Programming Cookbook for C and C++ is an important new resource for developers serious about writing secure code. It contains a wealth of solutions to problems faced by those who care about the security of their applications. It covers a wide range of topics, including safe initialization, access control, input validation, symmetric and public key cryptography, cryptographic hashes and MACs, authentication and key exchange, PKI, random numbers, and anti-tampering. The rich set of code samples provided in the book's more than 200 recipes will help programmers secure the C and C++ programs they write for both Unix® (including Linux®) and Windows® environments. Readers will learn: How to avoid common programming errors, such as buffer overflows, race conditions, and format string problems How to properly SSL-enable applications How to create secure channels for client-server communication without SSL How to integrate Public Key Infrastructure (PKI) into applications Best practices for using cryptography properly Techniques and strategies for properly validating input to programs How to launch programs securely How to use file access mechanisms properly Techniques for protecting applications from reverse engineering The book's web site supplements the book by providing a place to post new recipes, including those written in additional languages like Perl, Java, and Python. Monthly prizes will reward the best recipes submitted by readers. Secure Programming Cookbook for C and C++ is destined to become an essential part of any developer's library, a code companion developers will turn to again and again as they seek to protect their systems from attackers and reduce the risks they face in today's dangerous world.

The CERT Oracle Secure Coding Standard for Java

Author: Fred Long
Publisher: Addison-Wesley Professional
ISBN: 013288285X
Category : Computers
Languages : en
Pages : 739

Book Description
“In the Java world, security is not viewed as an add-on a feature. It is a pervasive way of thinking. Those who forget to think in a secure mindset end up in trouble. But just because the facilities are there doesn’t mean that security is assured automatically. A set of standard practices has evolved over the years. The Secure® Coding® Standard for JavaTM is a compendium of these practices. These are not theoretical research papers or product marketing blurbs. This is all serious, mission-critical, battle-tested, enterprise-scale stuff.” —James A. Gosling, Father of the Java Programming Language An essential element of secure coding in the Java programming language is a well-documented and enforceable coding standard. Coding standards encourage programmers to follow a uniform set of rules determined by the requirements of the project and organization, rather than by the programmer’s familiarity or preference. Once established, these standards can be used as a metric to evaluate source code (using manual or automated processes). The CERT® Oracle® Secure Coding Standard for JavaTM provides rules designed to eliminate insecure coding practices that can lead to exploitable vulnerabilities. Application of the standard’s guidelines will lead to higher-quality systems–robust systems that are more resistant to attack. Such guidelines are required for the wide range of products coded in Java–for devices such as PCs, game players, mobile phones, home appliances, and automotive electronics. After a high-level introduction to Java application security, seventeen consistently organized chapters detail specific rules for key areas of Java development. For each area, the authors present noncompliant examples and corresponding compliant solutions, show how to assess risk, and offer references for further information. Each rule is prioritized based on the severity of consequences, likelihood of introducing exploitable vulnerabilities, and cost of remediation. The standard provides secure coding rules for the Java SE 6 Platform including the Java programming language and libraries, and also addresses new features of the Java SE 7 Platform. It describes language behaviors left to the discretion of JVM and compiler implementers, guides developers in the proper use of Java’s APIs and security architecture, and considers security concerns pertaining to standard extension APIs (from the javax package hierarchy).The standard covers security issues applicable to these libraries: lang, util, Collections, Concurrency Utilities, Logging, Management, Reflection, Regular Expressions, Zip, I/O, JMX, JNI, Math, Serialization, and JAXP.

ASP.NET Core 5 Secure Coding Cookbook

Author: Roman Canlas
Publisher: Packt Publishing Ltd
ISBN: 1801079021
Category : Computers
Languages : en
Pages : 324

Book Description
Learn how to secure your ASP.NET Core web app through robust and secure code Key FeaturesDiscover the different types of security weaknesses in ASP.NET Core web applications and learn how to fix themUnderstand what code makes an ASP.NET Core web app unsafeBuild your secure coding knowledge by following straightforward recipesBook Description ASP.NET Core developers are often presented with security test results showing the vulnerabilities found in their web apps. While the report may provide some high-level fix suggestions, it does not specify the exact steps that you need to take to resolve or fix weaknesses discovered by these tests. In ASP.NET Secure Coding Cookbook, you'll start by learning the fundamental concepts of secure coding and then gradually progress to identifying common web app vulnerabilities in code. As you progress, you'll cover recipes for fixing security misconfigurations in ASP.NET Core web apps. The book further demonstrates how you can resolve different types of Cross-Site Scripting. A dedicated section also takes you through fixing miscellaneous vulnerabilities that are no longer in the OWASP Top 10 list. This book features a recipe-style format, with each recipe containing sample unsecure code that presents the problem and corresponding solutions to eliminate the security bug. You'll be able to follow along with each step of the exercise and use the accompanying sample ASP.NET Core solution to practice writing secure code. By the end of this book, you'll be able to identify unsecure code causing different security flaws in ASP.NET Core web apps and you'll have gained hands-on experience in removing vulnerabilities and security defects from your code. What you will learnUnderstand techniques for squashing an ASP.NET Core web app security bugDiscover different types of injection attacks and understand how you can prevent this vulnerability from being exploitedFix security issues in code relating to broken authentication and authorizationEliminate the risks of sensitive data exposure by getting up to speed with numerous protection techniquesPrevent security misconfiguration by enabling ASP.NET Core web application security featuresExplore other ASP.NET web application vulnerabilities and secure coding best practicesWho this book is for This ASP.NET Core book is for intermediate-level ASP.NET Core web developers and software engineers who use the framework to develop web applications and are looking to focus on their security using coding best practices. The book is also for application security engineers, analysts, and specialists who want to know more about securing ASP.NET Core using code and understand how to resolve issues identified by the security tests they perform daily.

Writing Secure Code

Author: Michael Howard
Publisher: Pearson Education
ISBN: 0735617228
Category : Computers
Languages : en
Pages : 800

Book Description
Howard and LeBlanc (both are security experts with Microsoft) discuss the need for security and outline its general principles before outlining secure coding techniques. Testing, installation, documentation, and error messages are also covered. Appendices discuss dangerous APIs, dismiss pathetic excuses, and provide security checklists. The book explains how systems can be attacked, uses anecdotes to illustrate common mistakes, and offers advice on making systems secure. Annotation copyrighted by Book News, Inc., Portland, OR.

Secure Software Development

Author: Jason Grembi
Publisher: Delmar Pub
ISBN: 9781418065478
Category : Computers
Languages : en
Pages : 317

Book Description
Leads readers through the tasks and activities that successful computer programmers navigate on a daily basis.

C++ System Programming Cookbook

Author: Onorato Vaticone
Publisher: Packt Publishing Ltd
ISBN: 1838648755
Category : Computers
Languages : en
Pages : 279

Book Description
A problem-solution-based guide to help you overcome hurdles effectively while working with kernel APIs, filesystems, networks, threads, and process communications Key FeaturesLearn to apply the latest C++ features (from C++11, 14, 17, and 20) to facilitate systems programmingCreate robust and concurrent systems that make the most of the available hardware resourcesDelve into C++ inbuilt libraries and frameworks to design robust systems as per your business needsBook Description C++ is the preferred language for system programming due to its efficient low-level computation, data abstraction, and object-oriented features. System programming is about designing and writing computer programs that interact closely with the underlying operating system and allow computer hardware to interface with the programmer and the user. The C++ System Programming Cookbook will serve as a reference for developers who want to have ready-to-use solutions for the essential aspects of system programming using the latest C++ standards wherever possible. This C++ book starts out by giving you an overview of system programming and refreshing your C++ knowledge. Moving ahead, you will learn how to deal with threads and processes, before going on to discover recipes for how to manage memory. The concluding chapters will then help you understand how processes communicate and how to interact with the console (console I/O). Finally, you will learn how to deal with time interfaces, signals, and CPU scheduling. By the end of the book, you will become adept at developing robust systems applications using C++. What you will learnGet up to speed with the fundamentals including makefile, man pages, compilation, and linking and debuggingUnderstand how to deal with time interfaces, signals, and CPU schedulingDevelop your knowledge of memory managementUse processes and threads for advanced synchronizations (mutexes and condition variables)Understand interprocess communications (IPC): pipes, FIFOs, message queues, shared memory, and TCP and UDPDiscover how to interact with the console (console I/O)Who this book is for This book is for C++ developers who want to gain practical knowledge of systems programming. Though no experience of Linux system programming is assumed, intermediate knowledge of C++ is necessary.

Violent Python

Author: TJ O'Connor
Publisher: Newnes
ISBN: 1597499641
Category : Computers
Languages : en
Pages : 289

Book Description
Violent Python shows you how to move from a theoretical understanding of offensive computing concepts to a practical implementation. Instead of relying on another attacker's tools, this book will teach you to forge your own weapons using the Python programming language. This book demonstrates how to write Python scripts to automate large-scale network attacks, extract metadata, and investigate forensic artifacts. It also shows how to write code to intercept and analyze network traffic using Python, craft and spoof wireless frames to attack wireless and Bluetooth devices, and how to data-mine popular social media websites and evade modern anti-virus. - Demonstrates how to write Python scripts to automate large-scale network attacks, extract metadata, and investigate forensic artifacts - Write code to intercept and analyze network traffic using Python. Craft and spoof wireless frames to attack wireless and Bluetooth devices - Data-mine popular social media websites and evade modern anti-virus

ActionScript Cookbook

Author: Joey Lott
Publisher: "O'Reilly Media, Inc."
ISBN: 9780596004903
Category : Computers
Languages : en
Pages : 904

Book Description
Complements "ActionScript for Flash MX: the definitive guide, 2nd ed."

Beautiful Code

Author: Greg Wilson
Publisher: "O'Reilly Media, Inc."
ISBN: 0596554672
Category : Computers
Languages : en
Pages : 621

Book Description
How do the experts solve difficult problems in software development? In this unique and insightful book, leading computer scientists offer case studies that reveal how they found unusual, carefully designed solutions to high-profile projects. You will be able to look over the shoulder of major coding and design experts to see problems through their eyes. This is not simply another design patterns book, or another software engineering treatise on the right and wrong way to do things. The authors think aloud as they work through their project's architecture, the tradeoffs made in its construction, and when it was important to break rules. This book contains 33 chapters contributed by Brian Kernighan, KarlFogel, Jon Bentley, Tim Bray, Elliotte Rusty Harold, Michael Feathers,Alberto Savoia, Charles Petzold, Douglas Crockford, Henry S. Warren,Jr., Ashish Gulhati, Lincoln Stein, Jim Kent, Jack Dongarra and PiotrLuszczek, Adam Kolawa, Greg Kroah-Hartman, Diomidis Spinellis, AndrewKuchling, Travis E. Oliphant, Ronald Mak, Rogerio Atem de Carvalho andRafael Monnerat, Bryan Cantrill, Jeff Dean and Sanjay Ghemawat, SimonPeyton Jones, Kent Dybvig, William Otte and Douglas C. Schmidt, AndrewPatzer, Andreas Zeller, Yukihiro Matsumoto, Arun Mehta, TV Raman,Laura Wingerd and Christopher Seiwald, and Brian Hayes. Beautiful Code is an opportunity for master coders to tell their story. All author royalties will be donated to Amnesty International.

Herb Schildt's C++ Programming Cookbook

Author: Herbert Schildt
Publisher: McGraw Hill Professional
ISBN: 0071643850
Category : Computers
Languages : en
Pages : 529

Book Description
Your Ultimate "How-To" Guide to C++ Programming! Legendary programming author Herb Schildt shares some of his favorite programming techniques in this high-powered C++ "cookbook." Organized for quick reference, each "recipe" shows how to accomplish a practical programming task. A recipe begins with a list of key ingredients (classes, functions, and headers) followed by step-by-step instructions that show how to assemble them into a complete solution. Detailed discussions explain the how and why behind each step, and a full code example puts the recipe into action. Each recipe ends with a list of options and alternatives that suggest ways to adapt the technique to fit a variety of situations. Whether you're a beginner or an experienced pro, you'll find recipes that are sure to satisfy your C++ programming appetite! Topics include: String Handling · Standard Template Library (STL) Containers · Algorithms · Function Objects · Binders · Negators · Adaptors · Iterators · I/O · Formatting Data Learn how to: Tokenize a null-terminated string Create a search and replace function for strings Implement subtraction for string objects Use the vector, deque, and list sequence containers Use the container adaptors stack, queue, and priority_queue Use the map, multimap, set, and multiset associative containers Reverse, rotate, and shuffle a sequence Create a function object Use binders, negators, and iterator adapters Read and write files Use stream iterators to handle file I/O Use exceptions to handle I/O errors Create custom inserters and extractors Format date, time, and numeric data Use facets and the localization library Overload the [ ], ( ), and -> operators Create an explicit constructor And much, much more