Secure coding in C and C++ / (Record no. 2960)
[ view plain ]
000 -LEADER | |
---|---|
fixed length control field | 08495cam a22002417a 4500 |
020 ## - INTERNATIONAL STANDARD BOOK NUMBER | |
International Standard Book Number | 9780321822130 (pbk.) |
020 ## - INTERNATIONAL STANDARD BOOK NUMBER | |
International Standard Book Number | 0321822137 (pbk.) |
040 ## - CATALOGING SOURCE | |
Transcribing agency | CUS |
082 00 - DEWEY DECIMAL CLASSIFICATION NUMBER | |
Classification number | 005.8 |
Item number | SEA/S |
100 1# - MAIN ENTRY--PERSONAL NAME | |
Personal name | Seacord, Robert C. |
245 10 - TITLE STATEMENT | |
Title | Secure coding in C and C++ / |
Statement of responsibility, etc. | Robert C. Seacord ; [foreword by Richard D. Pethia]. |
246 3# - VARYING FORM OF TITLE | |
Title proper/short title | Secure coding in C and C plus plus |
250 ## - EDITION STATEMENT | |
Edition statement | 2nd ed. |
260 ## - PUBLICATION, DISTRIBUTION, ETC. (IMPRINT) | |
Place of publication, distribution, etc. | Upper Saddle River, NJ : |
Name of publisher, distributor, etc. | Addison-Wesley, |
Date of publication, distribution, etc. | c2013. |
300 ## - PHYSICAL DESCRIPTION | |
Extent | xxvii, 569 p. : |
Other physical details | ill. ; |
Dimensions | 24 cm. |
500 ## - GENERAL NOTE | |
General note | "A CERT book"--Cover. |
504 ## - BIBLIOGRAPHY, ETC. NOTE | |
Bibliography, etc | Includes bibliographical references (p. 519-537) and index. |
505 ## - FORMATTED CONTENTS NOTE | |
Formatted contents note | Chapter 1 Running with Scissors<br/>1.1 Gauging the Threat<br/>What Is the Cost?<br/>Who Is the Threat?<br/>Software Security<br/>1.2 Security Concepts<br/>Security Policy<br/>Security Flaws<br/>Vulnerabilities<br/>Exploits<br/>Mitigations<br/>1.3 C and C++<br/>A Brief History<br/>What Is the Problem with C?<br/>Legacy Code<br/>Other Languages<br/>1.4 Development Platforms<br/>Operating Systems<br/>Compilers<br/>1.5 Summary<br/>1.6 Further Reading<br/>Chapter 2 Strings<br/>2.1 Character Strings<br/>String Data Type<br/>UTF-8<br/>Wide Strings<br/>String Literals<br/>Strings in C++<br/>Character Types<br/>Sizing Strings<br/>2.2 Common String Manipulation Errors<br/>Improperly Bounded String Copies<br/>Off-by-One Errors<br/>Null-Termination Errors<br/>String Truncation<br/>String Errors without Functions<br/>2.3 String Vulnerabilities and Exploits<br/>Tainted Data<br/>Security Flaw: IsPasswordOK<br/>Buffer Overflows<br/>Process Memory Organization<br/>Stack Management<br/>Stack Smashing<br/>Code Injection<br/>Arc Injection<br/>Return-Oriented Programming<br/>2.4 Mitigation Strategies for Strings<br/>String Handling<br/>Cll Annex K Bounds-Checking Interfaces<br/>Dynamic Allocation Functions<br/>C++ std::basic_string<br/>Invalidating String Object References<br/>Other Common Mistakes in basic_string Usage<br/>2.5 String-Handling Functions<br/>getsO<br/>C99<br/>Cll Annex K Bounds-Checking Interfaces: gets_sC)<br/>Dynamic Allocation Functions<br/>strcpyO and strcatC)<br/>C99<br/>strncpyC) and strncat()<br/>memcpyO and memmoveC)<br/>strlenO<br/>2.6<br/>2.7<br/>2.8<br/>2.9<br/>Runtime Protection Strategies<br/>Detection and Recovery<br/>Input Validation<br/>Object Size Checking<br/>Visual Studio Compiler-Generated Runtime Checks<br/>Stack Canaries<br/>Stack-Smashing Protector (ProPolice)<br/>Operating System Strategies<br/>Detection and Recovery<br/>Nonexecutable Stacks<br/>PaX<br/>Future Directions<br/>Notable Vulnerabilities<br/>Remote Login<br/>Kerheros<br/>Summary<br/>Further Reading<br/>Chapter 3 Pointer Subterfuge<br/>3.1<br/>3.2<br/>3.3<br/>3.4<br/>3.5<br/>3.6<br/>3.7<br/>3.8<br/>3.9<br/>3.10<br/>3.11<br/>3.12<br/>3.13<br/>Data Locations<br/>Function Pointers<br/>Object Pointers<br/>Modifying the Instruction Pointer<br/>Global Offset Table<br/>The .dtors Section<br/>Virtual Pointers<br/>The atexitO and on_exitO Functions<br/>The longjmpO Function<br/>Exception Handling<br/>Structured Exception Handling<br/>System Default Exception Handling<br/>Mitigation Strategies<br/>Stack Canaries<br/>VV^X<br/>Encoding and Decoding Function Pointers<br/>Summary<br/>Further Reading<br/>Chapter 4 Dynamic Memory Management<br/>4.1 C Memory Management<br/>C Standard Memory Management Functions<br/>Alignment<br/>all oca O and Variable-Length Arrays<br/>4.2 Common C Memory Management Errors<br/>Initialization Errors<br/>Failing to Check Return Values<br/>Dereferencing Null or Invalid Pointers<br/>Referencing Freed Memory<br/>Freeing Memory Multiple Times<br/>Memory Leaks<br/>Zero-Length Allocations<br/>OR #400<br/>4.3 C++ Dynamic Memory Management<br/>Allocation Functions<br/>Deallocation Functions<br/>Garbage Collection<br/>4.4 Common C++ Memory Management Errors<br/>Failing to Correctly Check for Allocation Failure<br/>Improperly Paired Memory Management Functions<br/>Freeing Memory Multiple Times<br/>Deallocation Function Throws an Exception<br/>4.5 Memory Managers<br/>4.6 Doug Lea's Memory Allocator<br/>Buffer Overflows on the Heap<br/>4.7 Double-Free Vulnerabilities<br/>Writing to Freed Memory<br/>RtlHeap<br/>Buffer Overflows (Redux)<br/>4.8 Mitigation Strategies<br/>Null Pointers<br/>Consistent Memory Management Conventions<br/>phkmalloc<br/>Randomization<br/>OpenBSD<br/>The jemalloc Memory Manager<br/>Static Analysis<br/>Runtime Analysis Tools<br/>4.9 Notable Vulnerabilities<br/>CVS Buffer Overflow Vulnerability<br/>Microsoft Data Access Components (MDAC)<br/>CVS Server Double-Free<br/>Vulnerabilities in MIT Kerberos 5<br/>4.10 Summary<br/>Chapter 5 Integer Security<br/>5.1 Introduction to Integer Security<br/>5.2 Integer Data Types<br/>Unsigned Integer Types 227<br/>Wraparound<br/>Signed Integer Types<br/>Signed Integer Ranges<br/>Integer Overflow<br/>Character Types<br/>Data Models<br/>Other Integer Types<br/>5.3 Integer Conversions<br/>Converting Integers<br/>Integer Conversion Rank<br/>Integer Promotions<br/>Usual Arithmetic Conversions<br/>Conversions from Unsigned Integer Types<br/>Conversions from Signed Integer Types<br/>Conversion Implications<br/>5.4 Integer Operations<br/>Assignment<br/>Addition<br/>Subtraction<br/>Multiplication<br/>Division and Remainder<br/>Shifts<br/>5.5 Integer Vulnerabilities<br/>Vulnerabilities<br/>Wraparound<br/>Conversion and Truncation Errors<br/>Nonexceptional Integer Logic Errors<br/>5.6 Mitigation Strategies<br/>Integer Type Selection<br/>Abstract Data Types<br/>Arbitrary-Precision Arithmetic<br/>Range Checking<br/>Precondition and Postcondition Testing<br/>Secure Integer Libraries<br/>Overflow Detection<br/>Compiler-Generated Runtime Checks<br/>Verifiably In-Range Operations<br/>As-If Infinitely Ranged Integer Model<br/>Testing and Analysis<br/>5.7 Summary<br/>Chapter 6 Formatted Output<br/>6.1 Variadic Functions<br/>6.2 Formatted Output Functions<br/>Format Strings<br/>GCC<br/>Visual C++<br/>6.3 Exploiting Formatted Output Functions<br/>Buffer Overflow<br/>Output Streams<br/>Crashing a Program<br/>Viewing Stack Content<br/>Viewing Memory Content<br/>Overwriting Memory<br/>Internationalization<br/>Wide-Character Format String Vulnerabilities<br/>6.4 Stack Randomization<br/>Defeating Stack Randomization<br/>Writing Addresses in Two Words<br/>Direct Argument Access<br/>6.5 Mitigation Strategies<br/>Exclude User Input from Format Strings<br/>Dynamic Use of Static Content<br/>Restricting Bytes Written<br/>Cll Annex K Bounds-Checking Interfaces<br/>iostream versus stdio<br/>Testing<br/>Compiler Checks<br/>Static Taint Analysis<br/>Modifying the Variadic Function Implementation<br/>Fxec Shield<br/>FormatGuard<br/>Static Binary Analysis<br/>6.6 Notable Vulnerabilities<br/>Washington University FTP Daemon<br/>CDF ToolTalk<br/>Fttercap Version NG-0.7.2<br/>6.7 Summary<br/>6.8 Further Reading<br/>Chapter 7 Concurrency<br/>7.1 Multithreading<br/>7.2 Parallelism<br/>Data Parallelism<br/>Task Parallelism<br/>7.3 Performance Goals<br/>Amdahl's Law<br/>7.4 Common Errors<br/>Race Conditions<br/>Corrupted Values<br/>Volatile Objects<br/>7.5 Mitigation Strategies<br/>Memory Model<br/>Synchronization Primitives<br/>Thread Role Analysis (Research)<br/>Immutable Data Structures<br/>Concurrent Code Properties<br/>7.6 Mitigation Pitfalls<br/>Deadlock<br/>Prematurely Releasing a Lock<br/>Contention<br/>The ABA Problem<br/>7.7 Notable Vulnerabilities<br/>DoS Attacks in Multicore Dynamic Random-Access Memory<br/>(DRAM) Systems<br/>Concurrency Vulnerabilities in System Call Wrappers<br/>7.8 Summary<br/>Chapter 8 File I/O<br/>8.1 File I/O Basics<br/>File Systems<br/>Special Files<br/>8.2 File I/O Interfaces<br/>Data Streams<br/>Opening and Closing Files<br/>POSIX<br/>File I/O in C++<br/>8.3 Access Control<br/>UNIX File Permissions<br/>Process Privileges<br/>Changing Privileges<br/>Managing Privileges<br/>Managing Permissions<br/>8.4 File Identification<br/>Directory Traversal<br/>Equivalence Errors<br/>Symbolic Links<br/>Canonicalization<br/>Hard Links<br/>Device Files<br/>File Attributes<br/>8.5 Race Conditions<br/>Time of Check, Time of Use (TOCTOU)<br/>Create without Replace<br/>Exclusive Access<br/>Shared Directories<br/>8.6 Mitigation Strategies<br/>Closing the Race Window<br/>Eliminating the Race Object<br/>Controlling Access to the Race Object<br/>Race Detection Tools<br/>8.7 Summary<br/>Chapter 9 Recommended Practices<br/>9.1 The Security Development Lifecycle<br/>TSP-Secure<br/>Planning and Tracking<br/>Quality Management<br/>9.2 Security Training<br/>9.3 Requirements<br/>Secure Coding Standards<br/>Security Quality Requirements Engineering<br/>Use/Misuse Cases<br/>9.4 Design<br/>Secure Software Development Principles<br/>Threat Modeling<br/>Analyze Attack Surface<br/>Vulnerabilities in Existing Code<br/>Secure Wrappers<br/>Input Validation<br/>Trust Boundaries<br/>Blacklisting<br/>Whitelisting<br/>Testing<br/>9.5 Implementation<br/>Compiler Security Features<br/>As-If Infinitely Ranged (AIR) Integer Model<br/>Safe-Secure C/C++<br/>Static Analysis<br/>Source Code Analysis Laboratory (SCALe)<br/>Defense in Depth<br/>9.6 Verification<br/>Static Analysis<br/>Penetration Testing<br/>Fuzz Testing<br/>Code Audits<br/>Developer Guidelines and Checklists<br/>Independent Security Review<br/>Attack Surface Review<br/>9.7 Summary<br/>9.8 Further Reading |
650 #0 - SUBJECT | |
Keyword | Computer security. |
650 #0 - SUBJECT | |
Keyword | C (Computer program language) |
650 #0 - SUBJECT | |
Keyword | C++ (Computer program language) |
942 ## - ADDED ENTRY ELEMENTS (KOHA) | |
Koha item type | General Books |
Withdrawn status | Lost status | Damaged status | Not for loan | Home library | Current library | Shelving location | Date acquired | Full call number | Accession number | Date last seen | Koha item type |
---|---|---|---|---|---|---|---|---|---|---|---|
Central Library, Sikkim University | Central Library, Sikkim University | General Book Section | 16/06/2016 | 005.8 SEA/S | P42523 | 16/06/2016 | General Books |