000 | 08495cam a22002417a 4500 | ||
---|---|---|---|
020 | _a9780321822130 (pbk.) | ||
020 | _a0321822137 (pbk.) | ||
040 | _cCUS | ||
082 | 0 | 0 |
_a005.8 _bSEA/S |
100 | 1 |
_aSeacord, Robert C. _922488 |
|
245 | 1 | 0 |
_aSecure coding in C and C++ / _cRobert C. Seacord ; [foreword by Richard D. Pethia]. |
246 | 3 | _aSecure coding in C and C plus plus | |
250 | _a2nd ed. | ||
260 |
_aUpper Saddle River, NJ : _bAddison-Wesley, _cc2013. |
||
300 |
_axxvii, 569 p. : _bill. ; _c24 cm. |
||
500 | _a"A CERT book"--Cover. | ||
504 | _aIncludes bibliographical references (p. 519-537) and index. | ||
505 | _aChapter 1 Running with Scissors 1.1 Gauging the Threat What Is the Cost? Who Is the Threat? Software Security 1.2 Security Concepts Security Policy Security Flaws Vulnerabilities Exploits Mitigations 1.3 C and C++ A Brief History What Is the Problem with C? Legacy Code Other Languages 1.4 Development Platforms Operating Systems Compilers 1.5 Summary 1.6 Further Reading Chapter 2 Strings 2.1 Character Strings String Data Type UTF-8 Wide Strings String Literals Strings in C++ Character Types Sizing Strings 2.2 Common String Manipulation Errors Improperly Bounded String Copies Off-by-One Errors Null-Termination Errors String Truncation String Errors without Functions 2.3 String Vulnerabilities and Exploits Tainted Data Security Flaw: IsPasswordOK Buffer Overflows Process Memory Organization Stack Management Stack Smashing Code Injection Arc Injection Return-Oriented Programming 2.4 Mitigation Strategies for Strings String Handling Cll Annex K Bounds-Checking Interfaces Dynamic Allocation Functions C++ std::basic_string Invalidating String Object References Other Common Mistakes in basic_string Usage 2.5 String-Handling Functions getsO C99 Cll Annex K Bounds-Checking Interfaces: gets_sC) Dynamic Allocation Functions strcpyO and strcatC) C99 strncpyC) and strncat() memcpyO and memmoveC) strlenO 2.6 2.7 2.8 2.9 Runtime Protection Strategies Detection and Recovery Input Validation Object Size Checking Visual Studio Compiler-Generated Runtime Checks Stack Canaries Stack-Smashing Protector (ProPolice) Operating System Strategies Detection and Recovery Nonexecutable Stacks PaX Future Directions Notable Vulnerabilities Remote Login Kerheros Summary Further Reading Chapter 3 Pointer Subterfuge 3.1 3.2 3.3 3.4 3.5 3.6 3.7 3.8 3.9 3.10 3.11 3.12 3.13 Data Locations Function Pointers Object Pointers Modifying the Instruction Pointer Global Offset Table The .dtors Section Virtual Pointers The atexitO and on_exitO Functions The longjmpO Function Exception Handling Structured Exception Handling System Default Exception Handling Mitigation Strategies Stack Canaries VV^X Encoding and Decoding Function Pointers Summary Further Reading Chapter 4 Dynamic Memory Management 4.1 C Memory Management C Standard Memory Management Functions Alignment all oca O and Variable-Length Arrays 4.2 Common C Memory Management Errors Initialization Errors Failing to Check Return Values Dereferencing Null or Invalid Pointers Referencing Freed Memory Freeing Memory Multiple Times Memory Leaks Zero-Length Allocations OR #400 4.3 C++ Dynamic Memory Management Allocation Functions Deallocation Functions Garbage Collection 4.4 Common C++ Memory Management Errors Failing to Correctly Check for Allocation Failure Improperly Paired Memory Management Functions Freeing Memory Multiple Times Deallocation Function Throws an Exception 4.5 Memory Managers 4.6 Doug Lea's Memory Allocator Buffer Overflows on the Heap 4.7 Double-Free Vulnerabilities Writing to Freed Memory RtlHeap Buffer Overflows (Redux) 4.8 Mitigation Strategies Null Pointers Consistent Memory Management Conventions phkmalloc Randomization OpenBSD The jemalloc Memory Manager Static Analysis Runtime Analysis Tools 4.9 Notable Vulnerabilities CVS Buffer Overflow Vulnerability Microsoft Data Access Components (MDAC) CVS Server Double-Free Vulnerabilities in MIT Kerberos 5 4.10 Summary Chapter 5 Integer Security 5.1 Introduction to Integer Security 5.2 Integer Data Types Unsigned Integer Types 227 Wraparound Signed Integer Types Signed Integer Ranges Integer Overflow Character Types Data Models Other Integer Types 5.3 Integer Conversions Converting Integers Integer Conversion Rank Integer Promotions Usual Arithmetic Conversions Conversions from Unsigned Integer Types Conversions from Signed Integer Types Conversion Implications 5.4 Integer Operations Assignment Addition Subtraction Multiplication Division and Remainder Shifts 5.5 Integer Vulnerabilities Vulnerabilities Wraparound Conversion and Truncation Errors Nonexceptional Integer Logic Errors 5.6 Mitigation Strategies Integer Type Selection Abstract Data Types Arbitrary-Precision Arithmetic Range Checking Precondition and Postcondition Testing Secure Integer Libraries Overflow Detection Compiler-Generated Runtime Checks Verifiably In-Range Operations As-If Infinitely Ranged Integer Model Testing and Analysis 5.7 Summary Chapter 6 Formatted Output 6.1 Variadic Functions 6.2 Formatted Output Functions Format Strings GCC Visual C++ 6.3 Exploiting Formatted Output Functions Buffer Overflow Output Streams Crashing a Program Viewing Stack Content Viewing Memory Content Overwriting Memory Internationalization Wide-Character Format String Vulnerabilities 6.4 Stack Randomization Defeating Stack Randomization Writing Addresses in Two Words Direct Argument Access 6.5 Mitigation Strategies Exclude User Input from Format Strings Dynamic Use of Static Content Restricting Bytes Written Cll Annex K Bounds-Checking Interfaces iostream versus stdio Testing Compiler Checks Static Taint Analysis Modifying the Variadic Function Implementation Fxec Shield FormatGuard Static Binary Analysis 6.6 Notable Vulnerabilities Washington University FTP Daemon CDF ToolTalk Fttercap Version NG-0.7.2 6.7 Summary 6.8 Further Reading Chapter 7 Concurrency 7.1 Multithreading 7.2 Parallelism Data Parallelism Task Parallelism 7.3 Performance Goals Amdahl's Law 7.4 Common Errors Race Conditions Corrupted Values Volatile Objects 7.5 Mitigation Strategies Memory Model Synchronization Primitives Thread Role Analysis (Research) Immutable Data Structures Concurrent Code Properties 7.6 Mitigation Pitfalls Deadlock Prematurely Releasing a Lock Contention The ABA Problem 7.7 Notable Vulnerabilities DoS Attacks in Multicore Dynamic Random-Access Memory (DRAM) Systems Concurrency Vulnerabilities in System Call Wrappers 7.8 Summary Chapter 8 File I/O 8.1 File I/O Basics File Systems Special Files 8.2 File I/O Interfaces Data Streams Opening and Closing Files POSIX File I/O in C++ 8.3 Access Control UNIX File Permissions Process Privileges Changing Privileges Managing Privileges Managing Permissions 8.4 File Identification Directory Traversal Equivalence Errors Symbolic Links Canonicalization Hard Links Device Files File Attributes 8.5 Race Conditions Time of Check, Time of Use (TOCTOU) Create without Replace Exclusive Access Shared Directories 8.6 Mitigation Strategies Closing the Race Window Eliminating the Race Object Controlling Access to the Race Object Race Detection Tools 8.7 Summary Chapter 9 Recommended Practices 9.1 The Security Development Lifecycle TSP-Secure Planning and Tracking Quality Management 9.2 Security Training 9.3 Requirements Secure Coding Standards Security Quality Requirements Engineering Use/Misuse Cases 9.4 Design Secure Software Development Principles Threat Modeling Analyze Attack Surface Vulnerabilities in Existing Code Secure Wrappers Input Validation Trust Boundaries Blacklisting Whitelisting Testing 9.5 Implementation Compiler Security Features As-If Infinitely Ranged (AIR) Integer Model Safe-Secure C/C++ Static Analysis Source Code Analysis Laboratory (SCALe) Defense in Depth 9.6 Verification Static Analysis Penetration Testing Fuzz Testing Code Audits Developer Guidelines and Checklists Independent Security Review Attack Surface Review 9.7 Summary 9.8 Further Reading | ||
650 | 0 |
_aComputer security. _96006 |
|
650 | 0 |
_aC (Computer program language) _95027 |
|
650 | 0 |
_aC++ (Computer program language) _95034 |
|
942 | _cWB16 | ||
999 |
_c2960 _d2960 |