Secure Programming Cookbook for C and C++
Recipes for Cryptography, Authentication, Input Validation & More
Publisher: O'Reilly Media
Final Release Date: July 2003
Pages: 792

Password sniffing, spoofing, buffer overflows, and denial of service: these are only a few of the attacks on today's computer systems and networks. At the root of this epidemic is poorly written, poorly tested, and insecure code that puts everyone at risk. Clearly, today's developers need help figuring out how to write code that attackers won't be able to exploit. But writing such code is surprisingly difficult.

Secure Programming Cookbook for C and C++ is an important new resource for developers serious about writing secure code. It contains a wealth of solutions to problems faced by those who care about the security of their applications. It covers a wide range of topics, including safe initialization, access control, input validation, symmetric and public key cryptography, cryptographic hashes and MACs, authentication and key exchange, PKI, random numbers, and anti-tampering. The rich set of code samples provided in the book's more than 200 recipes will help programmers secure the C and C++ programs they write for both Unix® (including Linux®) and Windows® environments. Readers will learn:

  • How to avoid common programming errors, such as buffer overflows, race conditions, and format string problems
  • How to properly SSL-enable applications
  • How to create secure channels for client-server communication without SSL
  • How to integrate Public Key Infrastructure (PKI) into applications
  • Best practices for using cryptography properly
  • Techniques and strategies for properly validating input to programs
  • How to launch programs securely
  • How to use file access mechanisms properly
  • Techniques for protecting applications from reverse engineering
The book's web site supplements the book by providing a place to post new recipes, including those written in additional languages like Perl, Java, and Python. Monthly prizes will reward the best recipes submitted by readers.

Secure Programming Cookbook for C and C++ is destined to become an essential part of any developer's library, a code companion developers will turn to again and again as they seek to protect their systems from attackers and reduce the risks they face in today's dangerous world.
Table of Contents
Product Details
About the Author
Colophon
Recommended for You
Customer Reviews

REVIEW SNAPSHOT®

by PowerReviews
oreillySecure Programming Cookbook for C and C++
 
5.0

(based on 3 reviews)

Ratings Distribution

  • 5 Stars

     

    (3)

  • 4 Stars

     

    (0)

  • 3 Stars

     

    (0)

  • 2 Stars

     

    (0)

  • 1 Stars

     

    (0)

Reviewed by 3 customers

Sort by

Displaying reviews 1-3

Back to top

(8 of 8 customers found this review helpful)

 
5.0

Packed with useful information

By mdh

from Undisclosed

Comments about oreilly Secure Programming Cookbook for C and C++:

Some years later, this is still one of the best books I've ever purchased, along with the first revision of the Camel Book which got me well on my way to competently pumping out decent Perl code, this book really helped me get a footing with regard to writing competent encryption code using OpenSSL. Most common tasks you'll need to perform using SSL are covered, and that's only about 1/3 of the book's content. It also delves rather deeply into lower level cryptographic development as well as other security solutions for C programmers.

It goes beyond just programming, too. In terms and code examples that a competent C programmer can understand, it makes clear just what the myriad acronyms you'll run into while working with encryption code, how they function, how they interact to create code that provides a given amount of security and trust, and most importantly how to implement them in a way that your needs are met.

If you are a C programmer, you should read and have this book around. If you write code that deals with user input, authentication, cryptographic, or network communications, it's practically a must.

I'm hoping for a second edition some time. Some coverage of code auditing tools might be interesting, that field has developed a lot over the past years since this book was released. OpenSSL has progressed a bunch, too, and some more in-depth specifics (such as web functionality, maybe even coverage of common GUI toolkits like GTK, Qt, etc) would be just wonderful, as well.

C is far from dead. I've been using C for the past 11 years, and it's still the language I use more than any other.

(2 of 2 customers found this review helpful)

 
5.0

Good and hard core

By Anonymous

from Undisclosed

Comments about oreilly Secure Programming Cookbook for C and C++:

Although the code examples are written in C, if you are a serious programmer in C/C++ or Java, the recipes in this book offer very valuable information now how to write not only secure programs, but good programs. I have seen many run-of-the-mill programs that are written without the least security concept (How many time have you encountered a program that needs to write to a system folder for no apparent reason, thus requiring the end-user to have unnecssary elevated rights on the system folder?)

(4 of 4 customers found this review helpful)

 
5.0

Secure Programming Cookbook for C and C++ Review

By netmask

from Undisclosed

Comments about oreilly Secure Programming Cookbook for C and C++:

I hadn't anticipated the heavy amount of crypto related chapters in this book. I honestly had only read about the input validation, avoiding overflows, and access control portions. It turns out it covers those areas plus a wide range of crypto related code. It goes over the fundamentals of Symmetric Crypto in great detail, from simple base64 encoding to parallelizing Encryption and decryption in arbitrary modes. All of the crypto related portions of this book are very clear. I highly recommend this book if you are doing any kind of crypto, whether it's simply encrypting a password, a file, or setting up a socket based secure communication tunnel.

The Networking chapter is a very good reference section for creating SSL clients and servers, as well as using kerberos or securing your connections to your database. There is almost 80 pages of information related to generating random numbers and data from using /dev/random to gathering entropy from Mouse Evens on Win32.

The one chapter I didn't expect to see here that was quite good was Chapter 12, Anti-Tampering. This chapter goes over obfuscating your code, detecting binary modifications, disguising boolean values, etc. It even shows you how to detect SoftICE and other debuggers, which can be useful for attempting to block people from cracking your commercial software. Although, I believe all attempts end up being rather futile when someone is determined enough.

This book really is a must for anyone who is programming. If not just for the basics of protecting yourself from overflows and validating input and environment variables, than definitely for the extremely well written sections on crypto. This book has earned a permanent spot next to K&R and UNP on my desk.

Displaying reviews 1-3

Back to top

 
Buy 2 Get 1 Free Free Shipping Guarantee
Buying Options
Immediate Access - Go Digital what's this?
Ebook: $62.99
Formats:  APK, DAISY, ePub, Mobi, PDF
Print & Ebook: $82.49
Print: $74.99