Secure Programming Cookbook for C and C++: Recipes for Cryptography, Authentication, Input Validation & More [NOOK Book]

Overview

Password sniffing, spoofing, buffer overflows, and denial of service: these are only a few of the attacks on today's computer systems and networks. At the root of this epidemic is poorly written, poorly tested, and insecure code that puts everyone at risk. Clearly, today's developers need help figuring out how to write code that attackers won't be able to exploit. But writing such code is surprisingly difficult.

Secure Programming Cookbook for...

See more details below
Secure Programming Cookbook for C and C++: Recipes for Cryptography, Authentication, Input Validation & More

Available on NOOK devices and apps  
  • NOOK Devices
  • Samsung Galaxy Tab 4 NOOK
  • NOOK HD/HD+ Tablet
  • NOOK
  • NOOK Color
  • NOOK Tablet
  • Tablet/Phone
  • NOOK for Windows 8 Tablet
  • NOOK for iOS
  • NOOK for Android
  • NOOK Kids for iPad
  • PC/Mac
  • NOOK for Windows 8
  • NOOK for PC
  • NOOK for Mac
  • NOOK for Web

Want a NOOK? Explore Now

NOOK Book (eBook)
$34.49
BN.com price
(Save 42%)$59.99 List Price

Overview

Password sniffing, spoofing, buffer overflows, and denial of service: these are only a few of the attacks on today's computer systems and networks. At the root of this epidemic is poorly written, poorly tested, and insecure code that puts everyone at risk. Clearly, today's developers need help figuring out how to write code that attackers won't be able to exploit. But writing such code is surprisingly difficult.

Secure Programming Cookbook for C and C++ is an important new resource for developers serious about writing secure code. It contains a wealth of solutions to problems faced by those who care about the security of their applications. It covers a wide range of topics, including safe initialization, access control, input validation, symmetric and public key cryptography, cryptographic hashes and MACs, authentication and key exchange, PKI, random numbers, and anti-tampering. The rich set of code samples provided in the book's more than 200 recipes will help programmers secure the C and C++ programs they write for both Unix® (including Linux®) and Windows® environments. Readers will learn:

  • How to avoid common programming errors, such as buffer overflows, race conditions, and format string problems
  • How to properly SSL-enable applications
  • How to create secure channels for client-server communication without SSL
  • How to integrate Public Key Infrastructure (PKI) into applications
  • Best practices for using cryptography properly
  • Techniques and strategies for properly validating input to programs
  • How to launch programs securely
  • How to use file access mechanisms properly
  • Techniques for protecting applications from reverse engineering
The book's web site supplements the book by providing a place to post new recipes, including those written in additional languages like Perl, Java, and Python. Monthly prizes will reward the best recipes submitted by readers.

Secure Programming Cookbook for C and C++ is destined to become an essential part of any developer's library, a code companion developers will turn to again and again as they seek to protect their systems from attackers and reduce the risks they face in today's dangerous world.
Read More Show Less

Product Details

  • ISBN-13: 9780596552183
  • Publisher: O'Reilly Media, Incorporated
  • Publication date: 7/14/2003
  • Sold by: Barnes & Noble
  • Format: eBook
  • Edition number: 1
  • Pages: 792
  • Sales rank: 1,076,978
  • File size: 5 MB

Meet the Author

John Viega, Founder and Chief Scientist of Secure Software (www.securesoftware.com), is a well-known security expert, and coauthor of Building Secure Software (Addison-Wesley) and Network Security with OpenSSL (O'Reilly). John is responsible for numerous software security tools, and is the original author of Mailman, the GNU mailing list manager. He holds a B.A. and M.S. in Computer Science from the University of Virginia. Mr. Viega is also an Adjunct Professor of Computer Science at Virginia Tech (Blacksburg, VA) and a Senior Policy Researcher at the Cyberspace Policy Institute, and he serves on the Technical Advisory Board for the Open Web Applications Security Project. He also founded a Washington, D.C. area security interest group that conducts monthly lectures presented by leading experts in the field. He is the author or coauthor of nearly 80 technical publications, including numerous refereed research papers and trade articles.

Matt Messier, Director of Engineering at Secure Software, is a security authority who has been programming for nearly two decades. Besides coauthoring Network Security with OpenSSL, Matt coauthored the Safe C String Library, RATS, and EGADS, an Entropy Gathering and Distribution System used for securely seeding pseudo-random number generators. Prior to joining Secure Software, Matt worked for IBM and Lotus, on source and assembly level debugging techniques, and operating system concepts.

Read More Show Less

Table of Contents

Foreword
Preface
1 Safe Initialization 1
2 Access Control 38
3 Input Validation 71
4 Symmetric Cryptography Fundamentals 116
5 Symmetric Encryption 155
6 Hashes and Message Authentication 249
7 Public Key Cryptography 307
8 Authentication and Key Exchange 362
9 Networking 454
10 Public Key Infrastructure 502
11 Random Numbers 568
12 Anti-Tampering 647
13 Other Topics 700
Index 739
Read More Show Less

Customer Reviews

Be the first to write a review
( 0 )
Rating Distribution

5 Star

(0)

4 Star

(0)

3 Star

(0)

2 Star

(0)

1 Star

(0)

Your Rating:

Your Name: Create a Pen Name or

Barnes & Noble.com Review Rules

Our reader reviews allow you to share your comments on titles you liked, or didn't, with others. By submitting an online review, you are representing to Barnes & Noble.com that all information contained in your review is original and accurate in all respects, and that the submission of such content by you and the posting of such content by Barnes & Noble.com does not and will not violate the rights of any third party. Please follow the rules below to help ensure that your review can be posted.

Reviews by Our Customers Under the Age of 13

We highly value and respect everyone's opinion concerning the titles we offer. However, we cannot allow persons under the age of 13 to have accounts at BN.com or to post customer reviews. Please see our Terms of Use for more details.

What to exclude from your review:

Please do not write about reviews, commentary, or information posted on the product page. If you see any errors in the information on the product page, please send us an email.

Reviews should not contain any of the following:

  • - HTML tags, profanity, obscenities, vulgarities, or comments that defame anyone
  • - Time-sensitive information such as tour dates, signings, lectures, etc.
  • - Single-word reviews. Other people will read your review to discover why you liked or didn't like the title. Be descriptive.
  • - Comments focusing on the author or that may ruin the ending for others
  • - Phone numbers, addresses, URLs
  • - Pricing and availability information or alternative ordering information
  • - Advertisements or commercial solicitation

Reminder:

  • - By submitting a review, you grant to Barnes & Noble.com and its sublicensees the royalty-free, perpetual, irrevocable right and license to use the review in accordance with the Barnes & Noble.com Terms of Use.
  • - Barnes & Noble.com reserves the right not to post any review -- particularly those that do not follow the terms and conditions of these Rules. Barnes & Noble.com also reserves the right to remove any review at any time without notice.
  • - See Terms of Use for other conditions and disclaimers.
Search for Products You'd Like to Recommend

Recommend other products that relate to your review. Just search for them below and share!

Create a Pen Name

Your Pen Name is your unique identity on BN.com. It will appear on the reviews you write and other website activities. Your Pen Name cannot be edited, changed or deleted once submitted.

 
Your Pen Name can be any combination of alphanumeric characters (plus - and _), and must be at least two characters long.

Continue Anonymously
Sort by: Showing 1 Customer Reviews
  • Anonymous

    Posted August 17, 2003

    Voluminous and comprehensive

    f you are interested in encryption, you should probably get Bruce Schneier's Applied Cryptography, which is generally considered the standard summary of the field. But suppose you actually want to use some of the symmetric key or public key methods he describes? If you want to code from scratch, his book is a good starting point. But if you want to quickly avail yourself of the best existing methods and you don't want to reinvent the wheel by recoding? Also, it can be risky to do that. A mistake made in coding a crypto algorithm might render it insecure. Better to use reviewed, tested code. If this describes your needs and you code in C or C++, then this book will be invaluable. Extensive code fragments that show how you can interface to existing crypto packages. Very detailed. You won't find theorems or any elegant maths here. No Chinese Remainder Theorem or Fermat's theorems. You have to already know or accept the theoretical underpinnings. Given this, the book takes you into the nitty gritty of every major publicly available cryptosystem. With up to date assessments of their comparative strengths. All of the above is aimed at application developers. The book also has sections for sysadmins of both unix and Microsoft operating systems, replete with suggestions on patching and good practice. Don't be daunted by the book's heft. It is encyclopaedic in scope, and access is reasonably random access. The authors have striven to comprehensively span the field. You don't have to read from start to finish before you can commence using it.

    Was this review helpful? Yes  No   Report this review
Sort by: Showing 1 Customer Reviews

If you find inappropriate content, please report it to Barnes & Noble
Why is this product inappropriate?
Comments (optional)