Verfügbarkeit: Secure coding in C and C++ | Technische Universität München

Secure coding in C and C++:

Gespeichert in:

Bibliographische Detailangaben
Beteilige Person:	Seacord, Robert C. (VerfasserIn)
Format:	Buch
Sprache:	Englisch
Veröffentlicht:	Upper Saddle River, NJ [u.a.] Addison-Wesley 2006
Ausgabe:	1. print.
Schriftenreihe:	The SEI series in software engineering A CERT book
Schlagwörter:	C (Computer program language) C++ (Computer program language) Computer security Computersicherheit Softwareschwachstelle C > Programmiersprache
Links:	http://bvbr.bib-bvb.de:8991/F?func=service&doc_library=BVB01&local_base=BVB01&doc_number=014916741&sequence=000001&line_number=0001&func_code=DB_RECORDS&service_type=MEDIA
Umfang:	XXIV, 341 S. 24 cm
ISBN:	0321335724

Internformat

MARC


LEADER	00000nam a2200000 c 4500
001	BV021702816
003	DE-604
005	00000000000000.0
007	t\|
008	060822s2006 xx \|\|\|\| 00\|\|\| eng d
015			\|a GBA566802 \|2 dnb
020			\|a 0321335724 \|9 0-321-33572-4
035			\|a (OCoLC)60491974
035			\|a (DE-599)BVBBV021702816
040			\|a DE-604 \|b ger \|e aacr
041	0		\|a eng
049			\|a DE-573
050		0	\|a QA76.9.A25
082	0		\|a 005.8 \|2 22
084			\|a ST 250 \|0 (DE-625)143626: \|2 rvk
100	1		\|a Seacord, Robert C. \|e Verfasser \|4 aut
245	1	0	\|a Secure coding in C and C++ \|c Robert C. Seacord
250			\|a 1. print.
264		1	\|a Upper Saddle River, NJ [u.a.] \|b Addison-Wesley \|c 2006
300			\|a XXIV, 341 S. \|c 24 cm
336			\|b txt \|2 rdacontent
337			\|b n \|2 rdamedia
338			\|b nc \|2 rdacarrier
490	0		\|a The SEI series in software engineering
490	0		\|a A CERT book
650		4	\|a C (Computer program language)
650		4	\|a C++ (Computer program language)
650		4	\|a Computer security
650	0	7	\|a Computersicherheit \|0 (DE-588)4274324-2 \|2 gnd \|9 rswk-swf
650	0	7	\|a Softwareschwachstelle \|0 (DE-588)4752508-3 \|2 gnd \|9 rswk-swf
650	0	7	\|a C \|g Programmiersprache \|0 (DE-588)4113195-2 \|2 gnd \|9 rswk-swf
689	0	0	\|a C \|g Programmiersprache \|0 (DE-588)4113195-2 \|D s
689	0	1	\|a Softwareschwachstelle \|0 (DE-588)4752508-3 \|D s
689	0	2	\|a Computersicherheit \|0 (DE-588)4274324-2 \|D s
689	0		\|5 DE-604
856	4	2	\|m GBV Datenaustausch \|q application/pdf \|u http://bvbr.bib-bvb.de:8991/F?func=service&doc_library=BVB01&local_base=BVB01&doc_number=014916741&sequence=000001&line_number=0001&func_code=DB_RECORDS&service_type=MEDIA \|3 Inhaltsverzeichnis
943	1		\|a oai:aleph.bib-bvb.de:BVB01-014916741

Datensatz im Suchindex

_version_	1819358857167634432
adam_text	SECURE CODING IN C AND C++ ROBERT C. SEACORD AADDISON-WESLEY UPPER SADDLE RIVER, NJ * BOSTON * INDIANAPOLIS * SAN FRANCISCO NEW YORK * TORONTO * MONTREAL * LONDON * MUNICH * PARIS * MADRID CAPETOWN * SYDNEY * TOKYO * SINGAPORE * MEXICO CITY CONTENTS FOREWORD XIII PREFACE XVII ABOUT THE AUTHOR XXIII CHAPTER 1 RUNNING WITH SCISSORS 1 1.1 GAUGING THE THREAT 4 WHAT IS THE COST? 5 WHO IS THE THREAT? 6 SOFTWARE SECURITY 9 1.2 SECURITY CONCEPTS 10 SECURITY POLICY 12 SECURITY FLAWS 12 VULNERABILITIES 13 EXPLOITS 14 MITIGATIONS 15 1.3 C AND C++ 16 A BRIEF HISTORY 16 WHAT IS THE PROBLEM WITH C? 17 LEGACY CODE 18 OTHER LANGUAGES 19 1.4 DEVELOPMENT PLATFORMS 19 OPERATING SYSTEMS 20 COMPILERS 21 1.5 SUMMARY 23 1.6 FURTHER READING 24 VI CHAPTER 2 CHAPTER 3 STRINGS 2.1 2.2 2.3 2.4 2.5 2.6 2.7 2.8 2.9 2.10 2.11 STRING CHARACTERISTICS STRINGS IN C++ COMMON STRING MANIPULATION ERRORS UNBOUNDED STRING COPIES OFF-BY-ONE ERRORS NULL-TERMINATION ERRORS STRING TRUNCATION STRING ERRORS WITHOUT FUNCTIONS STRING VULNERABILITIES SECURITY FLAW BUFFER OVERFLOWS PROCESS MEMORY ORGANIZATION STACK MANAGEMENT STACK SMASHING CODE INJECTION ARE INJECTION MITIGATION STRATEGIES PREVENTION STRING STREAMS DETECTION AND RECOVERY NOTABLE VULNERABILITIES REMOTE LOGIN KERBEROS METAMAIL SUMMARY FURTHER READING POINTER SUBTERFUGE 3.1 3.2 3.3 3.4 3.5 3.6 3.7 3.8 3.9 3.10 DATA LOCATIONS FUNCTION POINTERS DATA POINTERS MODIFYING THE INSTRUCTION POINTER GLOBAL OFFSET TABLE THE .DTORS SECTION VIRTUAL POINTERS THE ATEXITO AND ON_EXIT() FUNCTIONS THE LONGJMPO FUNCTION EXCEPTION HANDLING STRUCTURED EXCEPTION HANDLING SYSTEM DEFAULT EXCEPTION HANDLING CONTENTS 25 25 26 27 27 29 31 32 32 33 34 35 36 37 40 44 48 51 51 64 67 72 72 72 73 74 75 77 78 78 80 81 83 84 87 88 90 92 92 94 CONTENTS V » CHAPTER 4 3.11 3.12 3.13 MITIGATION STRATEGIES W A X CANARIES SUMMARY FURTHER READING DYNAMIC MEMORY MANAGEMENT 4.1 4.2 4.3 4.4 4.5 4.6 DYNAMIC MEMORY MANAGEMENT COMMON DYNAMIC MEMORY MANAGEMENT ERRORS INITIALIZATION FAILING TO CHECK RETURN VALUES REFERENCING FREED MEMORY FREEING MEMORY MULTIPLE TIMES IMPROPERLY PAIRED MEMORY MANAGEMENT FUNCTIONS FAILURE TO DISTINGUISH SEALARS AND ARRAYS IMPROPER USE OF ALLOCATION FUNCTIONS DOUG LEA S MEMORY ALLOCATOR MEMORY MANAGEMENT BUFFER OVERFLOWS DOUBLE-FREE VULNERABILITIES WRITING TO FREED MEMORY RTLHEAP MEMORY MANAGEMENT IN WIN32 RTLHEAP DATA STRUCTURES BUFFER OVERFLOWS BUFFER OVERFLOWS (REDUX) WRITING TO FREED MEMORY DOUBLE-FREE LOOK-ASIDE TABLE MITIGATION STRATEGIES NULL POINTERS CONSISTENT MEMORY MANAGEMENT CONVENTIONS HEAP INTEGRITY DETECTION PHKMALLOC RANDOMIZATION GUARD PAGES OPENBSD RUNTIME ANALYSIS TOOLS WINDOWS XP SP2 NOTABLE VULNERABILITIES CVS BUFFER OVERFLOW VULNERABILITY MICROSOFT DATA ACCESS COMPONENTS (MDAC) 95 95 95 96 96 97 98 100 100 102 104 104 106 106 107 107 108 111 117 120 120 120 123 126 129 133 134 137 138 138 138 139 140 141 142 142 143 145 146 147 147 VL CONTENTS CVS SERVER DOUBLE-FREE 148 VULNERABILITIES IN MIT KERBEROS 5 149 4.7 SUMMARY 149 4.8 FURTHER READING 149 CHAPTER 5 INTEGER SECURITY 151 5.1 INTEGERS 152 INTEGER REPRESENTATION 152 INTEGER TYPES I53 INTEGER RANGES 157 5.2 INTEGER CONVERSIONS 159 INTEGER PROMOTIONS 159 INTEGER CONVERSION RANK 160 CONVERSIONS FROM UNSIGNED INTEGER TYPES 161 CONVERSIONS FROM SIGNED INTEGER TYPES 161 SIGNED OR UNSIGNED CHARACTERS 162 USUAL ARITHMETIC CONVERSIONS 164 5.3 INTEGER ERROR CONDITIONS 164 INTEGER OVERFLOW 164 SIGN ERRORS 166 TRUNCATION ERRORS 167 5.4 INTEGER OPERATIONS 167 ADDITION 169 SUBTRACTION 172 MULTIPLICATION 174 DIVISION I77 5.5 VULNERABILITIES 181 INTEGER OVERFLOW 182 SIGN ERRORS 183 TRUNCATION ERRORS 184 5.6 NONEXCEPTIONAL INTEGER LOGIC ERRORS 186 5.7 MITIGATION STRATEGIES 187 RANGE CHECKING 188 STRANG TYPING 189 COMPILER-GENERATED RUNTIME CHECKS 190 SAFE INTEGER OPERATIONS 191 ARBITRARY PRECISION ARITHMETIC 196 TESTING 196 SOURCE CODE AUDIT 197 5.8 NOTABLE VULNERABILITIES 197 XDR LIBRARY 197 WINDOWS DIRECTX MIDI LIBRARY 198 BASH 199 CONTENTS IX 5.9 SUMMARY 5.10 FURTHER READING 200 201 CHAPTER 6 6.2 6.3 FORMATTED OUTPUT 6.1 VARIADIC FUNCTIONS ANSI C STANDARD ARGUMENTS UNIX SYSTEM V VARARGS FORMATTED OUTPUT FUNCTIONS FORMAT STRINGS GCC VISUAL C++ .NET EXPLOITING FORMATTED OUTPUT FUNCTIONS BUFFER OVERFLOW OUTPUT STREAMS CRASHING A PROGRAM VIEWING STACK CONTENT VIEWING MEMORY CONTENT OVERWRITING MEMORY INTERNA TIONALIZATION STACK RANDOMIZATION THWARTING STACK RANDOMIZATION WRITING ADDRESSES IN TWO WORDS DIRECT ARGUMENT ACCESS MITIGATION STRATEGIES DYNAMIC USE OF STATIC CONTENT RESTRICTING BYTES WRITTEN ISOAEC TR 24731 IOSTREAM VERSUS STDIO TESTING COMPILER CHECKS LEXICAL ANALYSIS STATIC TAINT ANALYSIS MODIFYING THE VARIADIC FUNCTION IMPLEMENTATION EXEC SHIELD FORMATGUARD LIBSAFE STATIC BINARY ANALYSIS NOTABLE VULNERABILITIES WASHINGTON UNIVERSITY FTP DAEMON CDE TOOLTALK SUMMARY FURTHER READING 6.4 6.5 6.6 6.7 6.8 203 204 205 208 208 209 211 212 213 214 215 216 216 218 220 224 225 226 227 227 231 231 232 233 234 234 236 236 237 237 239 240 241 241 242 242 243 243 245 CONTENTS CHAPTER 7 FILE I/O 247 7.1 CONCURRENCY 247 RACE CONDITIONS 248 MUTUAL EXCLUSION AND DEADLOCK 248 7.2 TIME OF CHECK, TIME OF USE 250 7.3 FILES AS LOCKS AND FILE LOCKING 252 7.4 FILE SYSTEM EXPLOITS 254 SYMBOLIC LINKING EXPLOITS 255 TEMPORARY FILE OPEN EXPLOITS 257 UNLINKO RACE EXPLOIT 260 TRUSTED FILENAMES 261 NONUNIQUE TEMP FILE NAMES 261 7.5 MITIGATION STRATEGIES 262 CLOSING THE RACE WINDOW 262 ELIMINATING THE RACE OBJECT 266 CONTROLLING ACCESS TO THE RACE OBJECT 269 RACE DETECTION TOOLS 271 7.6 SUMMARY 272 CHAPTER 8 RECOMMENDED PRACTICES 275 8.1 SECURE SOFTWARE DEVELOPMENT PRINCIPLES 277 ECONOMY OF MECHANISM 278 FAIL-SAFE DEFAULTS 278 COMPLETE MEDIATION 278 OPEN DESIGN 279 SEPARATION OF PRIVILEGE 279 LEAST PRIVILEGE 279 LEAST COMMON MECHANISM 281 PSYCHOLOGICAL ACCEPTABILITY 281 8.2 SYSTEMS QUALITY REQUIREMENTS ENGINEERING 282 8.3 THREAT MODELING 283 8.4 USE/MISUSE CASES 284 8.5 ARCHITECTURE AND DESIGN 286 8.6 OFF-THE-SHELF SOFTWARE 288 VULNERABILITIES IN EXISTING CODE 288 SECURE WRAPPERS 289 8.7 COMPILER CHECKS 290 8.8 INPUT VALIDATION 291 8.9 DATA SANITIZATION 292 BLACK LISTING 293 WHITE LISTING 294 TESTING 294 CONTENTS XI 8.10 STATIC ANALYSIS 295 FORTIFY 296 PREXIS 297 PREVENT 297 PREFIX AND PREFAST 298 8.11 QUALITY ASSURANCE 298 PENETRATION TESTING 299 FUZZ TESTING 299 CODE AUDITS 300 DEVELOPER GUIDELINES AND CHECKLISTS 300 INDEPENDENT SECURITY REVIEW 301 8.12 MEMORY PERMISSIONS 302 W A X 302 PAX 303 DATA EXECUTION PREVENTION 303 8.13 DEFENSE IN DEPTH 304 8.14 TSP-SECURE 304 PLANNING AND TRACKING 305 QUALITY MANAGEMENT 306 8.15 SUMMARY 307 8.16 FURTHER READING 308 REFERENCES 309 ACRONYMS 323 INDEX 329
any_adam_object	1
author	Seacord, Robert C.
author_facet	Seacord, Robert C.
author_role	aut
author_sort	Seacord, Robert C.
author_variant	r c s rc rcs
building	Verbundindex
bvnumber	BV021702816
callnumber-first	Q - Science
callnumber-label	QA76
callnumber-raw	QA76.9.A25
callnumber-search	QA76.9.A25
callnumber-sort	QA 276.9 A25
callnumber-subject	QA - Mathematics
classification_rvk	ST 250
ctrlnum	(OCoLC)60491974 (DE-599)BVBBV021702816
dewey-full	005.8
dewey-hundreds	000 - Computer science, information, general works
dewey-ones	005 - Computer programming, programs, data, security
dewey-raw	005.8
dewey-search	005.8
dewey-sort	15.8
dewey-tens	000 - Computer science, information, general works
discipline	Informatik
edition	1. print.
format	Book
fullrecord	<?xml version="1.0" encoding="UTF-8"?><collection xmlns="http://www.loc.gov/MARC21/slim"><record><leader>01749nam a2200469 c 4500</leader><controlfield tag="001">BV021702816</controlfield><controlfield tag="003">DE-604</controlfield><controlfield tag="005">00000000000000.0</controlfield><controlfield tag="007">t\|</controlfield><controlfield tag="008">060822s2006 xx \|\|\|\| 00\|\|\| eng d</controlfield><datafield tag="015" ind1=" " ind2=" "><subfield code="a">GBA566802</subfield><subfield code="2">dnb</subfield></datafield><datafield tag="020" ind1=" " ind2=" "><subfield code="a">0321335724</subfield><subfield code="9">0-321-33572-4</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(OCoLC)60491974</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(DE-599)BVBBV021702816</subfield></datafield><datafield tag="040" ind1=" " ind2=" "><subfield code="a">DE-604</subfield><subfield code="b">ger</subfield><subfield code="e">aacr</subfield></datafield><datafield tag="041" ind1="0" ind2=" "><subfield code="a">eng</subfield></datafield><datafield tag="049" ind1=" " ind2=" "><subfield code="a">DE-573</subfield></datafield><datafield tag="050" ind1=" " ind2="0"><subfield code="a">QA76.9.A25</subfield></datafield><datafield tag="082" ind1="0" ind2=" "><subfield code="a">005.8</subfield><subfield code="2">22</subfield></datafield><datafield tag="084" ind1=" " ind2=" "><subfield code="a">ST 250</subfield><subfield code="0">(DE-625)143626:</subfield><subfield code="2">rvk</subfield></datafield><datafield tag="100" ind1="1" ind2=" "><subfield code="a">Seacord, Robert C.</subfield><subfield code="e">Verfasser</subfield><subfield code="4">aut</subfield></datafield><datafield tag="245" ind1="1" ind2="0"><subfield code="a">Secure coding in C and C++</subfield><subfield code="c">Robert C. Seacord</subfield></datafield><datafield tag="250" ind1=" " ind2=" "><subfield code="a">1. print.</subfield></datafield><datafield tag="264" ind1=" " ind2="1"><subfield code="a">Upper Saddle River, NJ [u.a.]</subfield><subfield code="b">Addison-Wesley</subfield><subfield code="c">2006</subfield></datafield><datafield tag="300" ind1=" " ind2=" "><subfield code="a">XXIV, 341 S.</subfield><subfield code="c">24 cm</subfield></datafield><datafield tag="336" ind1=" " ind2=" "><subfield code="b">txt</subfield><subfield code="2">rdacontent</subfield></datafield><datafield tag="337" ind1=" " ind2=" "><subfield code="b">n</subfield><subfield code="2">rdamedia</subfield></datafield><datafield tag="338" ind1=" " ind2=" "><subfield code="b">nc</subfield><subfield code="2">rdacarrier</subfield></datafield><datafield tag="490" ind1="0" ind2=" "><subfield code="a">The SEI series in software engineering</subfield></datafield><datafield tag="490" ind1="0" ind2=" "><subfield code="a">A CERT book</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">C (Computer program language)</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">C++ (Computer program language)</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">Computer security</subfield></datafield><datafield tag="650" ind1="0" ind2="7"><subfield code="a">Computersicherheit</subfield><subfield code="0">(DE-588)4274324-2</subfield><subfield code="2">gnd</subfield><subfield code="9">rswk-swf</subfield></datafield><datafield tag="650" ind1="0" ind2="7"><subfield code="a">Softwareschwachstelle</subfield><subfield code="0">(DE-588)4752508-3</subfield><subfield code="2">gnd</subfield><subfield code="9">rswk-swf</subfield></datafield><datafield tag="650" ind1="0" ind2="7"><subfield code="a">C</subfield><subfield code="g">Programmiersprache</subfield><subfield code="0">(DE-588)4113195-2</subfield><subfield code="2">gnd</subfield><subfield code="9">rswk-swf</subfield></datafield><datafield tag="689" ind1="0" ind2="0"><subfield code="a">C</subfield><subfield code="g">Programmiersprache</subfield><subfield code="0">(DE-588)4113195-2</subfield><subfield code="D">s</subfield></datafield><datafield tag="689" ind1="0" ind2="1"><subfield code="a">Softwareschwachstelle</subfield><subfield code="0">(DE-588)4752508-3</subfield><subfield code="D">s</subfield></datafield><datafield tag="689" ind1="0" ind2="2"><subfield code="a">Computersicherheit</subfield><subfield code="0">(DE-588)4274324-2</subfield><subfield code="D">s</subfield></datafield><datafield tag="689" ind1="0" ind2=" "><subfield code="5">DE-604</subfield></datafield><datafield tag="856" ind1="4" ind2="2"><subfield code="m">GBV Datenaustausch</subfield><subfield code="q">application/pdf</subfield><subfield code="u">http://bvbr.bib-bvb.de:8991/F?func=service&doc_library=BVB01&local_base=BVB01&doc_number=014916741&sequence=000001&line_number=0001&func_code=DB_RECORDS&service_type=MEDIA</subfield><subfield code="3">Inhaltsverzeichnis</subfield></datafield><datafield tag="943" ind1="1" ind2=" "><subfield code="a">oai:aleph.bib-bvb.de:BVB01-014916741</subfield></datafield></record></collection>
id	DE-604.BV021702816
illustrated	Not Illustrated
indexdate	2024-12-20T12:39:46Z
institution	BVB
isbn	0321335724
language	English
oai_aleph_id	oai:aleph.bib-bvb.de:BVB01-014916741
oclc_num	60491974
open_access_boolean
owner	DE-573
owner_facet	DE-573
physical	XXIV, 341 S. 24 cm
publishDate	2006
publishDateSearch	2006
publishDateSort	2006
publisher	Addison-Wesley
record_format	marc
series2	The SEI series in software engineering A CERT book
spellingShingle	Seacord, Robert C. Secure coding in C and C++ C (Computer program language) C++ (Computer program language) Computer security Computersicherheit (DE-588)4274324-2 gnd Softwareschwachstelle (DE-588)4752508-3 gnd C Programmiersprache (DE-588)4113195-2 gnd
subject_GND	(DE-588)4274324-2 (DE-588)4752508-3 (DE-588)4113195-2
title	Secure coding in C and C++
title_auth	Secure coding in C and C++
title_exact_search	Secure coding in C and C++
title_full	Secure coding in C and C++ Robert C. Seacord
title_fullStr	Secure coding in C and C++ Robert C. Seacord
title_full_unstemmed	Secure coding in C and C++ Robert C. Seacord
title_short	Secure coding in C and C++
title_sort	secure coding in c and c
topic	C (Computer program language) C++ (Computer program language) Computer security Computersicherheit (DE-588)4274324-2 gnd Softwareschwachstelle (DE-588)4752508-3 gnd C Programmiersprache (DE-588)4113195-2 gnd
topic_facet	C (Computer program language) C++ (Computer program language) Computer security Computersicherheit Softwareschwachstelle C Programmiersprache
url	http://bvbr.bib-bvb.de:8991/F?func=service&doc_library=BVB01&local_base=BVB01&doc_number=014916741&sequence=000001&line_number=0001&func_code=DB_RECORDS&service_type=MEDIA
work_keys_str_mv	AT seacordrobertc securecodingincandc

Verfügbarkeit

‌

Inhaltsverzeichnis