October 2008
Intermediate to advanced
720 pages
14h 6m
English
Overview
“I’m an enthusiastic supporter of the CERT Secure
Coding Initiative. Programmers have lots of sources of advice on
correctness, clarity, maintainability, performance, and even
safety. Advice on how specific language features affect security
has been missing. The CERT® C Secure Coding
Standard fills this need.”
–Randy Meyers,
Chairman of ANSI C
“For years we have relied upon the CERT/CC to publish
advisories documenting an endless stream of security problems. Now
CERT has embodied the advice of leading technical experts to give
programmers and managers the practical guidance needed to avoid
those problems in new applications and to help secure legacy
systems. Well done!”
–Dr. Thomas Plum, founder of Plum Hall, Inc.
“Connectivity has sharply increased the need for secure,
hacker-safe applications. By combining this CERT standard with
other safety guidelines, customers gain all-round protection and
approach the goal of zero-defect software.”
–Chris Tapp, Field Applications Engineer, LDRA Ltd.
“I’ve found this standard to be an indispensable
collection of expert information on exactly how modern software
systems fail in practice. It is the perfect place to start for
establishing internal secure coding guidelines. You won’t
find this information elsewhere, and, when it comes to software
security, what you don’t know is often exactly what hurts
you.”
–John McDonald, coauthor of The Art of Software Security
Assessment
Software security has major implications for the operations and
assets of organizations, as well as for the welfare of individuals.
To create secure software, developers must know where the dangers
lie. Secure programming in C can be more difficult than even many
experienced programmers believe.
This book is an essential desktop reference documenting the first
official release of The CERT® C Secure
Coding Standard. The standard itemizes those coding errors
that are the root causes of software vulnerabilities in C and
prioritizes them by severity, likelihood of exploitation, and
remediation costs. Each guideline provides examples of insecure
code as well as secure, alternative implementations. If uniformly
applied, these guidelines will eliminate the critical coding errors
that lead to buffer overflows, format string vulnerabilities,
integer overflow, and other common software
vulnerabilities.
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access
More than 5,000 organizations count on O’Reilly
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.Julian F.
I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.Addison B.
I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.Amir M.
I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.