Book description
“I’m an enthusiastic supporter of the CERT Secure
Coding Initiative. Programmers have lots of sources of advice on
correctness, clarity, maintainability, performance, and even
safety. Advice on how specific language features affect security
has been missing. The CERT® C Secure Coding
Standard fills this need.”
–Randy Meyers,
Chairman of ANSI C
“For years we have relied upon the CERT/CC to publish
advisories documenting an endless stream of security problems. Now
CERT has embodied the advice of leading technical experts to give
programmers and managers the practical guidance needed to avoid
those problems in new applications and to help secure legacy
systems. Well done!”
–Dr. Thomas Plum, founder of Plum Hall, Inc.
“Connectivity has sharply increased the need for secure,
hacker-safe applications. By combining this CERT standard with
other safety guidelines, customers gain all-round protection and
approach the goal of zero-defect software.”
–Chris Tapp, Field Applications Engineer, LDRA Ltd.
“I’ve found this standard to be an indispensable
collection of expert information on exactly how modern software
systems fail in practice. It is the perfect place to start for
establishing internal secure coding guidelines. You won’t
find this information elsewhere, and, when it comes to software
security, what you don’t know is often exactly what hurts
you.”
–John McDonald, coauthor of The Art of Software Security
Assessment
Software security has major implications for the operations and
assets of organizations, as well as for the welfare of individuals.
To create secure software, developers must know where the dangers
lie. Secure programming in C can be more difficult than even many
experienced programmers believe.
This book is an essential desktop reference documenting the first
official release of The CERT® C Secure
Coding Standard. The standard itemizes those coding errors
that are the root causes of software vulnerabilities in C and
prioritizes them by severity, likelihood of exploitation, and
remediation costs. Each guideline provides examples of insecure
code as well as secure, alternative implementations. If uniformly
applied, these guidelines will eliminate the critical coding errors
that lead to buffer overflows, format string vulnerabilities,
integer overflow, and other common software
vulnerabilities.
Table of contents
- Title Page
- Copyright Page
- Contents
- The SEI Series in Software Engineering
- Preface
- Acknowledgments
- About the Author
- Chapter 1. Using This Standard
- Chapter 2. Preprocessor (PRE)
- Chapter 3. Declarations and Initialization (DCL)
- Chapter 4. Expressions (EXP)
- Chapter 5. Integers (INT)
- Chapter 6. Floating Point (FLP)
- Chapter 7. Arrays (ARR)
- Chapter 8. Characters and Strings (STR)
- Chapter 9. Memory Management (MEM)
- Chapter 10. Input/Output (FIO)
- Chapter 11. Environment (ENV)
- Chapter 12. Signals (SIG)
- Chapter 13. Error Handling (ERR)
- Chapter 14. Miscellaneous (MSC)
- POSIX (POS)
- Glossary
- References
- Index
- Footnotes
Product information
- Title: The CERT® C Secure Coding Standard
- Author(s):
- Release date: October 2008
- Publisher(s): Addison-Wesley Professional
- ISBN: 9780321603197
You might also like
book
The Web Application Hacker's Handbook, 2nd Edition
The highly successful security book returns with a new edition, completely updated Web applications are the …
book
The Linux Programming Interface
The Linux Programming Interface is the definitive guide to the Linux and UNIX programming interface—the interface …
book
Hands-On System Programming with Linux
Get up and running with system programming concepts in Linux Key Features Acquire insight on Linux …
book
Modern C
Modern C introduces you to modern day C programming, emphasizing the unique and new features of …
