Secure Coding in C and C++

This book contains the following chapters:

Chapter 1 provides an overview of the problem, introduces
                     security terms and concepts, and provides insight as
                     to why so many vulnerabilities are found in C and
                     C++ programs.
Chapter 2 describes string manipulation in C and C++,
                     common security flaws, and resulting vulnerabilities
                     including buffer overflow and stack smashing. Both
                     code and arc injection exploits are examined.   Chapter 3 introduces arbitrary memory write exploits that
                     allows an attacker to write a single address to any
                     location in memory. This chapter describes how
                     these exploits can be used to execute arbitrary
                     code on a compromised machine. Vulnerabilities
                     resulting from arbitrary memory writes are discussed
                     in later chapters.
Chapter 4 describes dynamic memory management.
                      Dynamically allocated buffer overflows, writing to
                      freed memory, and double-free vulnerabilities are
                      described.
Chapter 5 covers integral security issues (security issues dealing
                      with integers) including integer overflows, sign
                      errors, and truncation errors.
Chapter 6 describes the correct and incorrect use of
                     formatted output functions. Both format string and
                     buffer overflows vulnerabilities resulting from the
                     incorrect use of these functions are described.
Chapter 7 describes common vulnerabilities associated with file
                      I/O including race conditions and time of creation,
                      time of use (TOCTOU) vulnerabilities.
Chapter 8 recommends specific development practices for
                     improving the overall security of your C / C++
                     application. These recommendat the
                     recommendations included in each chapter for
                     addressing specific vulnerability classes.

    This book focuses on programming flaws in C and C++ that are the most common causes of software vulnerabilities. However, because of size and space constraints, not every potential source of vulnerabilities is covered.

Chapter 1. Running with Scissors.
Chapter 2. Strings.
Chapter 3. Pointer Subterfuge.
Chapter 4. Dynamic Memory Management.
Chapter 5. Integer Security.
Chapter 6. Formatted Output.
Chapter 7. File I/O.
Chapter 8. Recommended Practices.

Author Descriptions

Robert Seacord began programming for IBM in 1982 and has been programming in C since 1985, and in C++ since 1992. Robert is currently a Senior Vulnerability Analyst with the CERT/Coordination Center at the Software Engineering Institute (SEI). He is coauthor of Building Systems from Commercial Components (Addison-Wesley, 2002) and Modernizing Legacy Systems (Addison-Wesley, 2003).