"I'm an enthusiastic supporter of the CERT Secure Coding Initiative. Programmers have lots of sources of advice on correctness, clarity, maintainability, performance, and even safety. Advice on how specific language features affect security has been missing. The CERT(r) C Secure Coding Standard fills this need." -Randy Meyers, Chairman of ANSI C "For years we have relied upon the CERT/CC to publish advisories documenting an endless stream of security problems. Now CERT has embodied the advice of leading technical experts to give programmers and managers the practical guidance needed to avoid those problems in new applications and to help secure legacy systems. Well done!" -Dr. Thomas Plum, founder of Plum Hall, Inc. "Connectivity has sharply increased the need for secure, hacker-safe applications. By combining this CERT standard with other safety guidelines, customers gain all-round protection and approach the goal of zero-defect software." -Chris Tapp, Field Applications Engineer, LDRA Ltd. "I've found this standard to be an indispensable collection of expert information on exactly how modern software systems fail in practice. It is the perfect place to start for establishing internal secure coding guidelines. You won't find this information elsewhere, and, when it comes to software security, what you don't know is often exactly what hurts you." -John McDonald, coauthor of The Art of Software Security Assessment Software security has major implications for the operations and assets of organizations, as well as for the welfare of individuals. To create secure software, developers must know where the dangers lie. Secure programming in C can be more difficult than even many experienced programmers believe. This book is an essential desktop reference documenting the first official release of The CERT(r) C Secure Coding Standard. The standard itemizes those coding errors that are the root causes of software vulnerabilities in C and prioritizes them by severity, likelihood of exploitation, and remediation costs. Each guideline provides examples of insecure code as well as secure, alternative implementations. If uniformly applied, these guidelines will eliminate the critical coding errors that lead to buffer overflows, format string vulnerabilities, integer overflow, and other common software vulnerabilities.
Le informazioni nella sezione "Riassunto" possono far riferimento a edizioni diverse di questo titolo.
Descrizione libro Prentice Hall. Condizione libro: New. Brand New. Codice libro della libreria 0321563212
Descrizione libro Condizione libro: New. Codice libro della libreria 5650819-n
Descrizione libro Addison-Wesley Professional, 2008. Paperback. Condizione libro: New. 1. Codice libro della libreria DADAX0321563212
Descrizione libro Addison-Wesley Professional, 2008. Paperback. Condizione libro: New. book. Codice libro della libreria 0321563212
Descrizione libro Addison-Wesley Professional, 2008. Condizione libro: New. Brand new! Please provide a physical shipping address. Codice libro della libreria 9780321563217
Descrizione libro AddisonWesley Professional, 2008. Paperback. Condizione libro: Brand New. 1st edition. 720 pages. 9.00x7.00x1.50 inches. In Stock. Codice libro della libreria zk0321563212
Descrizione libro Addison-Wesley Professional, 2008. Condizione libro: New. Brand New, Unread Copy in Perfect Condition. A+ Customer Service! Summary: Preface xvii Acknowledgments xxxi About the Author xxxiii Chapter 1: Using This Standard 1 System Qualities 1 Automatically Generated Code 2 Compliance 3 Chapter 2: Preprocessor (PRE) 5 PRE00-C. Prefer inline or static functions to function-like macros 6 PRE01-C. Use parentheses within macros around parameter names 11 PRE02-C. Macro replacement lists should be parenthesized 13 PRE03-C. Prefer type definitions to defines for encoding types 15 PRE04-C. Do not reuse a standard header file name 16 PRE05-C. Understand macro replacement when concatenating tokens or performing stringification 18 PRE06-C. Enclose header files in an inclusion guard 21 PRE07-C. Avoid using repeated question marks 22 PRE08-C. Guarantee that header file names are unique 24 PRE09-C. Do not replace secure functions with less secure functions 26 PRE10-C. Wrap multistatement macros in a do-while loop 27 PRE30-C. Do not create a universal character name through concatenation 29 PRE31-C. Never invoke an unsafe macro with arguments containing assignment, increment, decrement, volatile access, or function call 30 Chapter 3: Declarations and Initialization (DCL) 33 DCL00-C. const-qualify immutable objects 35 DCL01-C. Do not reuse variable names in subscopes 36 DCL02-C. Use visually distinct identifiers 38 DCL03-C. Use a static assertion to test the value of a constant expression 39 DCL04-C. Do not declare more than one variable per declaration 42 DCL05-C. Use type definitions to improve code readability 44 DCL06-C. Use meaningful symbolic constants to represent literal values in program logic 45 DCL07-C. Include the appropriate type information in function declarators 51 DCL08-C. Properly encode relationships in constant definitions 54 DCL09-C. Declare functions that return an errno error code with a return type of errno_t 57 DCL10-C. Maintain the contract between the writer and caller of variadic functions 59 DCL11-C. Understand the type issues associated with variadic functions 62 DCL12-C. Implement abstract data types using opaque types 64 DCL13-C. Declare function parameters that are pointers to values not changed by the function as const 66 DCL14-C. Do not make assumptions about the order of global variable initialization across translation units &nb. Codice libro della libreria ABE_book_new_0321563212
Descrizione libro Addison-Wesley Professional, 2008. Paperback. Condizione libro: New. Codice libro della libreria P110321563212
Descrizione libro Addison-Wesley Professional. PAPERBACK. Condizione libro: New. 0321563212 New Condition. Codice libro della libreria NEW4.0149740
Descrizione libro Condizione libro: Brand New. Book Condition: Brand New. Codice libro della libreria 97803215632171.0