Password sniffing, spoofing, buffer overflows, and denial of service: these are only a few of the attacks on today's computer systems and networks. At the root of this epidemic is poorly written, poorly tested, and insecure code that puts everyone at risk. Clearly, today's developers need help figuring out how to write code that attackers won't be able to exploit. But writing such code is surprisingly difficult. Secure Programming Cookbook for C and C++ is an important new resource for developers serious about writing secure code. It contains a wealth of solutions to problems faced by those who care about the security of their applications. It covers a wide range of topics, including safe initialization, access control, input validation, symmetric and public key cryptography, cryptographic hashes and MACs, authentication and key exchange, PKI, random numbers, and anti-tampering. The rich set of code samples provided in the book's more than 200 recipes will help programmers secure the C and C++ programs they write for both Unix® (including Linux®) and Windows® environments. Readers will learn:

• How to avoid common programming errors, such as buffer overflows, race conditions, and format string problems

• How to properly SSL-enable applications

• How to create secure channels for client-server communication without SSL

• How to integrate Public Key Infrastructure (PKI) into applications

• Best practices for using cryptography properly

• Techniques and strategies for properly validating input to programs

• How to launch programs securely

• How to use file access mechanisms properly

• Techniques for protecting applications from reverse engineering

The book's web site supplements the book by providing a place to post new recipes, including those written in additional languages like Perl, Java, and Python. Monthly prizes will reward the best recipes submitted by readers. Secure Programming Cookbook for C and C++ is destined to become an essential part of any developer's library, a code companion developers will turn to again and again as they seek to protect their systems from attackers and reduce the risks they face in today's dangerous world.

Amazon.com® Reader Reviews (Ranked by Helpfulness)

Average Amazon.com® Rating:  Based on 13 Ratings

A task-oriented reference guide - 2003-10-16
Reviewer Rating:
This well-written book covers a lot of topics that I have not read in other books.

Its strengths include:

--Good coverage of cryptography programming
--Task-oriented solutions to specific programming problems
--Easy to navigate "cookbook" style ("with recipes" as the authors call them)

However, some areas of improvement might be:

--Could use more coverage of important subjects (buffer overflows, etc.)
--spends a lot of space on narrower examples (like explaining certain APIs that are documented well online)
--Sometimes jumps into material without much background explanation (which was confusing for me)

It is probably not the first book you should read on the subject. This is more of a recipe guide that is useful if you get stuck on coding a particular topic that happens to be covered. The authors have done a good job of explaining what coverage they do and don't include.

Great book for anyone using C - 2003-10-31
Reviewer Rating:
This is simply a great book for anyone using C or C++.

These guys literally wrote the book on secure code.

Read it!

a good reference if you've really got to be secure - 2004-05-13
Reviewer Rating:
If you are not sure that you need this book, then you probably don't. But if there is something it the table of contents that you've got to know, and you've got to get it right, then this would be a good book to have. Chapter 12 on Anti-Tampering was a really enjoyable read, though probably a futile task.

Good developer reference - 2006-03-22
Reviewer Rating:
This is a well-written and example oriented book for C/C++ programmers that covers secure programming in all aspects. I had been using this book for last one year now and It helps me as a quick reference and also real source code demonstrating practical approaches that can be incorporated into their software projects.

The book needs a little update but still helps any aspiring C/C++ programmer involved with crypto.

Completely useless for PKI programming - 2010-01-26
Reviewer Rating:
The title "Secure Programming Cookbook" is more than a reach, but downright misleading. I bought this book fully expecting to find recipes for using OpenSSL's crypto library to generate CSRs, handle private CA functions such as create Digital ID Certificates, and other functions actually used in writing secure applications. What I found was the author spending more time talking about products and services offered by Verisign, and very little code whatsoever. There is some code for verifying a certificate, and downloading a revocation list, but sadly I've found more useful information reading OpenSSL's lackluster man pages than I have in this book. If you're looking for high level information about "how stuff works", or some simple command-line help, this book will suit you. If you're looking for content living up to the book's title - content that would actually help you implement things like PKI - you'll unfortunately come up short.

Browse Similar Topics

Top Level Categories:
Networking
Programming
Security

Sub-Categories:
Networking > Security
Programming > C
Programming > C++
Security > Networking
Networking > Public-Key Cryptography
Security > Operating Systems
Operating Systems > Linux
Operating Systems > Windows