Secure Coding in C and C++

Secure Coding in C and C++ provides practical advice on secure practices in C and C++ programming. Producing secure programs requires secure designs. However, even the best designs can lead to insecure programs if developers are unaware of the many security pitfalls inherent in C and C++ programming. This book provides a detailed explanation of common programming errors in C and C++ and describes how these errors can lead to code that is vulnerable to exploitation. The book concentrates on security issues intrinsic to the C and C++ programming languages and associated libraries. It does not emphasize security issues involving interactions with external systems such as databases and web servers, as these are rich topics on their own. The intent is that this book be useful to anyone involved in developing secure C and C++ programs regardless of the specific application.

Key topics include:

• String management
• Pointer subterfuge
• Dynamic memory management
• Integral security
• Formatted output
• File I/O

About the Author
Robert Seacord began programming (professionally) for IBM in 1982 and has been programming in C since 1985, and in C++ since 1992. Robert is currently a Senior Vulnerability Analyst with the CERT/Coordination Center (CERT/CC) at the Software Engineering Institute (SEI). As a member of the Vulnerability Analysis Team, Robert works with other CERT team members to analyze software vulnerability reports and assess the risk to the Internet and other critical infrastructures, identify underlying causes of vulnerabilities, and develop coding practices to improve the security of software systems. more...