C和C++安全编码txt,chm,pdf,epub,mobi下载 作者:Robert C. Seacord 出版社: 机械工业出版社 原作名: Secure Coding in C and C++ 出版年: 2013-6 页数: 569 定价: 89.00 ISBN: 9787111428046 内容简介 · · · · · ·常被利用的软件漏洞通常都由本可避免的软件缺陷造成。通过对1988年以来几万份漏洞报告的分析。cert确定了引起绝大多数漏洞的少数原因。《c和c++安全编码(英文版第2版)》识别并解释了这些原因,展示了可以采取哪些措施来防止它们被利用。此外,《c和c++安全编码(英文版.第2版)》鼓励程序员采用安全的最佳实践,培养安全的理念,以保护软件不仅免受现在的攻击,也免受未来的攻击。根据cert的报告和结论,robert cseacord(西科德)系统地识别了最有可能导致安全漏洞的程序错误,显示了它们被利用的方式,考察了其潜在的后果,并提出了安全的替代方案。 本书主要内容 提高任何c或c++应用程序的整体安全性 阻止利用不安全的字符串操作逻辑进行缓冲区溢出、栈溢出以及面向返回值的编程攻击 避免因不正确使用动态内存管理函数而导致的漏洞和安全缺陷 消除因有符号整数溢... 作者简介 · · · · · ·robert c.seacord目前是卡内基-梅隆大学软件工程研究所(sei)cert计划的安全编码技术经理。他是五本书的作者或合著者,包括《cert c安全编码标准》(addison—wesley,2009),他还是系列视频培训课程“专业c编程在线课程,第1部分:编写健壮、安全、可靠的代码”(addison—wesley,2013)的作者和讲师。 目录 · · · · · ·《c和c++安全编码(英文版.第2版)》foreword preface acknowledgments about the author chapter 1 runnin9 with scissors · · · · · ·() 《c和c++安全编码(英文版.第2版)》 foreword preface acknowledgments about the author chapter 1 runnin9 with scissors 1.1 gauging the threht 1.2 security concepts 1.3 c and c++ 1.4 development platforms 1.5 summary 1.6 further reading chapter 2 strings 2.1 character strings 2.2 common string manipulation errors 2.3 string vulnerabilities and exploits 2.4 mitigation strategies for strings 2.5 string-handling functions 2.6 runtime protection strategies 2.7 notable vulnerabilities .2.8 summary 2.9 further reading chapter 3 pointer subterfuge 3.1 data locations 3.2 function pointers 3.3 object pointers 3.4 modifying the instruction pointer 3.5 global offset table 3.6 the .dtovs section 3.7 virtual pointers 3.8 the atexit() and on_exit() functions 3.9 the longjmp() function 3.10 exception handling 3.11 mitigation strategies 3.12 summary 3.13 further reading chapter 4 dynamic memory management 4.1 c memory management 4.2 common c memory management errors 4.3 c++ dynamic memory management 4.4 common c++ memory management errors 4.5 memory managers 4.6 doug lea's memory allocator 4.7 double-free vulnerabilities 4.8 mitigation strategies 4.9 notable vulnerabilities 4.10 summary chapter 5 integer security 5.1 introduction to integer security 5.2 integer data types 5.3 integer conversions 5.4 integer operations 5.5 integer vulnerabilities 5.6 mitigation strategies 5.7 summary chapter 6 formatted output 6.1 variadic functions 6.2 formatted output functions 6.3 exploiting formatted output functions 6.4 stack randomization 6.5 mitigation strategies 6.6 notable vulnerabilities 6.7 summary 6.8 further reading chttpter 7 concurrency 7.1 muhithreading 7.2 parallelism 7.3 performance goals 7.4 common errors 7.5 mitigation strategies 7.6 mitigation pitfalls 7.7 notable vulnerabilities 7.8 summary chopter 8 file i/0 8.1 file i/0 basics 8.2 file i/o interfaces 8.3 access control 8.4 file identification 8.5 race conditions 8.6 mitigation strategies 8.7 summary chapter 9 recommended practices 9.1 the security development lifecycle 9.2 security training 9.3 requirements 9.4 design 9.5 implementation 9.6 verification 9.7 summary 9.8 further reading references acronyms index · · · · · · () |
文字却通俗易懂
一种全新的角度切入
觉得不错
现在终于有机会看看这本书