|Title||:||Secure Coding in C and C++, 2/e by Robert C. Seacord (2014-07-31)|
|Format Type||:||Kindle Edition|
|Number of Pages||:||488 Pages|
|File Size||:||696 KB|
|Status||:||Available For Download|
|Last checked||:||21 Minutes ago!|
Secure Coding in C and C++, 2/e by Robert C. Seacord (2014-07-31) Reviews
The book aims to give an overview of programming errors that lead to possibly exploitable software defects. Some of these are errors you'd think only an amateur wouldn't avoid, others exploits are only possible due to complex combinations of compiler- or platform-specific behaviour and seemingly minor oversights. Each of the chapters is written by a different author, so they vary in quality and sometimes, as a programmer, you might be tempted to skip passages, because you just don't use the techniques described (good for you). But if you've got to review or refactor code you might come upon these techniques sooner or later, so it might be good to know about them anyway.Examples and code fragments are understandable; as some of the techniques used in exploiting software defects are quite advanced magic it may sometimes necessary to reread sections.
Sehr detailliert und anschaulich beschäftigt sich der Autor mit den Fallen, welche die Sprachen C und C++ für die Programmierer so bereit halten.Zahlreiche Beispiele machen Probleme wie "buffer overflow", "arc injection" oder "integer security" anschaulich - zumindest für den Programmierer. Ams Lehrbuch und zum Selbststudium sehr empfehlenswert.
This is one of the few books that every C and C++ programmer should read. It shows detailed examples of the very undesirable sorts of things that attackers can force badly written code into unwittingly doing; it also explains how to create multiple layers of defense around the bad code that inevitably finds its way into real programs. The book is well written; I will concentrate here on the relatively minor defects.First: Many sections of the book are of necessity really, really boring. The chapter on integer security must set the record for most boring chapter ever written in a programming textbook. Fortunately, most of the boring parts can be skimmed over. For example, once you grok the basic idea of how an attacker can exploit a buffer overflow to overwrite the return address on the stack, you do not need to read the long discussion that shows in gory detail exactly how it is done.Second: Although the authors are clearly very knowledgeable in their area, the book contains an occasional strangely worded phrase (and in one case a piece of code that does not do what they state it does) that leads me to suspect that the authors perhaps might not have *written* lots of code themselves.Third: The discussion on the various tools and libraries that are available to mitigate security risks are useful, but strangely irrelevant. I have programmed on a lot of different projects in my life with a lot of different people, and I have met few, if any, people who actually use any of these tools and libraries. Further, the time that would be spent using the tools would in many cases be better spent by simply re-reading your code multiple times to find and remove the awful code that the tools are defending against and that no decent programmer should write in the first place.That being said, the book is well written and essential reading for C and C++ programmers.
This book has good knowledge one you get used to the writing style. The content is alright. But the editor has missed so many code bugs... I guess thats the code writers fault but still, its annoying. Good thing this is a higher level book or else beginners would have gotten frustrated. :P But yeah, this only gets three stars just for the fact that the content is just not incredible and the editing got to me.
Cons- this isn't the latest edition, so don't buy this onePros- very easy to read- relevant
Covers how to write secure code in C++... and not just any ol' code. Could be thought of as a specialty topic but, if you are working on a system of any importance, writing the code to be secure from the outset ought to be part of the engineering design and programming effort.