The CERT C Secure Coding Standard (Paperback)
暫譯: CERT C 安全編碼標準 (平裝本)
Robert C. Seacord
- 出版商: Addison Wesley
- 出版日期: 2008-10-01
- 定價: $1,980
- 售價: 6.0 折 $1,188
- 語言: 英文
- 頁數: 720
- 裝訂: Paperback
- ISBN: 0321563212
- ISBN-13: 9780321563217
-
相關分類:
C 程式語言
-
其他版本:
The CERT C Coding Standard: 98 Rules for Developing Safe, Reliable, and Secure Systems, 2/e (Paperback)
買這商品的人也買了...
-
$1,733C++ Gotchas: Avoiding Common Problems in Coding and Design (Paperback) -
C 語言程式設計 + C 語言程式技巧問答實戰 (Kernighan: The C Programming Language, 2/e) (雙書合購)$980$980 -
$988Medical Image Analysis (IE-Paperback) -
Learning jQuery: Better Interaction Design and Web Development with Simple JavaScript Techniques$1,840$1,748 -
C++ Primer, 4/e (中文版)$990$891 -
Embedded Linux 開發實務徹底研究 (Embedded Linux Primer: A Practical Real-World Approach)$720$569 -
軟體建構之道 (Code Complete, 2/e)$1,200$1,020 -
程式之美-微軟技術面試心得$490$417 -
C++ 編程規範 (C++ Coding Standards: 101 Rules, Guidelines, and Best Practices)$580$458 -
Google API 開發詳解-Google Maps 與 Google Earth 雙劍合壁$580$458 -
Learning jQuery 中文版 (Learning jQuery: Better Interaction Design and Web Development with Simple JavaScript Techniques)$480$408 -
正確學會 Flash 的 16 堂課$520$411 -
Microsoft Exchange Server 2007 SP1 管理實務$620$490 -
Linux 程式設計教學手冊 (Beginning Linux Programming, 4/e)$780$616 -
無師自通的 Web 設計-CSS 的 12 大類網站設計專題實作$450$351 -
Web CSS 網頁設計大全$580$452 -
Google APIs 程式工具錦集$520$411 -
Linux 裝置驅動程式之開發詳解$780$616 -
挑戰 PHP 5 MySQL 程式設計樂活學$580$458 -
Python 學習手冊 (Learning Python, 3/e)$880$695 -
Visual C# 2010 精要剖析$520$411 -
$1,728Service Design Patterns: Fundamental Design Solutions for SOAP/WSDL and RESTful Web Services (Hardcover) -
80X86 組合語言, 3/e$500$450 -
Secure Coding in C and C++, 2/e (Paperback)$2,560$2,432 -
$1,710The CERT C Coding Standard: 98 Rules for Developing Safe, Reliable, and Secure Systems, 2/e (Paperback)
商品描述
“I’m an enthusiastic supporter of the CERT Secure Coding Initiative. Programmers have lots of sources of advice on correctness, clarity, maintainability, performance, and even safety. Advice on how specific language features affect security has been missing. The CERT® C Secure
Coding Standard fills this need.”
—Randy Meyers, Chairman of ANSI C
“For years we have relied upon the CERT/CC to publish advisories documenting an endless stream of security problems. Now CERT has embodied the advice of leading technical experts to give programmers and managers the practical guidance needed to avoid those problems in new applications and to help secure legacy systems. Well done!”
—Dr. Thomas Plum, founder of Plum Hall, Inc.
“Connectivity has sharply increased the need for secure, hacker-safe applications. By combining this CERT standard with other safety guidelines, customers gain all-round protection and approach the goal of zero-defect software.”
—Chris Tapp, Field Applications Engineer, LDRA Ltd.
“I’ve found this standard to be an indispensable collection of expert information on exactly how modern software systems fail in practice. It is the perfect place to start for establishing internal secure coding guidelines. You won’t find this information elsewhere, and, when it comes to software security, what you don’t know is often exactly what hurts you.”
—John McDonald, coauthor of The Art of Software Security Assessment
Software security has major implications for the operations and assets of organizations, as well as for the welfare of individuals. To create secure software, developers must know where the dangers lie. Secure programming in C can be more difficult than even many experienced programmers believe.
This book is an essential desktop reference documenting the first official release of The CERT® C Secure Coding Standard. The standard itemizes those coding errors that are the root causes of software vulnerabilities in C and prioritizes them by severity, likelihood of exploitation, and remediation costs. Each guideline provides examples of insecure code as well as secure, alternative implementations. If uniformly applied, these guidelines will eliminate the critical coding errors that lead to buffer overflows, format string vulnerabilities, integer overflow, and other common software vulnerabilities.
Coding Standard fills this need.”
—Randy Meyers, Chairman of ANSI C
“For years we have relied upon the CERT/CC to publish advisories documenting an endless stream of security problems. Now CERT has embodied the advice of leading technical experts to give programmers and managers the practical guidance needed to avoid those problems in new applications and to help secure legacy systems. Well done!”
—Dr. Thomas Plum, founder of Plum Hall, Inc.
“Connectivity has sharply increased the need for secure, hacker-safe applications. By combining this CERT standard with other safety guidelines, customers gain all-round protection and approach the goal of zero-defect software.”
—Chris Tapp, Field Applications Engineer, LDRA Ltd.
“I’ve found this standard to be an indispensable collection of expert information on exactly how modern software systems fail in practice. It is the perfect place to start for establishing internal secure coding guidelines. You won’t find this information elsewhere, and, when it comes to software security, what you don’t know is often exactly what hurts you.”
—John McDonald, coauthor of The Art of Software Security Assessment
Software security has major implications for the operations and assets of organizations, as well as for the welfare of individuals. To create secure software, developers must know where the dangers lie. Secure programming in C can be more difficult than even many experienced programmers believe.
This book is an essential desktop reference documenting the first official release of The CERT® C Secure Coding Standard. The standard itemizes those coding errors that are the root causes of software vulnerabilities in C and prioritizes them by severity, likelihood of exploitation, and remediation costs. Each guideline provides examples of insecure code as well as secure, alternative implementations. If uniformly applied, these guidelines will eliminate the critical coding errors that lead to buffer overflows, format string vulnerabilities, integer overflow, and other common software vulnerabilities.
商品描述(中文翻譯)
「我熱情支持CERT安全編碼倡議。程式設計師有許多關於正確性、清晰度、可維護性、性能甚至安全性的建議。然而,關於特定語言特性如何影響安全性的建議卻一直缺失。」—Randy Meyers,ANSI C主席
「多年來,我們依賴CERT/CC發布通告,記錄無盡的安全問題。現在,CERT已經將領先技術專家的建議具體化,為程式設計師和管理者提供避免這些問題的實用指導,無論是在新應用程式中還是幫助保護舊系統。做得好!」
—Dr. Thomas Plum,Plum Hall, Inc.創辦人
「連接性大幅增加了對安全、抗駭客應用程式的需求。通過將這個CERT標準與其他安全指導方針結合,客戶獲得全面的保護,並朝著零缺陷軟體的目標邁進。」
—Chris Tapp,LDRA Ltd.現場應用工程師
「我發現這個標準是關於現代軟體系統在實踐中如何失敗的專家資訊的不可或缺的集合。這是建立內部安全編碼指導方針的完美起點。你不會在其他地方找到這些資訊,而在軟體安全方面,你不知道的往往正是傷害你的地方。」
—John McDonald,《軟體安全評估的藝術》共同作者
軟體安全對組織的運營和資產以及個人的福祉有重大影響。為了創建安全的軟體,開發人員必須知道危險所在。用C語言進行安全編程可能比許多經驗豐富的程式設計師所認為的更具挑戰性。
本書是記錄CERT® C安全編碼標準首次官方發布的重要桌面參考資料。該標準列舉了導致C語言軟體漏洞的根本原因的編碼錯誤,並根據嚴重性、被利用的可能性和修復成本進行優先排序。每個指導方針提供不安全代碼的示例以及安全的替代實現。如果這些指導方針得到一致應用,將消除導致緩衝區溢出、格式字符串漏洞、整數溢出和其他常見軟體漏洞的關鍵編碼錯誤。
