The CERT C Coding Standard: 98 Rules for Developing Safe, Reliable, and Secure Systems, 2/e (Paperback)
暫譯: CERT C 程式設計標準:98 條規則以開發安全、可靠及安全的系統,第二版 (平裝本)

Robert C. Seacord

The CERT C Coding Standard: 98 Rules for Developing Safe, Reliable, and Secure Systems, 2/e (Paperback)
  • 出版商: Prentice Hall
  • 出版日期: 2014-04-14
  • 定價: $1,800
  • 售價: 9.5$1,710
  • 語言: 英文
  • 頁數: 576
  • 裝訂: Paperback
  • ISBN: 0321984048
  • ISBN-13: 9780321984043
  • 相關分類: C 程式語言

    • 立即出貨 (庫存=1)

買這商品的人也買了...

相關主題

商品描述

“At Cisco, we have adopted the CERT C Coding Standard as the internal secure coding standard for all C developers. It is a core component of our secure development lifecycle. The coding standard described in this book breaks down complex software security topics into easy-to-follow rules with excellent real-world examples. It is an essential reference for any developer who wishes to write secure and resilient software in C and C++.”
—Edward D. Paradise, vice president, engineering, threat response, intelligence, and development, Cisco Systems


Secure programming in C can be more difficult than even many experienced programmers realize. To help programmers write more secure code, The CERT® C Coding Standard, Second Edition, fully documents the second official release of the CERT standard for secure coding in C. The rules laid forth in this new edition will help ensure that programmers’ code fully complies with the new C11 standard; it also addresses earlier versions, including C99.


The new standard itemizes those coding errors that are the root causes of current software vulnerabilities in C, prioritizing them by severity, likelihood of exploitation, and remediation costs. Each of the text’s 98 guidelines includes examples of insecure code as well as secure, C11-conforming, alternative implementations. If uniformly applied, these guidelines will eliminate critical coding errors that lead to buffer overflows, format-string vulnerabilities, integer overflow, and other common vulnerabilities.

 

This book reflects numerous experts’ contributions to the open development and review of the rules and recommendations that comprise this standard.

 

Coverage includes

  • Preprocessor
  • Declarations and Initialization
  • Expressions
  • Integers
  • Floating Point
  • Arrays
  • Characters and Strings
  • Memory Management
  • Input/Output
  • Environment
  • Signals
  • Error Handling
  • Concurrency
  • Miscellaneous Issues

商品描述(中文翻譯)

「在思科,我們已經採用 CERT C 編碼標準作為所有 C 開發者的內部安全編碼標準。這是我們安全開發生命週期的核心組成部分。本書中描述的編碼標準將複雜的軟體安全主題分解為易於遵循的規則,並提供了優秀的實際範例。對於任何希望用 C 和 C++ 編寫安全且具韌性軟體的開發者來說,這是一本必備的參考書。」
—Edward D. Paradise,思科系統公司工程部副總裁,威脅回應、情報與開發部門

在 C 語言中進行安全編程可能比許多經驗豐富的程式設計師所意識到的還要困難。為了幫助程式設計師編寫更安全的程式碼,《CERT® C 編碼標準(第二版)》全面記錄了 CERT 標準的第二次官方發布,該標準針對 C 語言的安全編碼。這一新版本中提出的規則將幫助確保程式設計師的程式碼完全符合新的 C11 標準;它還涵蓋了早期版本,包括 C99。

新標準列出了當前 C 語言軟體漏洞的根本原因的編碼錯誤,並根據嚴重性、被利用的可能性和修復成本進行優先排序。本書的 98 條指導方針中的每一條都包括不安全程式碼的範例以及符合 C11 的安全替代實現。如果這些指導方針得到一致應用,將消除導致緩衝區溢出、格式字串漏洞、整數溢出和其他常見漏洞的關鍵編碼錯誤。

本書反映了眾多專家對於組成此標準的規則和建議的開放開發和審查的貢獻。

涵蓋內容包括:
- 預處理器
- 聲明與初始化
- 表達式
- 整數
- 浮點數
- 陣列
- 字元與字串
- 記憶體管理
- 輸入/輸出
- 環境
- 信號
- 錯誤處理
- 並發
- 其他問題

類似商品