Buying Options
Secure Programming Cookbook for C and C++
Print $74.99
Add to Cart
Print+Ebook $82.49
Add to Cart
Ebook $59.99
(Mobi, PDF, ePub)
Add to Cart
Safari Books Online
Add to Cart
What is this?
Print £57.50
Add to Cart
What is this?

Secure Programming Cookbook for C and C++

Recipes for Cryptography, Authentication, Input Validation & More

By
John Viega, Matt Messier
Publisher:
O'Reilly Media
Released:
July 2003
Pages:
792
Description
Secure Programming Cookbook for C and C++ is an important new resource for developers serious about writing secure code for Unix® (including Linux®) and Windows® environments. This essential code companion covers a wide range of topics, including safe initialization, access control, input validation, symmetric and public key cryptography, cryptographic hashes and MACs, authentication and key exchange, PKI, random numbers, and anti-tampering.
Full Description
Table of Contents

  1. Chapter 1 Safe Initialization

    1. Sanitizing the Environment

    2. Restricting Privileges on Windows

    3. Dropping Privileges in setuid Programs

    4. Limiting Risk with Privilege Separation

    5. Managing File Descriptors Safely

    6. Creating a Child Process Securely

    7. Executing External Programs Securely

    8. Executing External Programs Securely

    9. Disabling Memory Dumps in the Event of a Crash

  2. Chapter 2 Access Control

    1. Understanding the Unix Access Control Model

    2. Understanding the Windows Access Control Model

    3. Determining Whether a User Has Access to a File on Unix

    4. Determining Whether a Directory Is Secure

    5. Erasing Files Securely

    6. Accessing File Information Securely

    7. Restricting Access Permissions for New Files on Unix

    8. Locking Files

    9. Synchronizing Resource Access Across Processes on Unix

    10. Synchronizing Resource Access Across Processes on Windows

    11. Creating Files for Temporary Use

    12. Restricting Filesystem Access on Unix

    13. Restricting Filesystem and Network Access on FreeBSD

  3. Chapter 3 Input Validation

    1. Understanding Basic Data Validation Techniques

    2. Preventing Attacks on Formatting Functions

    3. Preventing Buffer Overflows

    4. Using the SafeStr Library

    5. Preventing Integer Coercion and Wrap-Around Problems

    6. Using Environment Variables Securely

    7. Validating Filenames and Paths

    8. Evaluating URL Encodings

    9. Validating Email Addresses

    10. Preventing Cross-Site Scripting

    11. Preventing SQL Injection Attacks

    12. Detecting Illegal UTF-8 Characters

    13. Preventing File Descriptor Overflows When Using select( )

  4. Chapter 4 Symmetric Cryptography Fundamentals

    1. Representing Keys for Use in Cryptographic Algorithms

    2. Generating Random Symmetric Keys

    3. Representing Binary Keys (or Other Raw Data) as Hexadecimal

    4. Turning ASCII Hex Keys (or Other ASCII Hex Data) into Binary

    5. Performing Base64 Encoding

    6. Performing Base64 Decoding

    7. Representing Keys (or Other Binary Data) as English Text

    8. Converting Text Keys to Binary Keys

    9. Using Salts, Nonces, and Initialization Vectors

    10. Deriving Symmetric Keys from a Password

    11. Algorithmically Generating Symmetric Keys from One Base Secret

    12. Encrypting in a Single Reduced Character Set

    13. Managing Key Material Securely

    14. Timing Cryptographic Primitives

  5. Chapter 5 Symmetric Encryption

    1. Deciding Whether to Use Multiple Encryption Algorithms

    2. Figuring Out Which Encryption Algorithm Is Best

    3. Selecting an Appropriate Key Length

    4. Selecting a Cipher Mode

    5. Using a Raw Block Cipher

    6. Using a Generic CBC Mode Implementation

    7. Using a Generic CFB Mode Implementation

    8. Using a Generic OFB Mode Implementation

    9. Using a Generic CTR Mode Implementation

    10. Using CWC Mode

    11. Manually Adding and Checking Cipher Padding

    12. Precomputing Keystream in OFB, CTR, CCM, or CWC Modes (or with Stream Ciphers)

    13. Parallelizing Encryption and Decryption in Modes That Allow It (Without Breaking Compatibility)

    14. Parallelizing Encryption and Decryption in Arbitrary Modes (Breaking Compatibility)

    15. Performing File or Disk Encryption

    16. Using a High-Level, Error-Resistant Encryption and Decryption API

    17. Performing Block Cipher Setup (for CBC, CFB, OFB, and ECB Modes) in OpenSSL

    18. Using Variable Key-Length Ciphers in OpenSSL

    19. Disabling Cipher Padding in OpenSSL in CBC Mode

    20. Performing Additional Cipher Setup in OpenSSL

    21. Querying Cipher Configuration Properties in OpenSSL

    22. Performing Low-Level Encryption and Decryption with OpenSSL

    23. Setting Up and Using RC4

    24. Using One-Time Pads

    25. Using Symmetric Encryption with Microsoft's CryptoAPI

    26. Creating a CryptoAPI Key Object from Raw Key Data

    27. Extracting Raw Key Data from a CryptoAPI Key Object

  6. Chapter 6 Hashes and Message Authentication

    1. Understanding the Basics of Hashes and MACs

    2. Deciding Whether to Support Multiple Message Digests or MACs

    3. Choosing a Cryptographic Hash Algorithm

    4. Choosing a Message Authentication Code

    5. Incrementally Hashing Data

    6. Hashing a Single String

    7. Using a Cryptographic Hash

    8. Using a Nonce to Protect Against Birthday Attacks

    9. Checking Message Integrity

    10. Using HMAC

    11. Using OMAC (a Simple Block Cipher-Based MAC)

    12. Using HMAC or OMAC with a Nonce

    13. Using a MAC That's Reasonably Fast in Software and Hardware

    14. Using a MAC That's Optimized for Software Speed

    15. Constructing a Hash Function from a Block Cipher

    16. Using a Block Cipher to Build a Full-Strength Hash Function

    17. Using Smaller MAC Tags

    18. Making Encryption and Message Integrity Work Together

    19. Making Your Own MAC

    20. Encrypting with a Hash Function

    21. Securely Authenticating a MAC (Thwarting Capture Replay Attacks)

    22. Parallelizing MACs

  7. Chapter 7 Public Key Cryptography

    1. Determining When to Use Public Key Cryptography

    2. Selecting a Public Key Algorithm

    3. Selecting Public Key Sizes

    4. Manipulating Big Numbers

    5. Generating a Prime Number (Testing for Primality)

    6. Generating an RSA Key Pair

    7. Disentangling the Public and Private Keys in OpenSSL

    8. Converting Binary Strings to Integers for Use with RSA

    9. Converting Integers into Binary Strings for Use with RSA

    10. Performing Raw Encryption with an RSA Public Key

    11. Performing Raw Decryption Using an RSA Private Key

    12. Signing Data Using an RSA Private Key

    13. Verifying Signed Data Using an RSA Public Key

    14. Securely Signing and Encrypting with RSA

    15. Using the Digital Signature Algorithm (DSA)

    16. Representing Public Keys and Certificates in Binary (DER Encoding)

    17. Representing Keys and Certificates in Plaintext (PEM Encoding)

  8. Chapter 8 Authentication and Key Exchange

    1. Choosing an Authentication Method

    2. Getting User and Group Information on Unix

    3. Getting User and Group Information on Windows

    4. Restricting Access Based on Hostname or IP Address

    5. Generating Random Passwords and Passphrases

    6. Testing the Strength of Passwords

    7. Prompting for a Password

    8. Throttling Failed Authentication Attempts

    9. Performing Password-Based Authentication with crypt( )

    10. Performing Password-Based Authentication with MD5-MCF

    11. Performing Password-Based Authentication with PBKDF2

    12. Authenticating with PAM

    13. Authenticating with Kerberos

    14. Authenticating with HTTP Cookies

    15. Performing Password-Based Authentication and Key Exchange

    16. Performing Authenticated Key Exchange Using RSA

    17. Using Basic Diffie-Hellman Key Agreement

    18. Using Diffie-Hellman and DSA Together

    19. Minimizing the Window of Vulnerability When Authenticating Without a PKI

    20. Providing Forward Secrecy in a Symmetric System

    21. Ensuring Forward Secrecy in a Public Key System

    22. Confirming Requests via Email

  9. Chapter 9 Networking

    1. Creating an SSL Client

    2. Creating an SSL Server

    3. Using Session Caching to Make SSL Servers More Efficient

    4. Securing Web Communication on Windows Using the WinInet API

    5. Enabling SSL without Modifying Source Code

    6. Using Kerberos Encryption

    7. Performing Interprocess Communication Using Sockets

    8. Performing Authentication with Unix Domain Sockets

    9. Performing Session ID Management

    10. Securing Database Connections

    11. Using a Virtual Private Network to Secure Network Connections

    12. Building an Authenticated Secure Channel Without SSL

  10. Chapter 10 Public Key Infrastructure

    1. Understanding Public Key Infrastructure (PKI)

    2. Obtaining a Certificate

    3. Using Root Certificates

    4. Understanding X.509 Certificate Verification Methodology

    5. Performing X.509 Certificate Verification with OpenSSL

    6. Performing X.509 Certificate Verification with CryptoAPI

    7. Verifying an SSL Peer's Certificate

    8. Adding Hostname Checking to Certificate Verification

    9. Using a Whitelist to Verify Certificates

    10. Obtaining Certificate Revocation Lists with OpenSSL

    11. Obtaining CRLs with CryptoAPI

    12. Checking Revocation Status via OCSP with OpenSSL

  11. Chapter 11 Random Numbers

    1. Determining What Kind of Random Numbers to Use

    2. Using a Generic API for Randomness and Entropy

    3. Using the Standard Unix Randomness Infrastructure

    4. Using the Standard Windows Randomness Infrastructure

    5. Using an Application-Level Generator

    6. Reseeding a Pseudo-Random Number Generator

    7. Using an Entropy Gathering Daemon-Compatible Solution

    8. Getting Entropy or Pseudo-Randomness Using EGADS

    9. Using the OpenSSL Random Number API

    10. Getting Random Integers

    11. Getting a Random Integer in a Range

    12. Getting a Random Floating-Point Value with Uniform Distribution

    13. Getting Floating-Point Values with Nonuniform Distributions

    14. Getting a Random Printable ASCII String

    15. Shuffling Fairly

    16. Compressing Data with Entropy into a Fixed-Size Seed

    17. Getting Entropy at Startup

    18. Statistically Testing Random Numbers

    19. Performing Entropy Estimation and Management

    20. Gathering Entropy from the Keyboard

    21. Gathering Entropy from Mouse Events on Windows

    22. Gathering Entropy from Thread Timings

    23. Gathering Entropy from System State

  12. Chapter 12 Anti-Tampering

    1. Understanding the Problem of Software Protection

    2. Detecting Modification

    3. Obfuscating Code

    4. Performing Bit and Byte Obfuscation

    5. Performing Constant Transforms on Variables

    6. Merging Scalar Variables

    7. Splitting Variables

    8. Disguising Boolean Values

    9. Using Function Pointers

    10. Restructuring Arrays

    11. Hiding Strings

    12. Detecting Debuggers

    13. Detecting Unix Debuggers

    14. Detecting Windows Debuggers

    15. Detecting SoftICE

    16. Countering Disassembly

    17. Using Self-Modifying Code

  13. Chapter 13 Other Topics

    1. Performing Error Handling

    2. Erasing Data from Memory Securely

    3. Preventing Memory from Being Paged to Disk

    4. Using Variable Arguments Properly

    5. Performing Proper Signal Handling

    6. Protecting against Shatter Attacks on Windows

    7. Guarding Against Spawning Too Many Threads

    8. Guarding Against Creating Too Many Network Sockets

    9. Guarding Against Resource Starvation Attacks on Unix

    10. Guarding Against Resource Starvation Attacks on Windows

    11. Following Best Practices for Audit Logging

  1. Colophon

View Full Table of Contents
Product Details
Title:
Secure Programming Cookbook for C and C++
By:
John Viega, Matt Messier
Publisher:
O'Reilly Media
Formats:
  • Print
  • Ebook
  • Safari Books Online
Print Release:
July 2003
Ebook Release:
February 2009
Pages:
792
Print ISBN:
978-0-596-00394-4
| ISBN 10:
0-596-00394-3
Ebook ISBN:
978-0-596-10389-7
| ISBN 10:
0-596-10389-1
Customer Reviews
About the Authors

  1. John Viega

    John Viega, Founder and Chief Scientist of Secure Software (www.securesoftware.com), is a well-known security expert, and coauthor of Building Secure Software (Addison-Wesley) and Network Security with OpenSSL (O'Reilly). John is responsible for numerous software security tools, and is the original author of Mailman, the GNU mailing list manager. He holds a B.A. and M.S. in Computer Science from the University of Virginia. Mr. Viega is also an Adjunct Professor of Computer Science at Virginia Tech (Blacksburg, VA) and a Senior Policy Researcher at the Cyberspace Policy Institute, and he serves on the Technical Advisory Board for the Open Web Applications Security Project. He also founded a Washington, D.C. area security interest group that conducts monthly lectures presented by leading experts in the field. He is the author or coauthor of nearly 80 technical publications, including numerous refereed research papers and trade articles.

    View John Viega's full profile page.

  2. Matt Messier

    Matt Messier, Director of Engineering at Secure Software, is a security authority who has been programming for nearly two decades. Besides coauthoring Network Security with OpenSSL, Matt coauthored the Safe C String Library, RATS, and EGADS, an Entropy Gathering and Distribution System used for securely seeding pseudo-random number generators. Prior to joining Secure Software, Matt worked for IBM and Lotus, on source and assembly level debugging techniques, and operating system concepts.

    View Matt Messier's full profile page.

Colophon

Our look is the result of reader comments, our own experimentation, and feedback from distribution channels. Distinctive covers complement our distinctive approach to technical topics, breathing personality and life into potentially dry subjects. The animal on the cover of Secure Programming Cookbook for C and C++ is a crested porcupine. Crested porcupines (Hystrix cristata) are the largest porcupines on earth. Adults can weigh as much as 50 pounds, and their average length is between 25 and 30 inches. They have been known to live over 20 years while in captivity.

The crested porcupine is covered with black bristly fur. But running down the top of its head and neck is a crest of white bristly hairs that give way to an array of black and white spines that cover the animal's back, sides, and short tail. The short spines on the tail are hollow, which makes them rattle when shaken.

Highly adaptable creatures, crested porcupines can live in forests, plantations, rocky or mountainous areas, as well as deserts. They are found in Italy, Sicily, and along the Mediterranean coast of Africa as far south as Tanzania and northern Congo. They they shelter in caves, rock crevices, aardvark holes, or burrows they dig themselves. These burrows are often extensive and can be used for many years.

Crested porcupines live in monogamous pairs and form family groups sharing complex burrows. They are nocturnal and forage at night, moving along tracks or roads. They will often travel up to nine miles per night in search of food. They primarily eat roots, bark, and fallen fruit, but have a fondness, too, for cultivated root crops such as cassava, potatoes, and carrots. Although they are vegetarians, porcupine burrows are often littered with bones. They gnaw on the bones to sharpen their incisor teeth and to obtain calcium.

At birth, crested porcupines weigh only three percent of their mother's weight. When born, the young porcupine's quills are white and soft, although they start to become hard within hours. Their eyes are open and incisors are already crowning shortly after birth. After only one week, their spines begin to harden and, although small, they leave the nest.

When threatened, the crested porcupine raises and fans its quills to create the illusion of greater size. The crested porcupine will then stamp its feet, click its teeth, and growl or hiss while vibrating specialized quills that produce a characteristic rattle. The "rattle quills" on the end of the tail are hollow and open at the end, thus producing the most noise. If an enemy persists, the porcupine runs backward until it rams its attacker. Such attacks have been known to kill lions, leopards, hyenas, and humans-- and these predators have often been found with porcupine quills lodged in their throats. New quills grow in to replace lost ones.

Porcupine quills have long been a favorite ornament and good luck charm in Africa. The hollow rattle quills serve as musical instruments and were once used as containers for gold dust. Darren Kelly was the production editor, and Leanne Soylemez was the copyeditor for Secure Programming Cookbook for C and C++. Derek Di Matteo, Reg Aubry, Claire Cloutier, and Jane Ellin provided quality control. John Bickelhaupt wrote the index. Jamie Peppard, Reg Aubry, Judy Hoer, and Mary Agner provided production support.

Emma Colby designed the cover of this book, based on a series design by Edie Freedman. The cover image is a 19th-century engraving from the Dover Pictorial Archive. Emma Colby produced the cover layout with QuarkXPress 4.1 using Adobe's ITC Garamond font.

David Futato designed the interior layout. This book was converted by Joe Wizda to FrameMaker 5.5.6 with a format conversion tool created by Erik Ray, Jason McIntosh, Neil Walls, and Mike Sierra, which uses Perl and XML technologies. The text font is Linotype Birka; the heading font is Adobe Myriad Condensed; and the code font is LucasFont's TheSans Mono Condensed. The illustrations that appear in the book were produced by Robert Romano and Jessamyn Read using Macromedia Free-Hand 9 and Adobe Photoshop 6. The tip and warning icons were drawn by Christopher Bing. This colophon was written by Darren Kelly.

  • Book cover of Secure Programming Cookbook for C and C++
Got a Question?
icons
Favicon Service and support by Satisfaction