File Name: The CERT® C Coding Standard, Second Edition: 98 Rules for Developing Safe, Reliable, and Secure Systems (2nd Edition) (SEI Series in Software Engineering).pdf
File Size: 41,9 Mb
Total Read : 40
Total Download : 717
Uploaded: Saturday, 24-06-2017 New
Status: AVAILABLE Last checked: 29 Minutes ago!
Rating: 4.2/5 from 22191 votes.
“At Cisco, we have adopted the CERT C Coding Standard as the internal secure coding standard for all C developers. It is a core component of our secure development lifecycle. The coding standard described in this book breaks down complex software security topics into easy-to-follow rules with excellent real-world examples. It is an essential reference for any developer who wishes to write secure and resilient software in C and C++.”
—Edward D. Paradise, vice president, engineering, threat response, intelligence, and development, Cisco Systems
Secure programming in C can be more difficult than even many experienced programmers realize. To help programmers write more secure code, The CERT® C Coding Standard, Second Edition, fully documents the second official release of the CERT standard for secure coding in C. The rules laid forth in this new edition will help ensure that programmers’ code fully complies with the new C11 standard; it also addresses earlier versions, including C99.
The new standard itemizes those coding errors that are the root causes of current software vulnerabilities in C, prioritizing them by severity, likelihood of exploitation, and remediation costs. Each of the text’s 98 guidelines includes examples of insecure code as well as secure, C11-conforming, alternative implementations. If uniformly applied, these guidelines will eliminate critical coding errors that lead to buffer overflows, format-string vulnerabilities, integer overflow, and other common vulnerabilities.
This book reflects numerous experts’ contributions to the open development and review of the rules and recommendations that comprise this standard.
29 Comments Comment
Finally I get this ebook, thanks for all these The CERT® C Coding Standard, Second Edition: 98 Rules for Developing Safe, Reliable, and Secure Systems (2nd Edition) (SEI Series in Software Engineering) I can get now!
I was suspicious at first when I got redirected to the membership site. Now I'm really excited I found this online library....many thanks Kisses
I did not think that this would work, my best friend showed me this website, and it does! I get my most wanted eBook
I found out about Playster in the New York times and I'm very happy about it: “One of the newest contenders in the crowded field, a company based in Montreal called Playster, offers music, games, TV shows, movies and e-books through its service. Playster recently struck a deal with HarperCollins to include 14,000 backlist books in its service.”
My friends are so mad that they do not know how I have all the high quality ebook which they do not!
I stumbled upon Playster 2 months ago. I've upgraded to a premium membership already. The platform now carries audiobooks from: Simon & Schuster, Macmillan, HarperCollins UK, Recorded Books, Tantor, and Highbridge. HarperCollins US titles are already in the library. Great service.
so many fake sites. this is the first one which worked! Many thanks
wtffff i do not understand this!
2 of 2 people found the following review helpful.
... for the right audience. Not all software has to be held to the same standards of rigor. Your car's antillock brakes and airbags, for example, can kill people if they don't work right, The same is not true of CD player's audio decoder. Among personal electronics, you should have different expectations of your implanted pacemaker than of that $0.99 app you just downloaded.
This book is for the airbag and pacemaker crowd, not the music and games people. It's for the times when your software absolutely has to be right. And, frankly, the "proof of correctness" schemes I've seen just aren't good enough. For example, in twos-comp arithmetic (by far the most popular), a minus sign can cause integer overflow. You might expect that for a negative value of X, the value of (-X) would be positive - well, not always. There's that one special case where that's not true. (Was that case part of your theorem prover? If not, it's not a proof.) This book goes into that mouse-milking level of detail, shows examples of the errors, and show examples of how to code past them using standardized C constructs.
If you thought that was a unique corner case - well, it is, but the world is a Koch Snowflake of corner cases. Some have destroyed space missions and killed cancer patients. When utter correctness matters, too many factors show it to be impossible for any software to meet that standard. All you can do is fight the demons you know, and this introduces you to a fair menagerie of them.
Perhaps you lived through "coding standard" wars of various kinds, mostly centered on how many spaces to indent, where to capitalize variable names, or when to use a verb in a function name. This isn't that kind of coding standard. It ignores typography completely and gets straight to right and wrong answers, and some ways to avoid being wrong.
Nothing can ensure your program's perfect correctness - the Halting Problem robbed of of that comforting certainty. Books like this, however, can help you avoid conspicuous problems. Examples range from high-level things like shared access to files, down to the nittiest cases of arithmetic weirdness (of which there are many). All of that gives this book a ponderous pace, exposing each of the maculae in excruciating detail, and presenting fixes that strain one's attention even more -
- until a billion-dollar space probe or a patient's life depend of getting it truly, absolutely right. That's when you'll absorb every line of this book and beg for more.
0 of 0 people found the following review helpful.
It also makes for a great guide to efficient C++ and PIC programs
By Cameron O.
7 of 7 people found the following review helpful.
Don’t code in C without this invaluable reference
By Ben Rothke
For those interested in secure coding, Robert Seacord of CERT is one of the main sources on the topic. Some of the notable books he has authored are:
• Secure Coding in C and C++
• Java Coding Guidelines: 75 Recommendations for Reliable and Secure Programs
• Modernizing Legacy Systems: Software Technologies, Engineering Processes, and Business Practices
• The CERT Oracle Secure Coding Standard for Java
Seacord’s latest is the CERT C Coding Standard: 98 Rules for Developing Safe, Reliable, and Secure Systems.
The book covers the entire core areas that every C programmer needs to know, including areas such as:
• characters and strings
• floating point
• memory management
• declarations and initialization
• error handling
The rules in the book can be used in parallel to ensure code is C11 (ISO/IEC 9899:2011) compliant.
Each of the rules in the book has the same format: title, description, noncompliant code examples and compliant solutions.
Programmers that implement these coding standards will find short-term gains in that the coding mistakes that leads to critical application errors such as buffer overflows are now mitigated.
This book is meant as a desktop reference for those coding in C. If you have programmers coding in C, you want to ensure that this book is on their desktop,
The goal of the book and its rules is meant to develop safe, reliable, and secure systems. Anyone who wants to do that should read definitely be reading CERT C Coding Standard: 98 Rules for Developing Safe, Reliable, and Secure Systems.
Certain content that appears on this Landing Page comes from Amazon Services LLC. This content prvoided 'as is' and is subject to change or removal at any time.
This Landing Page serve the products as Amazon Associates.
Product prices and availability are accurate and served realtime from Amazon Services. Any price and availability information displayed on Amazon.com at the time of purchase will apply to the purchase of this product.
We also record usage data such as the pages visited. This information is completely anonymous.
Any information we hold is secured in accordance with our internal security policy.
We does not sell any information about their customers; as simple as that. We will not forward your details on to any third party at any time.
DMCA Digital Millennium Copyright Act Notice (DMCA) If you believe that material available on our sites, infringes on your copyright(s), please notify us by providing a DMCA notice. Upon receipt of a complete and valid notice, we will remove the material and make a good faith attempt to contact the user who uploaded or embedded the material by email.
Your DMCA Notice may be forwarded to the party that made the material available or to third parties .
Our site is a personal review website. As such, before submitting a DMCA notice for material on which you own a copyright, it’s important to consider if the manner in which the material is used falls under fair use. If you are not sure material located on or linked-to by a our site infringes your copyright, you should consider first contacting an attorney. Please be advised that you may be liable for damages (including costs and attorneys’ fees) if you materially misrepresent that material or activity is infringing – and we have and will seek to collect those damages.
Send your complaint to our designated agent via email [email protected]
xpro1.info respects the intellectual property of others. If you believe that your copyrighted work has been copied in a way that constitutes copyright infringement and is accessible on this site, you may notify our copyright agent, as set forth in the Digital Millennium Copyright Act of 1998 (DMCA). For your complaint to be valid under the DMCA, you must provide the following information when providing notice of the claimed copyright infringement:
* A physical or electronic signature of a person authorized to act on behalf of the copyright owner Identification of the copyrighted work claimed to have been infringed
* Identification of the material that is claimed to be infringing or to be the subject of the infringing activity and that is to be removed
* Information reasonably sufficient to permit the service provider to contact the complaining party, such as an address, telephone number, and, if available, an electronic mail address
* A statement that the complaining party “in good faith believes that use of the material in the manner complained of is not authorized by the copyright owner, its agent, or law”
* A statement that the “information in the notification is accurate”, and “under penalty of perjury, the complaining party is authorized to act on behalf of the owner of an exclusive right that is allegedly infringed”
The above information must be submitted as a written, faxed or emailed notification to the following Designated Agent:
Attn: DMCA Office xpro1.info PSC 464 Box 20R, FPO AP 96522 [email protected]
WE CAUTION YOU THAT UNDER FEDERAL LAW, IF YOU KNOWINGLY MISREPRESENT THAT ONLINE MATERIAL IS INFRINGING, YOU MAY BE SUBJECT TO HEAVY CIVIL PENALTIES. THESE INCLUDE MONETARY DAMAGES, COURT COSTS, AND ATTORNEYS’ FEES INCURRED BY US, BY ANY COPYRIGHT OWNER, OR BY ANY COPYRIGHT OWNER’S LICENSEE THAT IS INJURED AS A RESULT OF OUR RELYING UPON YOUR MISREPRESENTATION. YOU MAY ALSO BE SUBJECT TO CRIMINAL PROSECUTION FOR PERJURY. This information should not be construed as legal advice, for further details on the information required for valid DMCA notifications, see 17 U.S.C. 512(c)(3).
15988 Users Online Now