Secure Coding in C and C++ (SEI Series in Software Engineering)

This is an excellent text offering an overview of all the various ways that programmers leave holes in their software that malicious hackers (Black Hat Hackers) can use to attack software. The simple examples demonstrate how a malicious hacker would write code to attack your system, and infiltrate your systems to gather information for criminal activity or use.The author includes suggestions and examples of how to avoid programming these types of vulnerabilities into your software projects.In today's age, more often than not, fixing "bugs" in programs is based on the business model of a Return-On-Investment (ROI). As a result, coding vulnerabilities are often left in place to avoid the expense and time required to track issues, re-code, and test the software.Unfortunately, after reading this text, I realize that the problems didn't start with the business model, but with how programmers are trained. Beginning students of programming are not made aware of the concerns presented in this text, and how to correct for them until much later, IF at all, in their training.As a result, students will form bad-habits in their coding paradigm that this text addresses.This text or similar needs to be a mandate for beginning programmers. I, certainly, wish that my professors and mentors had brought the topics contained in this book to my attention as a beginning student in the field.This text has a permanent place in my library.Respectfully,MJR

You could probably read the book in about 2 - 4 days. The writing style is clean, concise, and straightforward. While there are code examples in C and C++, you could easily understand nearly everything the author says about security (if you have a programming background in general). What he says is spot on and combines a fair amount of software code security knowledge in one place. What is important is to be aware of several of these issues which could assist you in evaluating software, understanding some of the risks with software, and if you write code (even if it is in Java, C#, Ruby, PHP or whatever) to be aware of the consequences of certain code writing styles and choices.

This is a good start into thinking more securely as a programmer. I think it's important knowledge if you regularly program in C/C++. Everyone who's used the language knows that "pointers can get you into trouble," but knowing exactly what can be used against your lack of oversight is a much more concrete motivation to pay attention. If you're one of those punk kids who always wants to know why you follow proper practices, read it. These languages give you freedom under the assumption you know what you're doing, and this book definitely helps.That said, I think while its initial impact is significant, it's value drops significantly after the first read, as its lessons are more philosophical than a reference. Unless you're loaning it out to punk kids you work with who need to stop recklessly managing memory. If you or someone you know thinks C is anything but a cold harsh mistress with no more attachment to you than your goldfish, this book is probably for you.An intermediate knowledge of a C language is necessary, although I'd say memory of irresponsible design decisions helps reinforce the material better.

This book is great. It not only goes through how to program c and c++ securely but also discusses how to exploit conditions that occur when these guidelines aren't followed. You will need to know both languages because the book doesn't go in detail to the languages but that is to be expected.

Must read, does some excellent coverage of some code constructs for security. Lots to learn in here.

I suspect that over half the material is background about aspects of programming. So much so that this book could almost serve as a reference to the C language and its libraries. The material about secure programming is fine, but I would like more of that and less of the other.

Book completely meets all your requirements. I am really glad that I have this book in the my collection now.

Deep in language and security aspects. Good learning for pratice of programming. More exemples is need to best understand. Have fun!

Most notable feature of the book, is that it explains the language-specific background before explaining the security issue. This is very useful for people who are doing security reviews but aren't much experienced with the details of C/C++.Overall, you could use it as a reference to better understand (and therefore analyze) many vulnerable C/C++ code you may face.

A really good book on software security. It also covers C++11.

I like it

Dont expect much C++ or Windows material here. The bulk of the book is dedicated to an explenation of buffer overflows using C-style programming (static arrays, raw pointers and Linux API), pointer and integer overflows too.A C++ programmer will find very little here since the language and programming style inherently avoids many of the pitfalls described. Also there are very few examples using Windows API

Excrutiating. Move on already!