Programming Books C Java PHP Python Learn more Browse Programming Books
Secure Coding in C and C++ (2nd Edition) and over one million other books are available for Amazon Kindle. Learn more
Qty:1
  • List Price: $54.99
  • Save: $11.00 (20%)
In Stock.
Ships from and sold by Amazon.com.
Gift-wrap available.
Secure Coding in C and C+... has been added to your Cart
+ $3.99 shipping
Used: Like New | Details
Condition: Used: Like New
Comment: Unread copy in perfect condition.
Access codes and supplements are not guaranteed with used items.
Sell yours for a Gift Card
We'll buy it for $18.25
Learn More
Trade in now
Have one to sell? Sell on Amazon
Flip to back Flip to front
Listen Playing... Paused   You're listening to a sample of the Audible audio edition.
Learn more
See this image

Secure Coding in C and C++ (2nd Edition) (SEI Series in Software Engineering) Paperback – April 12, 2013

ISBN-13: 978-0321822130 ISBN-10: 0321822137 Edition: 2nd

Buy New
Price: $43.99
32 New from $38.76 19 Used from $34.98
Amazon Price New from Used from
Kindle
"Please retry"
Paperback
"Please retry"
$43.99
$38.76 $34.98
Take%20an%20Extra%2030%25%20Off%20Any%20Book

Special Offers and Product Promotions

  • Take an Extra 30% Off Any Book: Use promo code HOLIDAY30 at checkout to get an extra 30% off any book for a limited time. Excludes Kindle eBooks and Audible Audiobooks. Restrictions apply. Learn more.


Frequently Bought Together

Secure Coding in C and C++ (2nd Edition) (SEI Series in Software Engineering) + The CERT® C Coding Standard, Second Edition: 98 Rules for Developing Safe, Reliable, and Secure Systems (2nd Edition) (SEI Series in Software Engineering) + Java Coding Guidelines: 75 Recommendations for Reliable and Secure Programs (SEI Series in Software Engineering)
Price for all three: $123.74

Buy the selected items together

NO_CONTENT_IN_FEATURE

Shop the new tech.book(store)
New! Introducing the tech.book(store), a hub for Software Developers and Architects, Networking Administrators, TPMs, and other technology professionals to find highly-rated and highly-relevant career resources. Shop books on programming and big data, or read this week's blog posts by authors and thought-leaders in the tech industry. > Shop now

Product Details

  • Series: SEI Series in Software Engineering
  • Paperback: 600 pages
  • Publisher: Addison-Wesley Professional; 2 edition (April 12, 2013)
  • Language: English
  • ISBN-10: 0321822137
  • ISBN-13: 978-0321822130
  • Product Dimensions: 7.2 x 1.2 x 9.2 inches
  • Shipping Weight: 2 pounds (View shipping rates and policies)
  • Average Customer Review: 4.6 out of 5 stars  See all reviews (10 customer reviews)
  • Amazon Best Sellers Rank: #159,327 in Books (See Top 100 in Books)

Editorial Reviews

About the Author

Robert C. Seacord is currently the Secure Coding Technical Manager in the CERT Program of Carnegie Mellon’s Software Engineering Institute (SEI). He is the author or coauthor of five books, including The CERT ® C Secure Coding Standard (Addison-Wesley, 2009), and is the author and instructor of a video training series, Professional C Programming LiveLessons, Part I: Writing Robust, Secure, Reliable Code (Addison-Wesley, 2013).

 


More About the Author

Robert C. Seacord is a computer scientist, computer security specialist, and writer. He is the author of books on computer security, legacy system modernization, and component-based software engineering. He has a Bachelor in computer science from Rensselaer Polytechnic Institute.

Robert C. Seacord manages the Secure Coding Initiative at CERT, located in Carnegie Mellon's Software Engineering Institute (SEI) in Pittsburgh, PA. CERT, among other security related activities, regularly analyzes software vulnerability reports and assesses the risk to the Internet and other critical infrastructure. Robert is an adjunct professor in the Carnegie Mellon University School of Computer Science and in the Information Networking Institute.

Robert started programming professionally for IBM in 1982, working in communications and operating system software, processor development, and software engineering. Robert also has worked at the X Consortium, where he developed and maintained code for the Common Desktop Environment and the X Window System.

Customer Reviews

4.6 out of 5 stars
5 star
7
4 star
2
3 star
1
2 star
0
1 star
0
See all 10 customer reviews
The book shows how they are exploited and how they can be fixed.
Ben Rothke
This book covers a variety of topics going in depth on how to exploit vulnerable programs, describing important case studies, and securing code.
Michael
This is must read for C++ and C developers, but I would also recommend it for any programmer or architect of any language.
T. Anderson

Most Helpful Customer Reviews

14 of 14 people found the following review helpful By mdub on October 10, 2013
Format: Paperback
As a C++ application developer, this book is simply not what I excpected. Most of the security issues surround the use of C API and C-style programming. The C++ parts are skimpy and often presented as safer alternatives.

Still, there is a lot of interesting stuff here. I like that each chapter goes into a lot of detail explaining how things work (stack, heap, file systems, etc) before the security holes are presented. On the other hand the chapter on threads include little more than an explenantion of how threads work and synchronize.

Overall great for C programmers, but not really for those that already embrace the C++ programming style (std::string, RAII/smart ptrs , iostreams, boost thread/filesystem, etc)
Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again
5 of 5 people found the following review helpful By Michael on May 12, 2013
Format: Paperback
This is a great book that should be required reading for anyone interested in learning how to exploit vulnerable code and secure their C and C++ programs. This book covers a variety of topics going in depth on how to exploit vulnerable programs, describing important case studies, and securing code. Seacord provides excellent explanations for how and why C and C++ programs are so easily vulnerable to attack as well as the solutions to these vulnerabilities.

A new C/C++ programmer might find the field of hacking, bug fixes, and computer security to be quite intimidating. Writing code that is secure against security exploits can be quite difficult because of the seemingly unlimited number of ways an attacker can exploit code. Seacord's new book is exceptional because of the thoroughness with which the book covers all topics including security holes, history, and consequences of being attacked.

While reading through this book, one point that surprised me was that even perfectly reasonable code can be easily exploitable code when seen through the eyes of a malicious attacker. Many of these problems occur because of the way in which C is designed, trusting the coder to make the correct decisions in favor of fast performance. Unfortunately, new programers cannot know what the correct decision is unless they have studied the problem of attacking and securing code. This book is great material for anyone who wants to learn how to see code through the eyes of an attacker and also to defend against malicious code. This book should definitely be required reading for anyone interested in securing their C code as well as learning how attackers exploit code.
Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again
7 of 8 people found the following review helpful By Ben Rothke on May 7, 2013
Format: Paperback
Behind nearly every security vulnerability is poorly written or insecure code. Fix the code and a majority of the security vulnerabilities go away.

In the just released 2nd edition of Secure Coding in C and C++, author Robert Seacord of CERT has created an invaluable resource for developers.

Research from OWASP and CERT shows that a lion's share of core vulnerabilities can be found in a small number of root causes. In the book, Seacord tackles those root causes.

Like a good programmer, the book is methodical and details all of the core areas which can lead to security vulnerabilities. The book shows how they are exploited and how they can be fixed.

The average C programmer knows about buffer overflows, authentication, format strings and more. But if they don't know how to write secure code, they will invariably write insecure code.

Aside from the inherent security and privacy benefits, there is significant cost savings to writing secure code.

For anyone who codes in C or C++, Secure Coding in C and C++ should be required reading.
Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again
3 of 3 people found the following review helpful By Michael Reeves on October 8, 2013
Format: Paperback Verified Purchase
This is an excellent text offering an overview of all the various ways that programmers leave holes in their software that malicious hackers (Black Hat Hackers) can use to attack software. The simple examples demonstrate how a malicious hacker would write code to attack your system, and infiltrate your systems to gather information for criminal activity or use.

The author includes suggestions and examples of how to avoid programming these types of vulnerabilities into your software projects.

In today's age, more often than not, fixing "bugs" in programs is based on the business model of a Return-On-Investment (ROI). As a result, coding vulnerabilities are often left in place to avoid the expense and time required to track issues, re-code, and test the software.

Unfortunately, after reading this text, I realize that the problems didn't start with the business model, but with how programmers are trained. Beginning students of programming are not made aware of the concerns presented in this text, and how to correct for them until much later, IF at all, in their training.

As a result, students will form bad-habits in their coding paradigm that this text addresses.

This text or similar needs to be a mandate for beginning programmers. I, certainly, wish that my professors and mentors had brought the topics contained in this book to my attention as a beginning student in the field.

This text has a permanent place in my library.

Respectfully,

MJR
Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again
1 of 1 people found the following review helpful By Anonymous Customer on August 29, 2013
Format: Paperback Verified Purchase
This is a good start into thinking more securely as a programmer. I think it's important knowledge if you regularly program in C/C++. Everyone who's used the language knows that "pointers can get you into trouble," but knowing exactly what can be used against your lack of oversight is a much more concrete motivation to pay attention. If you're one of those punk kids who always wants to know why you follow proper practices, read it. These languages give you freedom under the assumption you know what you're doing, and this book definitely helps.

That said, I think while its initial impact is significant, it's value drops significantly after the first read, as its lessons are more philosophical than a reference. Unless you're loaning it out to punk kids you work with who need to stop recklessly managing memory. If you or someone you know thinks C is anything but a cold harsh mistress with no more attachment to you than your goldfish, this book is probably for you.

An intermediate knowledge of a C language is necessary, although I'd say memory of irresponsible design decisions helps reinforce the material better.
Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again

What Other Items Do Customers Buy After Viewing This Item?