Secure Programming Cookbook for C and C++ and over one million other books are available for Amazon Kindle. Learn more
Qty:1
  • List Price: $74.99
  • Save: $9.07 (12%)
In Stock.
Ships from and sold by Amazon.com.
Gift-wrap available.
Secure Programming Cookbo... has been added to your Cart
Condition: Used: Good
Comment: This is a used text in good condition. It may have some writing and highlighting. Ships directly from Amazon. All Supplemental discs, materials, or access codes should be included. Eligible for free super saver shipping.
Access codes and supplements are not guaranteed with used items.
Sell yours for a Gift Card
We'll buy it for $8.04
Learn More
Trade in now
Have one to sell? Sell on Amazon
Flip to back Flip to front
Listen Playing... Paused   You're listening to a sample of the Audible audio edition.
Learn more
See all 2 images

Secure Programming Cookbook for C and C++: Recipes for Cryptography, Authentication, Input Validation & More Paperback – July 21, 2003

ISBN-13: 063-6920003946 ISBN-10: 0596003943 Edition: 1st

Buy New
Price: $65.92
30 New from $41.72 26 Used from $18.50
Amazon Price New from Used from
Kindle
"Please retry"
Paperback
"Please retry"
$65.92
$41.72 $18.50
Free%20Two-Day%20Shipping%20for%20College%20Students%20with%20Amazon%20Student


Hero Quick Promo
Save up to 90% on Textbooks
Rent textbooks, buy textbooks, or get up to 80% back when you sell us your books. Shop Now

Frequently Bought Together

Secure Programming Cookbook for C and C++: Recipes for Cryptography, Authentication, Input Validation & More + Network Security with OpenSSL + Implementing SSL / TLS Using Cryptography and PKI
Price for all three: $137.09

Buy the selected items together

Editorial Reviews

Review

"This is a book that's long overdue and makes for an interesting and deeply technical read on a topic that we should all core about more. Yes, it's limited to C and C++ readers, but with the majority of key applications being written in these languages that's where the biggest benefit can be had - give the sample chapter a read, and you'll soon be on your way to the books store to buy the rest of it." "A powerful and initially somewhat scary book that will quickly get you thinking about security while you program - as opposed to as an afterthought." - Paul Hudson, LinuxFormat, Christmas 03 - Rating 10/10 - Top Stuff Award

About the Author

John Viega, Founder and Chief Scientist of Secure Software (www.securesoftware.com), is a well-known security expert, and coauthor of Building Secure Software (Addison-Wesley) and Network Security with OpenSSL (O'Reilly). John is responsible for numerous software security tools, and is the original author of Mailman, the GNU mailing list manager. He holds a B.A. and M.S. in Computer Science from the University of Virginia. Mr. Viega is also an Adjunct Professor of Computer Science at Virginia Tech (Blacksburg, VA) and a Senior Policy Researcher at the Cyberspace Policy Institute, and he serves on the Technical Advisory Board for the Open Web Applications Security Project. He also founded a Washington, D.C. area security interest group that conducts monthly lectures presented by leading experts in the field. He is the author or coauthor of nearly 80 technical publications, including numerous refereed research papers and trade articles.

Matt Messier, Director of Engineering at Secure Software, is a security authority who has been programming for nearly two decades. Besides coauthoring Network Security with OpenSSL, Matt coauthored the Safe C String Library, RATS, and EGADS, an Entropy Gathering and Distribution System used for securely seeding pseudo-random number generators. Prior to joining Secure Software, Matt worked for IBM and Lotus, on source and assembly level debugging techniques, and operating system concepts.

NO_CONTENT_IN_FEATURE

Shop the new tech.book(store)
New! Introducing the tech.book(store), a hub for Software Developers and Architects, Networking Administrators, TPMs, and other technology professionals to find highly-rated and highly-relevant career resources. Shop books on programming and big data, or read this week's blog posts by authors and thought-leaders in the tech industry. > Shop now

Product Details

  • Paperback: 792 pages
  • Publisher: O'Reilly Media; 1 edition (July 24, 2003)
  • Language: English
  • ISBN-10: 0596003943
  • ISBN-13: 978-0596003944
  • Product Dimensions: 7 x 1.5 x 9.2 inches
  • Shipping Weight: 2.4 pounds (View shipping rates and policies)
  • Average Customer Review: 4.2 out of 5 stars  See all reviews (12 customer reviews)
  • Amazon Best Sellers Rank: #278,283 in Books (See Top 100 in Books)

More About the Author

John is Executive Vice President at SilverSky, the leader in cloud security solutions. John is the former editor-in-chief for IEEE Security and Privacy Magazine, and his technical work in cryptography has been standardized by NIST, the IEEE and IETF. Prior to SilverSky, John was CTO for Software-as-a-Service at McAfee.

John started out writing fiction in high school and college, but Randy Pausch (of Last Lecture Fame) convinced him to make a career in technology.


Customer Reviews

If you develop software, any kind of software, you need this book.
Brian Wotring
I find myself reading the book more and more, jumping back and forth between sections I find interesting and useful.
"lucincia"
If you want to code from scratch, his book is a good starting point.
W Boudville

Most Helpful Customer Reviews

16 of 17 people found the following review helpful By "lucincia" on October 16, 2003
Format: Paperback
To be truthful, I bought this book because the "gang" I hang out with is mentioned in the Acknowledgments section of the book. That was the ONLY reason when I sent money to Amazon.Com and purchased it for the dusty collection on my bookshelf.
But, when I got it and chuckled over the Acknowledgements section, I started to mindlessly flip through the book. Mindless page flipping soon turned to semi-conscious scanning. Semi-conscious scanning soon turned to serious reading. I find myself reading the book more and more, jumping back and forth between sections I find interesting and useful.
As a Windows C++ programmer for in-house tools, I do not dwell much on secure programming concepts. Yes, this is very, very bad way to program, so those of you reading this review should not try it at home. This book has shown the errors of my ways, revealed security issues that I have overlooked by accident or on purpose and gave concepts and examples that I can apply in my projects.
This book is one reference that I will be going back over and over again. The authors and editors have done a wonderful job to make the reading flow nice and easy. It is also very well laid out by stating the problem you may encounter, followed by a solution and then detailed discussion section with code samples.
For any C/C++ programmer making software to be used by more than one person, this reference book is a must.
You can still read the Acknowledgments and marvel at my name on there, of course.
1 Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again
17 of 19 people found the following review helpful By W Boudville HALL OF FAMETOP 1000 REVIEWERVINE VOICE on August 17, 2003
Format: Paperback
If you are interested in encryption, you should probably get Bruce Schneier's Applied Cryptography, which is generally considered the standard summary of the field. But suppose you actually want to use some of the symmetric key or public key methods he describes? If you want to code from scratch, his book is a good starting point. But if you want to quickly avail yourself of the best existing methods and you don't want to reinvent the wheel by recoding? Also, it can be risky to do that. A mistake made in coding a crypto algorithm might render it insecure. Better to use reviewed, tested code.
If this describes your needs and you code in C or C++, then this book will be invaluable. Extensive code fragments that show how you can interface to existing crypto packages. Very detailed. You won't find theorems or any elegant maths here. No Chinese Remainder Theorem or Fermat's theorems. You have to already know or accept the theoretical underpinnings.
Given this, the book takes you into the nitty gritty of every major publicly available cryptosystem. With up to date assessments of their comparative strengths.
All of the above is aimed at application developers. The book also has sections for sysadmins of both unix and Microsoft operating systems, replete with suggestions on patching and good practice.
Don't be daunted by the book's heft. It is encyclopaedic in scope, and access is reasonably random access. The authors have striven to comprehensively span the field. You don't have to read from start to finish before you can commence using it.
Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again
9 of 10 people found the following review helpful By Brian Wotring on August 8, 2003
Format: Paperback
If you develop software, any kind of software, you need this book.
The importance of understanding the security surrounding the development of software is finally being realized. This book provides a complete reference for the secure implementation of common operations that software developers often fail to do correctly.
One of the best things about this book is that it covers so many topics that are often left out of secure programming texts. It is in cookbook format which is really nice for quick reference as well as accommodating readers that have different levels of experience in this area. Both the problem and the solution are explained and real source code is provided leaving the reader with an understanding of the risks, and practical solutions that can be incorporated into their software projects.
The topics that impressed me most were: privilege separation, secure child process creation, executing external processes, safe file and string operations, random number generation, input validation, and the ways to safeguard against many types of attacks. There are also many good tips for safeguarding networked applications. For the more intensive apps, there is in-depth coverage of symmetric and public key crypto, key management, using OpenSSL, and dealing with X.509 certs (including validation techniques).
It's nice to see so much useful information related to secure software development packed into a single resource!
Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again
7 of 8 people found the following review helpful By Dan B. on September 16, 2003
Format: Paperback
There are many books on how to write programs in C and C++, and many people learn to write programs from them. What few (if any) of them tell you is the safe way to develop programs. With the release of Secure Programming Cookbook there is now a wealth of knowledge on the subject in one handy tome.
The examples are clearly written and show clearly how the recipe will help in specific or general situations. There are a lot of solid discussion of input validation, environment handling, string handling, access controls, and cryptography. In fact there was more crypto discussion than I expected, but it's all very good and if not applicable today, hopefully it will be some day.
This book is jam packed with excellent examples and discussion of ways to prevent programs from doing bad, and most of the time unexpected or unplanned, things. The diligent C or C++ programmer should add this as yet another volume on the bookshelf tool chest that is next to their desk. Smart programmers will realize that having this book will only help them in the long run.
Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again

Most Recent Customer Reviews

Set up an Amazon Giveaway

Amazon Giveaway allows you to run promotional giveaways in order to create buzz, reward your audience, and attract new followers and customers. Learn more
Secure Programming Cookbook for C and C++: Recipes for Cryptography, Authentication, Input Validation & More
This item: Secure Programming Cookbook for C and C++: Recipes for Cryptography, Authentication, Input Validation & More
Price: $74.99 $65.92
Ships from and sold by Amazon.com