Secure Coding in C and C++ (2nd Edition) Book Review
|This book is not only solid in the technical coverage it gives, it also gives a great overview of security concerns, history of how we got where we are, the types of threats and flaws that exist, who needs to be concerned, and what your role's responsibilities are in the security picture.|
It is amazing to see the data summarized in one place and how disturbing the data is. The amount of money lost to security issues is amazing. After reading the first chapter you can't help but to want to read the rest of the book.
This second version of this book is not a small update. The first edition was 341 pages and the second edition is 569 pages. That is 228 more pages of new information added to existing chapters and a whole new chapter 7 on concurrency. I have listed the chapters below.
Chapter 1. Running with Scissors
Chapter 2. Strings
Chapter 3. Pointer Subterfuge
Chapter 4. Dynamic Memory Management
Chapter 5. Integer Security
Chapter 6. Formatted Output
Chapter 7. Concurrency
Chapter 8. File I/O
Chapter 9. Recommended Practices
There is a lot of new material added on integer security, strings, , and dynamic memory management. Every chapter goes into great detail.
The book is packed full of a ton of code samples, summary tables, and diagrams that really help to clarify the topic at hand.
The book ends with an awesome chapter of recommended practices. The author covers the Security Development Lifecycle, Security Training, Requirements, Design, Implementation, and Verification (analysis, code audits, and testing). The chapter includes recommendations on secure coding standards, threat modeling, security quality requirements engineering, and much more.
The technical advice is thorough and explained in a way that makes for a very interesting read. In other words, the author has a great style of writing, which really helps with a topic like this. It is actually hard to put down. The threats the author uncovers just keep coming.
This is must read for C++ and C developers, but I would also recommend it for any programmer or architect of any language.
Secure Coding in C and C++ (2nd Edition)