AnyBook4Less.com	Find the Best Price on the Web Order from a Major Online Bookstore
Home  |  Store List  |  FAQ  |  Contact Us  |
Ultimate Book Price Comparison Engine Save Your Time And Money Keyword AuthorISBN

Title: Secure Programming Cookbook for C and C++ by John Viega, Matt Messier ISBN: 0-596-00394-3 Publisher: O'Reilly & Associates Pub. Date: 14 July, 2003 Format: Paperback Volumes: 1 List Price(USD): $49.95

Your Country USA Canada United Kingdom Australia Austria Belgium France Germany Italy Netherlands Switzerland Currency AutoUSD CAD GBP EUR AUD CHF Delivery Only cheapest delivery All delivery options Include Used Books Are you a club member of: Barnes and Noble Books A Million Chapters.Indigo.ca

Average Customer Rating: 4.45 (11 reviews)

Rating: 3
Summary: A task-oriented reference guide
Comment: This well-written book covers a lot of topics that I have not read in other books.

Its strengths include:

--Good coverage of cryptography programming
--Task-oriented solutions to specific programming problems
--Easy to navigate "cookbook" style ("with recipes" as the authors call them)

However, some areas of improvement might be:

--Could use more coverage of important subjects (buffer overflows, etc.)
--spends a lot of space on narrower examples (like explaining certain APIs that are documented well online)
--Sometimes jumps into material without much background explanation (which was confusing for me)

It is probably not the first book you should read on the subject. This is more of a recipe guide that is useful if you get stuck on coding a particular topic that happens to be covered. The authors have done a good job of explaining what coverage they do and don't include.

Rating: 5
Summary: An author's perspective
Comment: I thought I'd offer some insight on this book, particularly in light of a recently posted bad review that makes a bunch of criticisms that are quite wrong (I am pretty sure the review is due to a personal grudge held by someone who hasn't even read the book).

First, the goal of this book is to be a reference people can use to find solutions for "doing it right", not an elementary text on secure coding principles that gives a bunch of high-level advice that's still difficult to apply securely in practice. Security-relevant design and architecture principles are followed and discussed, but there's definitely a stated assumption that you have read a more elementary book such as "Building Secure Software", "Writing Secure Code" or the free "Secure Programming for Linux and UNIX HOWTO".

Second, the book covers all common security problems one sees in C and C++ programs, going so deep as to give working code and in-depth discussions. It spends hundreds of pages on how to implement and integrate cryptography into applications securely, a topic that is almost completely ignored in the elementary books (and even ignored in most crypto books, which teach building blocks, more than how to use them securely).

Many security problems that affect programs are largely language independent. We give C++-specific code in the few cases where there are C++-specific issues. But, for the most part, problems apply equally to C and C++. In those cases, the code is written in a subset of C that will work directly in C++ programs, but we don't take advantage of C++-specific features. To do so would result in a book nearly 1500 pages long!

All topics are covered for both Microsoft and Unix platforms (much of the code is cross-platform, and was tested on both). There are a couple of instances where a problem or solution doesn't apply to a particular platform. For example, "shatter" attacks are Windows specific, and the jail() protection mechanism works only on FreeBSD, not Windows. We have no platform bias, and even had the leading Windows secure programming expert from Microsoft review things.

This book gives detailed solutions for secure programming in a level of detail that no other book yet does, covering many topics that other books completely ignore.

Rating: 5
Summary: Great book for anyone using C
Comment: This is simply a great book for anyone using C or C++.

These guys literally wrote the book on secure code.

Read it!

Similar Books:

	Title: Secure Coding: Principles and Practices by Mark G. Graff, Kenneth R. Van Wyk ISBN: 0596002424 Publisher: O'Reilly & Associates Pub. Date: July, 2003 List Price(USD): $29.95
	Title: Writing Secure Code, Second Edition by Michael Howard, David C. LeBlanc ISBN: 0735617228 Publisher: Microsoft Press Pub. Date: 04 December, 2002 List Price(USD): $49.99
	Title: Practical Cryptography by Niels Ferguson, Bruce Schneier ISBN: 0471223573 Publisher: John Wiley & Sons Pub. Date: 28 March, 2003 List Price(USD): $50.00
	Title: Network Security with OpenSSL by John Viega, Matt Messier, Pravir Chandra ISBN: 059600270X Publisher: O'Reilly & Associates Pub. Date: 15 June, 2002 List Price(USD): $39.95
	Title: Building Secure Software: How to Avoid Security Problems the Right Way by John Viega, Gary McGraw ISBN: 020172152X Publisher: Addison-Wesley Pub Co Pub. Date: 24 September, 2001 List Price(USD): $54.99