Channels ▼

C++ Reading List

, May 28, 2013 The new C++11 standard has led to a flood of new books and updates to classics. These are the core books you need.
  • E-mail
  • Print

Secure Coding in C and C++, 2nd Edition

by Robert Seacord

This is the definitive work on writing secure code in C/C++. This new edition, which nearly doubles the size of the original 2005 work, illustrates how much we've learned in the interim about attacks on code. In fact, in reading through this book, one feels almost overwhelmed by the variety and imagination of attacks today. However, as the author capably explains, security is more than just the implementation of counter-techniques, but a mind-set that weaves security throughout the implementation. Only through such a consistent mindset, he argues, can the damage wrought by future attack methods be contained.

The book details numerous kinds of hacks and what can be done to prevent them or make them so difficult as to discourage the hacker. The explanations are remarkably well written and the code is clear. However, it requires a more-advanced formation than most books on programming: It needs the reader to have a fairly good idea of how C and C++ programs execute and what is happening at the machine level. Because the required information is not provided in the text, it's not possible to get the true value from the suggestions without having done this homework first.

For developers who can follow along and understand the inner workings of program execution, this book is not only an excellent guide, but a revelation. For example, Seacord's discussions of how attacks are enabled by doubly freeing an allocated chunk of memory highlights a feature of this simple coding error that might be completely overlooked if you were not a security expert. The explanation is illuminating.

The hands-on nature of this volume is exemplified by frequent recommendations of tools to use to verify code and lock down access mechanisms that crackers like to exploit. This is an excellent volume that will very definitely make you a more aware, and certainly better, programmer.






Currently we allow the following HTML tags in comments:

Single tags

These tags can be used alone and don't need an ending tag.

<br> Defines a single line break

<hr> Defines a horizontal line

Matching tags

These require an ending tag - e.g. <i>italic text</i>

<a> Defines an anchor

<b> Defines bold text

<big> Defines big text

<blockquote> Defines a long quotation

<caption> Defines a table caption

<cite> Defines a citation

<code> Defines computer code text

<em> Defines emphasized text

<fieldset> Defines a border around elements in a form

<h1> This is heading 1

<h2> This is heading 2

<h3> This is heading 3

<h4> This is heading 4

<h5> This is heading 5

<h6> This is heading 6

<i> Defines italic text

<p> Defines a paragraph

<pre> Defines preformatted text

<q> Defines a short quotation

<samp> Defines sample computer code text

<small> Defines small text

<span> Defines a section in a document

<s> Defines strikethrough text

<strike> Defines strikethrough text

<strong> Defines strong text

<sub> Defines subscripted text

<sup> Defines superscripted text

<u> Defines underlined text

Dr. Dobb's encourages readers to engage in spirited, healthy debate, including taking us to task. However, Dr. Dobb's moderates all comments posted to our site, and reserves the right to modify or remove any content that it determines to be derogatory, offensive, inflammatory, vulgar, irrelevant/off-topic, racist or obvious marketing or spam. Dr. Dobb's further reserves the right to disable the profile of any commenter participating in said activities.

 
Disqus Tips To upload an avatar photo, first complete your Disqus profile. | View the list of supported HTML tags you can use to style comments. | Please read our commenting policy.