《c和c++安全编码(英文版.第2版)》
foreword
preface
acknowledgments
about the author
chapter 1 runnin9 with scissors
1.1 gauging the threht
1.2 security concepts
1.3 c and c++
1.4 development platforms
1.5 summary
1.6 further reading
chapter 2 strings
2.1 character strings
2.2 common string manipulation errors
2.3 string vulnerabilities and exploits
2.4 mitigation strategies for strings
2.5 string-handling functions
2.6 runtime protection strategies
2.7 notable vulnerabilities
.2.8 summary
2.9 further reading
chapter 3 pointer subterfuge
3.1 data locations
3.2 function pointers
3.3 object pointers
3.4 modifying the instruction pointer
3.5 global offset table
3.6 the .dtovs section
3.7 virtual pointers
3.8 the atexit() and on_exit() functions
3.9 the longjmp() function
3.10 exception handling
3.11 mitigation strategies
3.12 summary
3.13 further reading
chapter 4 dynamic memory management
4.1 c memory management
4.2 common c memory management errors
4.3 c++ dynamic memory management
4.4 common c++ memory management errors
4.5 memory managers
4.6 doug lea's memory allocator
4.7 double-free vulnerabilities
4.8 mitigation strategies
4.9 notable vulnerabilities
4.10 summary
chapter 5 integer security
5.1 introduction to integer security
5.2 integer data types
5.3 integer conversions
5.4 integer operations
5.5 integer vulnerabilities
5.6 mitigation strategies
5.7 summary
chapter 6 formatted output
6.1 variadic functions
6.2 formatted output functions
6.3 exploiting formatted output functions
6.4 stack randomization
6.5 mitigation strategies
6.6 notable vulnerabilities
6.7 summary
6.8 further reading
chttpter 7 concurrency
7.1 muhithreading
7.2 parallelism
7.3 performance goals
7.4 common errors
7.5 mitigation strategies
7.6 mitigation pitfalls
7.7 notable vulnerabilities
7.8 summary
chopter 8 file i/0
8.1 file i/0 basics
8.2 file i/o interfaces
8.3 access control
8.4 file identification
8.5 race conditions
8.6 mitigation strategies
8.7 summary
chapter 9 recommended practices
9.1 the security development lifecycle
9.2 security training
9.3 requirements
9.4 design
9.5 implementation
9.6 verification
9.7 summary
9.8 further reading
references
acronyms
index
· · · · · · (
收起)
还没人写过短评呢
还没人写过短评呢