Secure Programming Cookbook for C and C++. Recipes for Cryptography, Authentication, Input Validation & More
- Autorzy:
- John Viega, Matt Messier
- Ocena:
- Bądź pierwszym, który oceni tę książkę
- Stron:
- 792
- Dostępne formaty:
-
ePubMobi
Opis ebooka: Secure Programming Cookbook for C and C++. Recipes for Cryptography, Authentication, Input Validation & More
Password sniffing, spoofing, buffer overflows, and denial of service: these are only a few of the attacks on today's computer systems and networks. At the root of this epidemic is poorly written, poorly tested, and insecure code that puts everyone at risk. Clearly, today's developers need help figuring out how to write code that attackers won't be able to exploit. But writing such code is surprisingly difficult.
Secure Programming Cookbook for C and C++ is an important new resource for developers serious about writing secure code. It contains a wealth of solutions to problems faced by those who care about the security of their applications. It covers a wide range of topics, including safe initialization, access control, input validation, symmetric and public key cryptography, cryptographic hashes and MACs, authentication and key exchange, PKI, random numbers, and anti-tampering. The rich set of code samples provided in the book's more than 200 recipes will help programmers secure the C and C++ programs they write for both Unix® (including Linux®) and Windows® environments. Readers will learn:
- How to avoid common programming errors, such as buffer overflows, race conditions, and format string problems
- How to properly SSL-enable applications
- How to create secure channels for client-server communication without SSL
- How to integrate Public Key Infrastructure (PKI) into applications
- Best practices for using cryptography properly
- Techniques and strategies for properly validating input to programs
- How to launch programs securely
- How to use file access mechanisms properly
- Techniques for protecting applications from reverse engineering
Secure Programming Cookbook for C and C++ is destined to become an essential part of any developer's library, a code companion developers will turn to again and again as they seek to protect their systems from attackers and reduce the risks they face in today's dangerous world.
Wybrane bestsellery
-
This book will help you understand key security principles and how they are implemented with Spring Security. You’ll also gain an in-depth understanding of Spring Security's new features applied to servlet and reactive Spring applications.
Spring Security. Effectively secure your web apps, RESTful services, cloud apps, and microservice architectures - Fourth Edition Spring Security. Effectively secure your web apps, RESTful services, cloud apps, and microservice architectures - Fourth Edition
-
Unlock the power of C++ and enhance your algorithmic thinking with this course. From understanding basic operations to mastering complex structures, this course provides a structured pathway for new programmers. Start your coding journey today!
C++ and Algorithmic Thinking for the Complete Beginner. Learn to think like a programmer by mastering C++ and foundational algorithms from scratch C++ and Algorithmic Thinking for the Complete Beginner. Learn to think like a programmer by mastering C++ and foundational algorithms from scratch
-
Kiedy myślimy o takich aplikacjach jak Maya, VirtualBox, Telegram, Spotify, Dropbox czy Google Earth, być może nie od razu znajdujemy wspólny mianownik. A jest nim framework Qt, używany przez wszystkie te znane marki. Qt powstał z myślą o programowaniu interfejsów graficznych GUI, a ze względu na...
Framework Qt. Kurs video. Tworzenie interfejsów graficznych w C++ Framework Qt. Kurs video. Tworzenie interfejsów graficznych w C++
(67.05 zł najniższa cena z 30 dni)74.50 zł
149.00 zł(-50%) -
Dawno, dawno temu, w głębokich latach osiemdziesiątych ubiegłego wieku pewien duński informatyk zainspirowany językiem C opracował jeden z najważniejszych, najbardziej elastycznych i do dziś niezastąpionych języków programowania — C++. Dziś ten język jest wykorzystywany do tworzenia gier ko...
Opus magnum C++. Programowanie w języku C++. Wydanie III poprawione (komplet) Opus magnum C++. Programowanie w języku C++. Wydanie III poprawione (komplet)
(149.40 zł najniższa cena z 30 dni)149.40 zł
249.00 zł(-40%) -
C++ to jeden z najpopularniejszych i najpotężniejszych języków programowania. Stanowi punkt wyjścia dla wielu innych języków, które odziedziczyły po nim składnię i liczne możliwości, dzięki czemu można śmiało stwierdzić, że znajomość C++ otwiera drzwi do świata nowoczesnego programowania i jest p...
Opus magnum C++. Misja w nadprzestrzeń C++14/17. Tom 4. Wydanie II poprawione Opus magnum C++. Misja w nadprzestrzeń C++14/17. Tom 4. Wydanie II poprawione
(41.40 zł najniższa cena z 30 dni)41.40 zł
69.00 zł(-40%) -
This book is a fun introduction to the world of game programming, C++20, and the OpenGL-powered SFML using four fun, fully playable games of increasing difficulty and advancing features
Beginning C++ Game Programming. Learn C++ from scratch by building fun games - Third Edition Beginning C++ Game Programming. Learn C++ from scratch by building fun games - Third Edition
John Viega, Matt Messier - pozostałe książki
-
Most applications these days are at least somewhat network aware, but how do you protect those applications against common network security threats? Many developers are turning to OpenSSL, an open source version of SSL/TLS, which is the most widely used protocol for secure network communications...
Network Security with OpenSSL. Cryptography for Secure Communications Network Security with OpenSSL. Cryptography for Secure Communications
(106.38 zł najniższa cena z 30 dni)106.18 zł
139.00 zł(-24%) -
W książce Mity bezpieczeństwa IT. Czy na pewno nie masz się czego bać? znajdziesz niebanalne i kontrowersyjne informacje nie tylko na temat zabezpieczeń, ale także sposobów ich łamania, dzięki czemu zyskasz wiedzę, skąd może nadejść zagrożenie i w jaki sposób je rozpoznać. Dzięki temu podręczniko...
Mity bezpieczeństwa IT. Czy na pewno nie masz się czego bać? Mity bezpieczeństwa IT. Czy na pewno nie masz się czego bać?
(19.50 zł najniższa cena z 30 dni)19.50 zł
39.00 zł(-50%) -
If you think computer security has improved in recent years, The Myths of Security will shake you out of your complacency. Longtime security professional John Viega, formerly Chief Security Architect at McAfee, reports on the sorry state of the industry, and offers concrete suggestions for profes...
The Myths of Security. What the Computer Security Industry Doesn't Want You to Know The Myths of Security. What the Computer Security Industry Doesn't Want You to Know
(80.34 zł najniższa cena z 30 dni)80.24 zł
99.90 zł(-20%) -
Although most people don't give security much attention until their personal or business systems are attacked, this thought-provoking anthology demonstrates that digital security is not only worth thinking about, it's also a fascinating topic. Criminals succeed by exercising enormous creativity, ...
Beautiful Security. Leading Security Experts Explain How They Think Beautiful Security. Leading Security Experts Explain How They Think
(105.42 zł najniższa cena z 30 dni)105.22 zł
139.00 zł(-24%)
Ebooka "Secure Programming Cookbook for C and C++. Recipes for Cryptography, Authentication, Input Validation & More" przeczytasz na:
-
czytnikach Inkbook, Kindle, Pocketbook, Onyx Boox i innych
-
systemach Windows, MacOS i innych
-
systemach Windows, Android, iOS, HarmonyOS
-
na dowolnych urządzeniach i aplikacjach obsługujących formaty: PDF, EPub, Mobi
Masz pytania? Zajrzyj do zakładki Pomoc »
Audiobooka "Secure Programming Cookbook for C and C++. Recipes for Cryptography, Authentication, Input Validation & More" posłuchasz:
-
w aplikacji Ebookpoint na Android, iOS, HarmonyOs
-
na systemach Windows, MacOS i innych
-
na dowolnych urządzeniach i aplikacjach obsługujących format MP3 (pliki spakowane w ZIP)
Masz pytania? Zajrzyj do zakładki Pomoc »
Kurs Video "Secure Programming Cookbook for C and C++. Recipes for Cryptography, Authentication, Input Validation & More" zobaczysz:
-
w aplikacjach Ebookpoint i Videopoint na Android, iOS, HarmonyOs
-
na systemach Windows, MacOS i innych z dostępem do najnowszej wersji Twojej przeglądarki internetowej
Szczegóły ebooka
- ISBN Ebooka:
- 978-05-965-5218-3, 9780596552183
- Data wydania ebooka:
- 2003-07-14 Data wydania ebooka często jest dniem wprowadzenia tytułu do sprzedaży i może nie być równoznaczna z datą wydania książki papierowej. Dodatkowe informacje możesz znaleźć w darmowym fragmencie. Jeśli masz wątpliwości skontaktuj się z nami sklep@ebookpoint.pl.
- Język publikacji:
- angielski
- Rozmiar pliku ePub:
- 1.6MB
- Rozmiar pliku Mobi:
- 5.4MB
Spis treści ebooka
- Secure Programming Cookbook for C and C++
- SPECIAL OFFER: Upgrade this ebook with OReilly
- A Note Regarding Supplemental Files
- Foreword
- Preface
- More Than Just a Book
- We Cant Do It All
- Organization of This Book
- Recipe Compatibility
- Conventions Used in This Book
- Comments and Questions
- Acknowledgments
- 1. Safe Initialization
- 1.1. Sanitizing the Environment
- 1.1.1. Problem
- 1.1.2. Solution
- 1.1.3. Discussion
- 1.1.4. See Also
- 1.1. Sanitizing the Environment
- 1.2. Restricting Privileges on Windows
- 1.2.1. Problem
- 1.2.2. Solution
- 1.2.3. Discussion
- 1.2.3.1. Creating restricted tokens
- 1.2.3.2. Modifying a process's primary token
- 1.2.3.3. Working with SID_AND_ATTRIBUTES structures
- 1.2.3.4. Working with LUID_AND_ATTRIBUTES structures
- 1.2.4. See Also
- 1.3. Dropping Privileges in setuid Programs
- 1.3.1. Problem
- 1.3.2. Solution
- 1.3.3. Discussion
- 1.3.4. See Also
- 1.4. Limiting Risk with Privilege Separation
- 1.4.1. Problem
- 1.4.2. Solution
- 1.4.3. Discussion
- 1.4.3.1. Privilege separation
- 1.4.3.2. A privilege separation library: privman
- 1.4.4. See Also
- 1.5. Managing File Descriptors Safely
- 1.5.1. Problem
- 1.5.2. Solution
- 1.5.3. Discussion
- 1.6. Creating a Child Process Securely
- 1.6.1. Problem
- 1.6.2. Solution
- 1.6.3. Discussion
- 1.6.4. See Also
- 1.7. Executing External Programs Securely
- 1.7.1. Problem
- 1.7.2. Solution
- 1.7.3. Discussion
- 1.7.4. See Also
- 1.8. Executing External Programs Securely
- 1.8.1. Problem
- 1.8.2. Solution
- 1.8.3. Discussion
- 1.9. Disabling Memory Dumps in the Event of a Crash
- 1.9.1. Problem
- 1.9.2. Solution
- 1.9.3. Discussion
- 1.9.4. See Also
- 2. Access Control
- 2.1. Understanding the Unix Access Control Model
- 2.1.1. Problem
- 2.1.2. Solution
- 2.1.3. Discussion
- 2.1.3.1. The sticky bit
- 2.1.3.2. The setuid bit
- 2.1.3.3. The setgid bit
- 2.1.4. See Also
- 2.1. Understanding the Unix Access Control Model
- 2.2. Understanding the Windows Access Control Model
- 2.2.1. Problem
- 2.2.2. Solution
- 2.2.3. Discussion
- 2.3. Determining Whether a User Has Access to a File on Unix
- 2.3.1. Problem
- 2.3.2. Solution
- 2.3.3. Discussion
- 2.4. Determining Whether a Directory Is Secure
- 2.4.1. Problem
- 2.4.2. Solution
- 2.4.3. Discussion
- 2.5. Erasing Files Securely
- 2.5.1. Problem
- 2.5.2. Solution
- 2.5.3. Discussion
- 2.5.4. See Also
- 2.6. Accessing File Information Securely
- 2.6.1. Problem
- 2.6.2. Solution
- 2.6.3. Discussion
- 2.6.4. See Also
- 2.7. Restricting Access Permissions for New Files on Unix
- 2.7.1. Problem
- 2.7.2. Solution
- 2.7.3. Discussion
- 2.7.4. See Also
- 2.8. Locking Files
- 2.8.1. Problem
- 2.8.2. Solution
- 2.8.3. Discussion
- 2.8.3.1. Locking files on Unix
- 2.8.3.2. Locking files on Windows
- 2.9. Synchronizing Resource Access Across Processes on Unix
- 2.9.1. Problem
- 2.9.2. Solution
- 2.9.3. Discussion
- 2.9.4. See Also
- 2.10. Synchronizing Resource Access Across Processes on Windows
- 2.10.1. Problem
- 2.10.2. Solution
- 2.10.3. Discussion
- 2.10.4. See Also
- 2.11. Creating Files for Temporary Use
- 2.11.1. Problem
- 2.11.2. Solution
- 2.11.3. Discussion
- 2.11.3.1. Temporary files on Unix
- 2.11.3.2. Temporary files on Windows
- 2.11.4. See Also
- 2.12. Restricting Filesystem Access on Unix
- 2.12.1. Problem
- 2.12.2. Solution
- 2.12.3. Discussion
- 2.13. Restricting Filesystem and Network Access on FreeBSD
- 2.13.1. Problem
- 2.13.2. Solution
- 2.13.3. Discussion
- 2.13.4. See Also
- 3. Input Validation
- 3.1. Understanding Basic Data Validation Techniques
- 3.1.1. Problem
- 3.1.2. Solution
- 3.1.3. Discussion
- 3.1.4. See Also
- 3.1. Understanding Basic Data Validation Techniques
- 3.2. Preventing Attacks on Formatting Functions
- 3.2.1. Problem
- 3.2.2. Solution
- 3.2.3. Discussion
- 3.2.4. See Also
- 3.3. Preventing Buffer Overflows
- 3.3.1. Problem
- 3.3.2. Solution
- 3.3.3. Discussion
- 3.3.3.1. String handling
- 3.3.3.2. Using C++
- 3.3.3.3. Stack protection technologies
- 3.3.4. See Also
- 3.4. Using the SafeStr Library
- 3.4.1. Problem
- 3.4.2. Solution
- 3.4.3. Discussion
- 3.4.4. See Also
- 3.5. Preventing Integer Coercion and Wrap-Around Problems
- 3.5.1. Problem
- 3.5.2. Solution
- 3.5.3. Discussion
- 3.5.3.1. Signed-to-unsigned coercion
- 3.5.3.2. Unsigned-to-signed coercion
- 3.5.3.3. Size mismatches
- 3.5.3.4. Wrap-around
- 3.5.4. See Also
- 3.6. Using Environment Variables Securely
- 3.6.1. Problem
- 3.6.2. Solution
- 3.6.3. Discussion
- 3.6.3.1. Obtaining the value of an environment variable
- 3.6.3.2. Changing the value of an environment variable
- 3.6.3.3. Deleting an environment variable
- 3.6.4. See Also
- 3.7. Validating Filenames and Paths
- 3.7.1. Problem
- 3.7.2. Solution
- 3.7.3. Discussion
- 3.8. Evaluating URL Encodings
- 3.8.1. Problem
- 3.8.2. Solution
- 3.8.3. Discussion
- 3.8.4. See Also
- 3.9. Validating Email Addresses
- 3.9.1. Problem
- 3.9.2. Solution
- 3.9.3. Discussion
- 3.9.4. See Also
- 3.10. Preventing Cross-Site Scripting
- 3.10.1. Problem
- 3.10.2. Solution
- 3.10.3. Discussion
- 3.11. Preventing SQL Injection Attacks
- 3.11.1. Problem
- 3.11.2. Solution
- 3.11.3. Discussion
- 3.12. Detecting Illegal UTF-8 Characters
- 3.12.1. Problem
- 3.12.2. Solution
- 3.12.3. Discussion
- 3.13. Preventing File Descriptor Overflows When Using select( )
- 3.13.1. Problem
- 3.13.2. Solution
- 3.13.3. Discussion
- 3.13.4. See Also
- 4. Symmetric Cryptography Fundamentals
- 4.1. Representing Keys for Use in Cryptographic Algorithms
- 4.1.1. Problem
- 4.1.2. Solution
- 4.1.3. Discussion
- 4.1.4. See Also
- 4.1. Representing Keys for Use in Cryptographic Algorithms
- 4.2. Generating Random Symmetric Keys
- 4.2.1. Problem
- 4.2.2. Solution
- 4.2.3. Discussion
- 4.2.4. See Also
- 4.3. Representing Binary Keys (or Other Raw Data) as Hexadecimal
- 4.3.1. Problem
- 4.3.2. Solution
- 4.3.3. Discussion
- 4.4. Turning ASCII Hex Keys (or Other ASCII Hex Data) into Binary
- 4.4.1. Problem
- 4.4.2. Solution
- 4.4.3. Discussion
- 4.5. Performing Base64 Encoding
- 4.5.1. Problem
- 4.5.2. Solution
- 4.5.3. Discussion
- 4.5.4. See Also
- 4.6. Performing Base64 Decoding
- 4.6.1. Problem
- 4.6.2. Solution
- 4.6.3. Discussion
- 4.6.4. See Also
- 4.7. Representing Keys (or Other Binary Data) as English Text
- 4.7.1. Problem
- 4.7.2. Solution
- 4.7.3. Discussion
- 4.7.4. See Also
- 4.8. Converting Text Keys to Binary Keys
- 4.8.1. Problem
- 4.8.2. Solution
- 4.8.3. Discussion
- 4.8.4. See Also
- 4.9. Using Salts, Nonces, and Initialization Vectors
- 4.9.1. Problem
- 4.9.2. Solution
- 4.9.3. Discussion
- 4.9.3.1. Salts
- 4.9.3.2. Nonces
- 4.9.3.3. Initialization vectors (IVs)
- 4.9.4. See Also
- 4.10. Deriving Symmetric Keys from a Password
- 4.10.1. Problem
- 4.10.2. Solution
- 4.10.3. Discussion
- 4.10.4. See Also
- 4.11. Algorithmically Generating Symmetric Keys from One Base Secret
- 4.11.1. Problem
- 4.11.2. Solution
- 4.11.3. Discussion
- 4.11.4. See Also
- 4.12. Encrypting in a Single Reduced Character Set
- 4.12.1. Problem
- 4.12.2. Solution
- 4.12.3. Discussion
- 4.12.4. See Also
- 4.13. Managing Key Material Securely
- 4.13.1. Problem
- 4.13.2. Solution
- 4.13.3. See Also
- 4.14. Timing Cryptographic Primitives
- 4.14.1. Problem
- 4.14.2. Solution
- 4.14.3. Discussion
- 4.14.3.1. Timing basics
- 4.14.3.2. Timing cryptographic code
- 5. Symmetric Encryption
- 5.1. Deciding Whether to Use Multiple Encryption Algorithms
- 5.1.1. Problem
- 5.1.2. Solution
- 5.1.3. Discussion
- 5.1.4. See Also
- 5.1. Deciding Whether to Use Multiple Encryption Algorithms
- 5.2. Figuring Out Which Encryption Algorithm Is Best
- 5.2.1. Problem
- 5.2.2. Solution
- 5.2.3. Discussion
- 5.2.4. See Also
- 5.3. Selecting an Appropriate Key Length
- 5.3.1. Problem
- 5.3.2. Solution
- 5.3.3. Discussion
- 5.3.4. See Also
- 5.4. Selecting a Cipher Mode
- 5.4.1. Problem
- 5.4.2. Solution
- 5.4.3. Discussion
- 5.4.3.1. Electronic Code Book (ECB) mode
- 5.4.3.2. Cipher Block Chaining (CBC) mode
- 5.4.3.3. Counter (CTR) mode
- 5.4.3.4. Output Feedback (OFB) mode
- 5.4.3.5. Cipher Feedback (CFB) mode
- 5.4.3.6. Carter-Wegman + CTR (CWC) mode
- 5.4.3.7. Offset Codebook (OCB) mode
- 5.4.3.8. CTR plus CBC-MAC (CCM) mode
- 5.4.4. See Also
- 5.5. Using a Raw Block Cipher
- 5.5.1. Problem
- 5.5.2. Solution
- 5.5.3. Discussion
- 5.5.3.1. Brian Gladman's AES implementation
- 5.5.3.2. OpenSSL block cipher implementations
- 5.5.4. See Also
- 5.6. Using a Generic CBC Mode Implementation
- 5.6.1. Problem
- 5.6.2. Solution
- 5.6.3. Discussion
- 5.6.3.1. The high-level API
- 5.6.3.2. SPC_CBC_CTX data type
- 5.6.3.3. Incremental initialization
- 5.6.3.4. Incremental encrypting
- 5.6.3.5. Incremental decryption
- 5.6.4. See Also
- 5.7. Using a Generic CFB Mode Implementation
- 5.7.1. Problem
- 5.7.2. Solution
- 5.7.3. Discussion
- 5.7.3.1. The high-level API
- 5.7.3.2. The incremental API
- 5.7.4. See Also
- 5.8. Using a Generic OFB Mode Implementation
- 5.8.1. Problem
- 5.8.2. Solution
- 5.8.3. Discussion
- 5.8.3.1. The high-level API
- 5.8.3.2. The incremental API
- 5.8.4. See Also
- 5.9. Using a Generic CTR Mode Implementation
- 5.9.1. Problem
- 5.9.2. Solution
- 5.9.3. Discussion
- 5.9.3.1. The high-level API
- 5.9.3.2. The incremental API
- 5.9.4. See Also
- 5.10. Using CWC Mode
- 5.10.1. Problem
- 5.10.2. Solution
- 5.10.3. Discussion
- 5.10.4. See Also
- 5.11. Manually Adding and Checking Cipher Padding
- 5.11.1. Problem
- 5.11.2. Solution
- 5.11.3. Discussion
- 5.12. Precomputing Keystream in OFB, CTR, CCM, or CWC Modes (or with Stream Ciphers)
- 5.12.1. Problem
- 5.12.2. Solution
- 5.12.3. Discussion
- 5.13. Parallelizing Encryption and Decryption in Modes That Allow It (Without Breaking Compatibility)
- 5.13.1. Problem
- 5.13.2. Solution
- 5.13.3. Discussion
- 5.13.4. See Also
- 5.14. Parallelizing Encryption and Decryption in Arbitrary Modes (Breaking Compatibility)
- 5.14.1. Problem
- 5.14.2. Solution
- 5.14.3. Discussion
- 5.14.4. See Also
- 5.15. Performing File or Disk Encryption
- 5.15.1. Problem
- 5.15.2. Solution
- 5.15.3. Discussion
- 5.15.4. See Also
- 5.16. Using a High-Level, Error-Resistant Encryption and Decryption API
- 5.16.1. Problem
- 5.16.2. Solution
- 5.16.3. Discussion
- 5.16.4. See Also
- 5.17. Performing Block Cipher Setup (for CBC, CFB, OFB, and ECB Modes) in OpenSSL
- 5.17.1. Problem
- 5.17.2. Solution
- 5.17.3. Discussion
- 5.17.4. See Also
- 5.18. Using Variable Key-Length Ciphers in OpenSSL
- 5.18.1. Problem
- 5.18.2. Solution
- 5.18.3. Discussion
- 5.19. Disabling Cipher Padding in OpenSSL in CBC Mode
- 5.19.1. Problem
- 5.19.2. Solution
- 5.19.3. Discussion
- 5.20. Performing Additional Cipher Setup in OpenSSL
- 5.20.1. Problem
- 5.20.2. Solution
- 5.20.3. Discussion
- 5.21. Querying Cipher Configuration Properties in OpenSSL
- 5.21.1. Problem
- 5.21.2. Solution
- 5.21.3. Discussion
- 5.22. Performing Low-Level Encryption and Decryption with OpenSSL
- 5.22.1. Problem
- 5.22.2. Solution
- 5.22.3. Discussion
- 5.22.4. See Also
- 5.23. Setting Up and Using RC4
- 5.23.1. Problem
- 5.23.2. Solution
- 5.23.3. Discussion
- 5.24. Using One-Time Pads
- 5.24.1. Problem
- 5.24.2. Solution
- 5.24.3. Discussion
- 5.24.4. See Also
- 5.25. Using Symmetric Encryption with Microsoft's CryptoAPI
- 5.25.1. Problem
- 5.25.2. Solution
- 5.25.3. Discussion
- 5.25.4. See Also
- 5.26. Creating a CryptoAPI Key Object from Raw Key Data
- 5.26.1. Problem
- 5.26.2. Solution
- 5.26.3. Discussion
- 5.26.4. See Also
- 5.27. Extracting Raw Key Data from a CryptoAPI Key Object
- 5.27.1. Problem
- 5.27.2. Solution
- 5.27.3. Discussion
- 5.27.4. See Also
- 6. Hashes and Message Authentication
- 6.1. Understanding the Basics of Hashes and MACs
- 6.1.1. Problem
- 6.1.2. Solution
- 6.1.3. Discussion
- 6.1.3.1. Types of primitives
- 6.1.3.2. Attacks against one-way constructs
- 6.1.4. See Also
- 6.1. Understanding the Basics of Hashes and MACs
- 6.2. Deciding Whether to Support Multiple Message Digests or MACs
- 6.2.1. Problem
- 6.2.2. Solution
- 6.2.3. Discussion
- 6.2.4. See Also
- 6.3. Choosing a Cryptographic Hash Algorithm
- 6.3.1. Problem
- 6.3.2. Solution
- 6.3.3. Discussion
- 6.3.4. See Also
- 6.4. Choosing a Message Authentication Code
- 6.4.1. Problem
- 6.4.2. Solution
- 6.4.3. Discussion
- 6.4.4. See Also
- 6.5. Incrementally Hashing Data
- 6.5.1. Problem
- 6.5.2. Solution
- 6.5.3. Discussion
- 6.5.4. See Also
- 6.6. Hashing a Single String
- 6.6.1. Problem
- 6.6.2. Solution
- 6.6.3. Discussion
- 6.6.4. See Also
- 6.7. Using a Cryptographic Hash
- 6.7.1. Problem
- 6.7.2. Solution
- 6.7.3. Discussion
- 6.7.4. See Also
- 6.8. Using a Nonce to Protect Against Birthday Attacks
- 6.8.1. Problem
- 6.8.2. Solution
- 6.8.3. Discussion
- 6.8.4. See Also
- 6.9. Checking Message Integrity
- 6.9.1. Problem
- 6.9.2. Solution
- 6.9.3. Discussion
- 6.9.4. See Also
- 6.10. Using HMAC
- 6.10.1. Problem
- 6.10.2. Solution
- 6.10.3. Discussion
- 6.10.4. See Also
- 6.11. Using OMAC (a Simple Block Cipher-Based MAC)
- 6.11.1. Problem
- 6.11.2. Solution
- 6.11.3. Discussion
- 6.11.4. See Also
- 6.12. Using HMAC or OMAC with a Nonce
- 6.12.1. Problem
- 6.12.2. Solution
- 6.12.3. Discussion
- 6.12.4. See Also
- 6.13. Using a MAC That's Reasonably Fast in Software and Hardware
- 6.13.1. Problem
- 6.13.2. Solution
- 6.13.3. Discussion
- 6.13.4. See Also
- 6.14. Using a MAC That's Optimized for Software Speed
- 6.14.1. Problem
- 6.14.2. Solution
- 6.14.3. Discussion
- 6.14.4. See Also
- 6.15. Constructing a Hash Function from a Block Cipher
- 6.15.1. Problem
- 6.15.2. Solution
- 6.15.3. Discussion
- 6.15.4. See Also
- 6.16. Using a Block Cipher to Build a Full-Strength Hash Function
- 6.16.1. Problem
- 6.16.2. Solution
- 6.16.3. Discussion
- 6.17. Using Smaller MAC Tags
- 6.17.1. Problem
- 6.17.2. Solution
- 6.17.3. Discussion
- 6.18. Making Encryption and Message Integrity Work Together
- 6.18.1. Problem
- 6.18.2. Solution
- 6.18.3. Discussion
- 6.18.4. See Also
- 6.19. Making Your Own MAC
- 6.19.1. Problem
- 6.19.2. Solution
- 6.19.3. Discussion
- 6.19.4. See Also
- 6.20. Encrypting with a Hash Function
- 6.20.1. Problem
- 6.20.2. Solution
- 6.20.3. Discussion
- 6.20.4. See Also
- 6.21. Securely Authenticating a MAC (Thwarting Capture Replay Attacks)
- 6.21.1. Problem
- 6.21.2. Solution
- 6.21.3. Discussion
- 6.21.4. See Also
- 6.22. Parallelizing MACs
- 6.22.1. Problem
- 6.22.2. Solution
- 6.22.3. Discussion
- 6.22.4. See Also
- 7. Public Key Cryptography
- 7.1. Determining When to Use Public Key Cryptography
- 7.1.1. Problem
- 7.1.2. Solution
- 7.1.3. Discussion
- 7.1.4. See Also
- 7.1. Determining When to Use Public Key Cryptography
- 7.2. Selecting a Public Key Algorithm
- 7.2.1. Problem
- 7.2.2. Solution
- 7.2.3. Discussion
- 7.2.4. See Also
- 7.3. Selecting Public Key Sizes
- 7.3.1. Problem
- 7.3.2. Solution
- 7.3.3. Discussion
- 7.4. Manipulating Big Numbers
- 7.4.1. Problem
- 7.4.2. Solution
- 7.4.3. Discussion
- 7.4.3.1. Initialization and cleanup
- 7.4.3.2. Assigning to BIGNUM objects
- 7.4.3.3. Getting BIGNUM objects with random values
- 7.4.3.4. Outputting BIGNUM objects
- 7.4.3.5. Common tests on BIGNUM objects
- 7.4.3.6. Math operations on BIGNUM objects
- 7.4.4. See Also
- 7.5. Generating a Prime Number (Testing for Primality)
- 7.5.1. Problem
- 7.5.2. Solution
- 7.5.3. Discussion
- 7.5.4. See Also
- 7.6. Generating an RSA Key Pair
- 7.6.1. Problem
- 7.6.2. Solution
- 7.6.3. Discussion
- 7.6.4. See Also
- 7.7. Disentangling the Public and Private Keys in OpenSSL
- 7.7.1. Problem
- 7.7.2. Solution
- 7.7.3. Discussion
- 7.8. Converting Binary Strings to Integers for Use with RSA
- 7.8.1. Problem
- 7.8.2. Solution
- 7.8.3. Discussion
- 7.8.4. See Also
- 7.9. Converting Integers into Binary Strings for Use with RSA
- 7.9.1. Problem
- 7.9.2. Solution
- 7.9.3. Discussion
- 7.10. Performing Raw Encryption with an RSA Public Key
- 7.10.1. Problem
- 7.10.2. Solution
- 7.10.3. Discussion
- 7.10.4. See Also
- 7.11. Performing Raw Decryption Using an RSA Private Key
- 7.11.1. Problem
- 7.11.2. Solution
- 7.11.3. Discussion
- 7.11.4. See Also
- 7.12. Signing Data Using an RSA Private Key
- 7.12.1. Problem
- 7.12.2. Solution
- 7.12.3. Discussion
- 7.13. Verifying Signed Data Using an RSA Public Key
- 7.13.1. Problem
- 7.13.2. Solution
- 7.13.3. Discussion
- 7.13.4. See Also
- 7.14. Securely Signing and Encrypting with RSA
- 7.14.1. Problem
- 7.14.2. Solution
- 7.14.3. Discussion
- 7.14.4. See Also
- 7.15. Using the Digital Signature Algorithm (DSA)
- 7.15.1. Problem
- 7.15.2. Solution
- 7.15.3. Discussion
- 7.15.4. See Also
- 7.16. Representing Public Keys and Certificates in Binary (DER Encoding)
- 7.16.1. Problem
- 7.16.2. Solution
- 7.16.3. Discussion
- 7.16.4. See Also
- 7.17. Representing Keys and Certificates in Plaintext (PEM Encoding)
- 7.17.1. Problem
- 7.17.2. Solution
- 7.17.3. Discussion
- 7.17.4. See Also
- 8. Authentication and Key Exchange
- 8.1. Choosing an Authentication Method
- 8.1.1. Problem
- 8.1.2. Solution
- 8.1.3. Discussion
- 8.1.3.1. Traditional UNIX crypt( )
- 8.1.3.2. MD5 Modular Crypt Format (a.k.a. md5crypt or MD5-MCF)
- 8.1.3.3. PBKDF2
- 8.1.3.4. S/KEY and OPIE
- 8.1.3.5. CRAM
- 8.1.3.6. Digest-Auth (RFC 2617)
- 8.1.3.7. SRP
- 8.1.3.8. Basic public key exchange
- 8.1.3.9. SAX
- 8.1.3.10. PAX
- 8.1.3.11. Kerberos
- 8.1.3.12. Windows NT LAN Manager (NTLM)
- 8.1.3.13. SSL certificate-based checking
- 8.1.4. See Also
- 8.1. Choosing an Authentication Method
- 8.2. Getting User and Group Information on Unix
- 8.2.1. Problem
- 8.2.2. Solution
- 8.2.3. Discussion
- 8.3. Getting User and Group Information on Windows
- 8.3.1. Problem
- 8.3.2. Solution
- 8.3.3. Discussion
- 8.4. Restricting Access Based on Hostname or IP Address
- 8.4.1. Problem
- 8.4.2. Solution
- 8.4.3. Discussion
- 8.5. Generating Random Passwords and Passphrases
- 8.5.1. Problem
- 8.5.2. Solution
- 8.5.3. Discussion
- 8.5.4. See Also
- 8.6. Testing the Strength of Passwords
- 8.6.1. Problem
- 8.6.2. Solution
- 8.6.3. Discussion
- 8.6.4. See Also
- 8.7. Prompting for a Password
- 8.7.1. Problem
- 8.7.2. Solution
- 8.7.3. Discussion
- 8.7.3.1. Prompting for a password on Unix using getpass( ) or readpassphrase( )
- 8.7.3.2. Prompting for a password on Unix without getpass( ) or readpassphrase( )
- 8.7.3.3. Prompting for a password on Windows
- 8.8. Throttling Failed Authentication Attempts
- 8.8.1. Problem
- 8.8.2. Solution
- 8.8.3. Discussion
- 8.9. Performing Password-Based Authentication with crypt( )
- 8.9.1. Problem
- 8.9.2. Solution
- 8.9.3. Discussion
- 8.9.4. See Also
- 8.10. Performing Password-Based Authentication with MD5-MCF
- 8.10.1. Problem
- 8.10.2. Solution
- 8.10.3. Discussion
- 8.10.4. See Also
- 8.11. Performing Password-Based Authentication with PBKDF2
- 8.11.1. Problem
- 8.11.2. Solution
- 8.11.3. Discussion
- 8.11.4. See Also
- 8.12. Authenticating with PAM
- 8.12.1. Problem
- 8.12.2. Solution
- 8.12.3. Discussion
- 8.12.4. See Also
- 8.13. Authenticating with Kerberos
- 8.13.1. Problem
- 8.13.2. Solution
- 8.13.3. Discussion
- 8.13.4. See Also
- 8.14. Authenticating with HTTP Cookies
- 8.14.1. Problem
- 8.14.2. Solution
- 8.14.3. Discussion
- 8.14.4. See Also
- 8.15. Performing Password-Based Authentication and Key Exchange
- 8.15.1. Problem
- 8.15.2. Solution
- 8.15.3. Discussion
- 8.15.3.1. The server
- 8.15.3.2. The client
- 8.15.4. See Also
- 8.16. Performing Authenticated Key Exchange Using RSA
- 8.16.1. Problem
- 8.16.2. Solution
- 8.16.3. Discussion
- 8.16.4. See Also
- 8.17. Using Basic Diffie-Hellman Key Agreement
- 8.17.1. Problem
- 8.17.2. Solution
- 8.17.3. Discussion
- 8.17.4. See Also
- 8.18. Using Diffie-Hellman and DSA Together
- 8.18.1. Problem
- 8.18.2. Solution
- 8.18.3. Discussion
- 8.18.4. See Also
- 8.19. Minimizing the Window of Vulnerability When Authenticating Without a PKI
- 8.19.1. Problem
- 8.19.2. Solution
- 8.19.3. Discussion
- 8.19.4. See Also
- 8.20. Providing Forward Secrecy in a Symmetric System
- 8.20.1. Problem
- 8.20.2. Solution
- 8.20.3. Discussion
- 8.20.4. See Also
- 8.21. Ensuring Forward Secrecy in a Public Key System
- 8.21.1. Problem
- 8.21.2. Solution
- 8.21.3. Discussion
- 8.21.4. See Also
- 8.22. Confirming Requests via Email
- 8.22.1. Problem
- 8.22.2. Solution
- 8.22.3. Discussion
- 8.22.4. See Also
- 9. Networking
- 9.1. Creating an SSL Client
- 9.1.1. Problem
- 9.1.2. Solution
- 9.1.3. Discussion
- 9.1.4. See Also
- 9.1. Creating an SSL Client
- 9.2. Creating an SSL Server
- 9.2.1. Problem
- 9.2.2. Solution
- 9.2.3. Discussion
- 9.2.4. See Also
- 9.3. Using Session Caching to Make SSL Servers More Efficient
- 9.3.1. Problem
- 9.3.2. Solution
- 9.3.3. Discussion
- 9.3.4. See Also
- 9.4. Securing Web Communication on Windows Using the WinInet API
- 9.4.1. Problem
- 9.4.2. Solution
- 9.4.3. Discussion
- 9.4.4. See Also
- 9.5. Enabling SSL without Modifying Source Code
- 9.5.1. Problem
- 9.5.2. Solution
- 9.5.3. Discussion
- 9.5.4. See Also
- 9.6. Using Kerberos Encryption
- 9.6.1. Problem
- 9.6.2. Solution
- 9.6.3. Discussion
- 9.6.4. See Also
- 9.7. Performing Interprocess Communication Using Sockets
- 9.7.1. Problem
- 9.7.2. Solution
- 9.7.3. Discussion
- 9.7.4. See Also
- 9.8. Performing Authentication with Unix Domain Sockets
- 9.8.1. Problem
- 9.8.2. Solution
- 9.8.3. Discussion
- 9.9. Performing Session ID Management
- 9.9.1. Problem
- 9.9.2. Solution
- 9.9.3. Discussion
- 9.9.4. See Also
- 9.10. Securing Database Connections
- 9.10.1. Problem
- 9.10.2. Solution
- 9.10.3. Discussion
- 9.10.3.1. MySQL
- 9.10.3.2. PostgreSQL
- 9.10.4. See Also
- 9.11. Using a Virtual Private Network to Secure Network Connections
- 9.11.1. Problem
- 9.11.2. Solution
- 9.11.3. Discussion
- 9.12. Building an Authenticated Secure Channel Without SSL
- 9.12.1. Problem
- 9.12.2. Solution
- 9.12.3. Discussion
- 9.12.4. See Also
- 10. Public Key Infrastructure
- 10.1. Understanding Public Key Infrastructure (PKI)
- 10.1.1. Problem
- 10.1.2. Solution
- 10.1.3. Discussion
- 10.1.3.1. Certificates
- 10.1.3.2. Certification authorities
- 10.1.3.3. Certificate revocation
- 10.1.3.4. Online Certificate Status Protocol
- 10.1.3.5. Certificate hierarchies
- 10.1.3.6. X.509 certificates
- 10.1.4. See Also
- 10.1. Understanding Public Key Infrastructure (PKI)
- 10.2. Obtaining a Certificate
- 10.2.1. Problem
- 10.2.2. Solution
- 10.2.3. Discussion
- 10.2.3.1. Personal certificates
- 10.2.3.2. Code-signing certificates
- 10.2.3.3. Web site certificates
- 10.2.4. See Also
- 10.3. Using Root Certificates
- 10.3.1. Problem
- 10.3.2. Solution
- 10.3.3. Discussion
- 10.3.4. See Also
- 10.4. Understanding X.509 Certificate Verification Methodology
- 10.4.1. Problem
- 10.4.2. Solution
- 10.4.3. Discussion
- 10.4.4. See Also
- 10.5. Performing X.509 Certificate Verification with OpenSSL
- 10.5.1. Problem
- 10.5.2. Solution
- 10.5.3. Discussion
- 10.5.4. See Also
- 10.6. Performing X.509 Certificate Verification with CryptoAPI
- 10.6.1. Problem
- 10.6.2. Solution
- 10.6.3. Discussion
- 10.6.3.1. CryptoAPI certificate stores
- 10.6.4. See Also
- 10.7. Verifying an SSL Peer's Certificate
- 10.7.1. Problem
- 10.7.2. Solution
- 10.7.3. Discussion
- 10.7.4. See Also
- 10.8. Adding Hostname Checking to Certificate Verification
- 10.8.1. Problem
- 10.8.2. Solution
- 10.8.3. Discussion
- 10.8.4. See Also
- 10.9. Using a Whitelist to Verify Certificates
- 10.9.1. Problem
- 10.9.2. Solution
- 10.9.3. Discussion
- 10.10. Obtaining Certificate Revocation Lists with OpenSSL
- 10.10.1. Problem
- 10.10.2. Solution
- 10.10.3. Discussion
- 10.10.4. See Also
- 10.11. Obtaining CRLs with CryptoAPI
- 10.11.1. Problem
- 10.11.2. Solution
- 10.11.3. Discussion
- 10.11.4. See Also
- 10.12. Checking Revocation Status via OCSP with OpenSSL
- 10.12.1. Problem
- 10.12.2. Solution
- 10.12.3. Discussion
- 10.12.4. See Also
- 11. Random Numbers
- 11.1. Determining What Kind of Random Numbers to Use
- 11.1.1. Problem
- 11.1.2. Solution
- 11.1.3. Discussion
- 11.1.4. See Also
- 11.1. Determining What Kind of Random Numbers to Use
- 11.2. Using a Generic API for Randomness and Entropy
- 11.2.1. Problem
- 11.2.2. Solution
- 11.2.3. Discussion
- 11.2.4. See Also
- 11.3. Using the Standard Unix Randomness Infrastructure
- 11.3.1. Problem
- 11.3.2. Solution
- 11.3.3. Discussion
- 11.3.4. See Also
- 11.4. Using the Standard Windows Randomness Infrastructure
- 11.4.1. Problem
- 11.4.2. Solution
- 11.4.3. Discussion
- 11.4.4. See Also
- 11.5. Using an Application-Level Generator
- 11.5.1. Problem
- 11.5.2. Solution
- 11.5.3. Discussion
- 11.5.3.1. Using generators based on block ciphers
- 11.5.3.2. Using a stream cipher as a generator
- 11.5.3.3. Using a generator based on a cryptographic hash function
- 11.5.4. See Also
- 11.6. Reseeding a Pseudo-Random Number Generator
- 11.6.1. Problem
- 11.6.2. Solution
- 11.6.3. Discussion
- 11.6.4. See Also
- 11.7. Using an Entropy Gathering Daemon-Compatible Solution
- 11.7.1. Problem
- 11.7.2. Solution
- 11.7.3. Discussion
- 11.7.4. See Also
- 11.8. Getting Entropy or Pseudo-Randomness Using EGADS
- 11.8.1. Problem
- 11.8.2. Solution
- 11.8.3. Discussion
- 11.8.4. See Also
- 11.9. Using the OpenSSL Random Number API
- 11.9.1. Problem
- 11.9.2. Solution
- 11.9.3. Discussion
- 11.9.4. See Also
- 11.10. Getting Random Integers
- 11.10.1. Problem
- 11.10.2. Solution
- 11.10.3. Discussion
- 11.10.4. See Also
- 11.11. Getting a Random Integer in a Range
- 11.11.1. Problem
- 11.11.2. Solution
- 11.11.3. Discussion
- 11.11.4. See Also
- 11.12. Getting a Random Floating-Point Value with Uniform Distribution
- 11.12.1. Problem
- 11.12.2. Solution
- 11.12.3. Discussion
- 11.13. Getting Floating-Point Values with Nonuniform Distributions
- 11.13.1. Problem
- 11.13.2. Solution
- 11.13.3. Discussion
- 11.13.4. See Also
- 11.14. Getting a Random Printable ASCII String
- 11.14.1. Problem
- 11.14.2. Solution
- 11.14.3. Discussion
- 11.15. Shuffling Fairly
- 11.15.1. Problem
- 11.15.2. Solution
- 11.15.3. Discussion
- 11.15.4. See Also
- 11.16. Compressing Data with Entropy into a Fixed-Size Seed
- 11.16.1. Problem
- 11.16.2. Solution
- 11.16.3. Discussion
- 11.16.4. See Also
- 11.17. Getting Entropy at Startup
- 11.17.1. Problem
- 11.17.2. Solution
- 11.17.3. Discussion
- 11.17.4. See Also
- 11.18. Statistically Testing Random Numbers
- 11.18.1. Problem
- 11.18.2. Solution
- 11.18.3. Discussion
- 11.18.3.1. FIPS 140-1 power-up and on-demand tests
- 11.18.3.2. The FIPS continuous output test
- 11.18.4. See Also
- 11.19. Performing Entropy Estimation and Management
- 11.19.1. Problem
- 11.19.2. Solution
- 11.19.3. Discussion
- 11.19.3.1. Entropy in timestamps
- 11.19.3.2. Entropy in a key press
- 11.19.3.3. Entropy in mouse movements
- 11.19.3.4. Entropy in disk access
- 11.19.3.5. Entropy in data from the network
- 11.19.3.6. Entropy in the sound device
- 11.19.3.7. Entropy from thread timing and other system state
- 11.19.4. See Also
- 11.20. Gathering Entropy from the Keyboard
- 11.20.1. Problem
- 11.20.2. Solution
- 11.20.3. Discussion
- 11.20.3.1. Collecting entropy from the keyboard on Unix
- 11.20.3.2. Collecting entropy from the keyboard on Windows
- 11.20.4. See Also
- 11.21. Gathering Entropy from Mouse Events on Windows
- 11.21.1. Problem
- 11.21.2. Solution
- 11.21.3. Discussion
- 11.21.4. See Also
- 11.22. Gathering Entropy from Thread Timings
- 11.22.1. Problem
- 11.22.2. Solution
- 11.22.3. See Also
- 11.23. Gathering Entropy from System State
- 11.23.1. Problem
- 11.23.2. Solution
- 11.23.3. Discussion
- 11.23.4. See Also
- 12. Anti-Tampering
- 12.1. Understanding the Problem of Software Protection
- 12.1.1. Problem
- 12.1.2. Solution
- 12.1.3. Discussion
- 12.1.3.1. The threat of protection crackers
- 12.1.3.2. The goal of software protection
- 12.1.3.3. The cost of software protection
- 12.1.3.4. Anti-tampering techniques
- 12.1.4. See Also
- 12.1. Understanding the Problem of Software Protection
- 12.2. Detecting Modification
- 12.2.1. Problem
- 12.2.2. Solution
- 12.2.3. Discussion
- 12.2.4. See Also
- 12.3. Obfuscating Code
- 12.3.1. Problem
- 12.3.2. Solution
- 12.3.3. Discussion
- 12.3.4. See Also
- 12.4. Performing Bit and Byte Obfuscation
- 12.4.1. Problem
- 12.4.2. Solution
- 12.4.3. Discussion
- 12.4.4. See Also
- 12.5. Performing Constant Transforms on Variables
- 12.5.1. Problem
- 12.5.2. Solution
- 12.5.3. Discussion
- 12.6. Merging Scalar Variables
- 12.6.1. Problem
- 12.6.2. Solution
- 12.6.3. Discussion
- 12.7. Splitting Variables
- 12.7.1. Problem
- 12.7.2. Solution
- 12.7.3. Discussion
- 12.8. Disguising Boolean Values
- 12.8.1. Problem
- 12.8.2. Solution
- 12.8.3. Discussion
- 12.8.4. See Also
- 12.9. Using Function Pointers
- 12.9.1. Problem
- 12.9.2. Solution
- 12.9.3. Discussion
- 12.10. Restructuring Arrays
- 12.10.1. Problem
- 12.10.2. Solution
- 12.10.3. Discussion
- 12.11. Hiding Strings
- 12.11.1. Problem
- 12.11.2. Solution
- 12.11.3. Discussion
- 12.12. Detecting Debuggers
- 12.12.1. Problem
- 12.12.2. Solution
- 12.12.3. Discussion
- 12.12.4. See Also
- 12.13. Detecting Unix Debuggers
- 12.13.1. Problem
- 12.13.2. Solution
- 12.13.3. Discussion
- 12.13.4. See Also
- 12.14. Detecting Windows Debuggers
- 12.14.1. Problem
- 12.14.2. Solution
- 12.14.3. Discussion
- 12.14.4. See Also
- 12.15. Detecting SoftICE
- 12.15.1. Problem
- 12.15.2. Solution
- 12.15.3. Discussion
- 12.15.4. See Also
- 12.16. Countering Disassembly
- 12.16.1. Problem
- 12.16.2. Solution
- 12.16.3. Discussion
- 12.17. Using Self-Modifying Code
- 12.17.1. Problem
- 12.17.2. Solution
- 12.17.3. Discussion
- 12.17.4. See Also
- 13. Other Topics
- 13.1. Performing Error Handling
- 13.1.1. Problem
- 13.1.2. Solution
- 13.1.3. Discussion
- 13.1.4. See Also
- 13.1. Performing Error Handling
- 13.2. Erasing Data from Memory Securely
- 13.2.1. Problem
- 13.2.2. Solution
- 13.2.3. Discussion
- 13.3. Preventing Memory from Being Paged to Disk
- 13.3.1. Problem
- 13.3.2. Solution
- 13.3.3. Discussion
- 13.4. Using Variable Arguments Properly
- 13.4.1. Problem
- 13.4.2. Solution
- 13.4.3. Discussion
- 13.4.4. See Also
- 13.5. Performing Proper Signal Handling
- 13.5.1. Problem
- 13.5.2. Solution
- 13.5.3. Discussion
- 13.5.4. See Also
- 13.6. Protecting against Shatter Attacks on Windows
- 13.6.1. Problem
- 13.6.2. Solution
- 13.6.3. Discussion
- 13.6.4. See Also
- 13.7. Guarding Against Spawning Too Many Threads
- 13.7.1. Problem
- 13.7.2. Solution
- 13.7.3. Discussion
- 13.8. Guarding Against Creating Too Many Network Sockets
- 13.8.1. Problem
- 13.8.2. Solution
- 13.8.3. Discussion
- 13.9. Guarding Against Resource Starvation Attacks on Unix
- 13.9.1. Problem
- 13.9.2. Solution
- 13.9.3. Discussion
- 13.9.4. See Also
- 13.10. Guarding Against Resource Starvation Attacks on Windows
- 13.10.1. Problem
- 13.10.2. Solution
- 13.10.3. Discussion
- 13.11. Following Best Practices for Audit Logging
- 13.11.1. Problem
- 13.11.2. Solution
- 13.11.3. Discussion
- 13.11.3.1. Network logging
- 13.11.3.2. Logging to CD-R
- 13.11.3.3. Signing and encrypting log entries
- 13.11.4. See Also
- Index
- About the Authors
- Colophon
- SPECIAL OFFER: Upgrade this ebook with OReilly
O'Reilly Media - inne książki
-
Keeping up with the Python ecosystem can be daunting. Its developer tooling doesn't provide the out-of-the-box experience native to languages like Rust and Go. When it comes to long-term project maintenance or collaborating with others, every Python project faces the same problem: how to build re...(201.03 zł najniższa cena z 30 dni)
200.93 zł
239.00 zł(-16%) -
Bringing a deep-learning project into production at scale is quite challenging. To successfully scale your project, a foundational understanding of full stack deep learning, including the knowledge that lies at the intersection of hardware, software, data, and algorithms, is required.This book il...(241.36 zł najniższa cena z 30 dni)
241.26 zł
289.00 zł(-17%) -
Frontend developers have to consider many things: browser compatibility, usability, performance, scalability, SEO, and other best practices. But the most fundamental aspect of creating websites is one that often falls short: accessibility. Accessibility is the cornerstone of any website, and if a...(200.59 zł najniższa cena z 30 dni)
200.09 zł
239.00 zł(-16%) -
In this insightful and comprehensive guide, Addy Osmani shares more than a decade of experience working on the Chrome team at Google, uncovering secrets to engineering effectiveness, efficiency, and team success. Engineers and engineering leaders looking to scale their effectiveness and drive tra...(114.93 zł najniższa cena z 30 dni)
114.88 zł
149.00 zł(-23%) -
Data modeling is the single most overlooked feature in Power BI Desktop, yet it's what sets Power BI apart from other tools on the market. This practical book serves as your fast-forward button for data modeling with Power BI, Analysis Services tabular, and SQL databases. It serves as a starting ...(199.08 zł najniższa cena z 30 dni)
198.88 zł
239.00 zł(-17%) -
C# is undeniably one of the most versatile programming languages available to engineers today. With this comprehensive guide, you'll learn just how powerful the combination of C# and .NET can be. Author Ian Griffiths guides you through C# 12.0 and .NET 8 fundamentals and techniques for building c...(241.02 zł najniższa cena z 30 dni)
240.92 zł
289.00 zł(-17%) -
Learn how to get started with Futures Thinking. With this practical guide, Phil Balagtas, founder of the Design Futures Initiative and the global Speculative Futures network, shows you how designers and futurists have made futures work at companies such as Atari, IBM, Apple, Disney, Autodesk, Luf...(148.10 zł najniższa cena z 30 dni)
148.00 zł
179.00 zł(-17%) -
Augmented Analytics isn't just another book on data and analytics; it's a holistic resource for reimagining the way your entire organization interacts with information to become insight-driven.Moving beyond traditional, limited ways of making sense of data, Augmented Analytics provides a dynamic,...(174.74 zł najniższa cena z 30 dni)
174.54 zł
219.00 zł(-20%) -
Learn how to prepare for—and pass—the Kubernetes and Cloud Native Associate (KCNA) certification exam. This practical guide serves as both a study guide and point of entry for practitioners looking to explore and adopt cloud native technologies. Adrián González Sánchez ...
Kubernetes and Cloud Native Associate (KCNA) Study Guide Kubernetes and Cloud Native Associate (KCNA) Study Guide
(169.14 zł najniższa cena z 30 dni)177.65 zł
199.00 zł(-11%) -
Python is an excellent way to get started in programming, and this clear, concise guide walks you through Python a step at a time—beginning with basic programming concepts before moving on to functions, data structures, and object-oriented design. This revised third edition reflects the gro...(140.34 zł najniższa cena z 30 dni)
140.14 zł
179.00 zł(-22%)
Dzieki opcji "Druk na żądanie" do sprzedaży wracają tytuły Grupy Helion, które cieszyły sie dużym zainteresowaniem, a których nakład został wyprzedany.
Dla naszych Czytelników wydrukowaliśmy dodatkową pulę egzemplarzy w technice druku cyfrowego.
Co powinieneś wiedzieć o usłudze "Druk na żądanie":
- usługa obejmuje tylko widoczną poniżej listę tytułów, którą na bieżąco aktualizujemy;
- cena książki może być wyższa od początkowej ceny detalicznej, co jest spowodowane kosztami druku cyfrowego (wyższymi niż koszty tradycyjnego druku offsetowego). Obowiązująca cena jest zawsze podawana na stronie WWW książki;
- zawartość książki wraz z dodatkami (płyta CD, DVD) odpowiada jej pierwotnemu wydaniu i jest w pełni komplementarna;
- usługa nie obejmuje książek w kolorze.
Masz pytanie o konkretny tytuł? Napisz do nas: sklep[at]helion.pl.
Książka, którą chcesz zamówić pochodzi z końcówki nakładu. Oznacza to, że mogą się pojawić drobne defekty (otarcia, rysy, zagięcia).
Co powinieneś wiedzieć o usłudze "Końcówka nakładu":
- usługa obejmuje tylko książki oznaczone tagiem "Końcówka nakładu";
- wady o których mowa powyżej nie podlegają reklamacji;
Masz pytanie o konkretny tytuł? Napisz do nas: sklep[at]helion.pl.
Książka drukowana
Oceny i opinie klientów: Secure Programming Cookbook for C and C++. Recipes for Cryptography, Authentication, Input Validation & More John Viega, Matt Messier (0) Weryfikacja opinii następuję na podstawie historii zamówień na koncie Użytkownika umieszczającego opinię. Użytkownik mógł otrzymać punkty za opublikowanie opinii uprawniające do uzyskania rabatu w ramach Programu Punktowego.