Angebote zu "Definitive" (114 Treffer)

Kategorien

Shops

Advanced Programming in the UNIX Environment
47,53 € *
ggf. zzgl. Versand

Master the system calls at the heart of today's UNIX and Linux systems: the programming interfaces that drive the UNIX and Linux kernels and run everything from filesystems and multitasking to interprocess communication. A thorough knowledge of system calls is essential for every UNIX and Linux programmer -- and for 20 years, W. Richard Stevens' Advanced Programming in the Unix Environment has delivered that. Now, Stephen Rago has completely updated this classic to reflect modern distributions including Red Hat 2.6.x, Solaris 10 3, OS X 10.5.4, FreeBSD 7.0.5 -- and for the first time, Ubuntu. As in previous editions, Rago begins with essentials such as file and process control, carefully laying the groundwork for more advanced techniques. He supports his crystal-clear explanations with nearly 10,000 lines of code, all carefully tested on each of these leading versions and distributions. Rago begins with an up-to-date overview of the UNIX System, its standardization processes, and its diverse implementations. Next, he introduces file I/O, files, directories, and the Standard I/O Library. You'll walk through working with UNIX/Linux system data files and information… controlling the process environment and its relationships… using signals, threads, and daemon processes… mastering advanced I/O techniques, interprocess communication, sockets, and advanced IPC… using Terminal I/O and Pseudo Terminals… working with database libraries, communicating with network printers, and much more. Appendices provide essential information on function prototypes, miscellaneous source code, and solutions to many of this guide's exercises. For all intermediate-to-advanced level UNIX programmers and software engineers. Product Description For more than twenty years, serious C programmers have relied on one book for practical, in-depth knowledge of the programming interfaces that drive the UNIX and Linux kernels: W. Richard Stevens’ Advanced Programming in the UNIX® Environment. Now, once again, Rich’s colleague Steve Rago has thoroughly updated this classic work. The new third edition supports today’s leading platforms, reflects new technical advances and best practices, and aligns with Version 4 of the Single UNIX Specification. Steve carefully retains the spirit and approach that have made this book so valuable. Building on Rich’s pioneering work, he begins with files, directories, and processes, carefully laying the groundwork for more advanced techniques, such as signal handling and terminal I/O. He also thoroughly covers threads and multithreaded programming, and socket-based IPC. This edition covers more than seventy new interfaces, including POSIX asynchronous I/O, spin locks, barriers, and POSIX semaphores. Most obsolete interfaces have been removed, except for a few that are ubiquitous. Nearly all examples have been tested on four modern platforms: Solaris 10, Mac OS X version 10.6.8 (Darwin 10.8.0), FreeBSD 8.0, and Ubuntu version 12.04 (based on Linux 3.2). As in previous editions, you’ll learn through examples, including more than ten thousand lines of downloadable, ISO C source code. More than four hundred system calls and functions are demonstrated with concise, complete programs that clearly illustrate their usage, arguments, and return values. To tie together what you’ve learned, the book presents several chapter-length case studies, each reflecting contemporary environments. Advanced Programming in the UNIX® Environment has helped generations of programmers write code with exceptional power, performance, and reliability. Now updated for today’s systems, this third edition will be even more valuable. Features + Benefits W. Richard Stevens' definitive, classic guide to UNIX® programming, now 100% updated for today's leading systems and distributions!The new third edition of Advanced Programming in the UNIX® Environment supports today's leading platforms, reflects new technical advances and best practices, and aligns with Version 4 of the Single UNIX Specification. This valuable tool begins with files, directories, and processes, carefully laying the groundwork for more advanced techniques, such as signal handling and terminal I/O then thoroughly covers threads and multithreaded programming, and socket-based IPC. This edition covers more than seventy new interfaces, including POSIX asynchronous I/O, spin locks, barriers, and POSIX semaphores. Students are given examples, including more than ten thousand lines of downloadable, ISO C source code. More than four hundred system calls and functions are demonstrated with concise, complete programs that clearly illustrate their usage, arguments, and return values. To tie together what they've learned, the book presents several chapter-length case studies, each reflecting contemporary environments.

Anbieter: buecher
Stand: 13.07.2020
Zum Angebot
Advanced Programming in the UNIX Environment
47,53 € *
ggf. zzgl. Versand

Master the system calls at the heart of today's UNIX and Linux systems: the programming interfaces that drive the UNIX and Linux kernels and run everything from filesystems and multitasking to interprocess communication. A thorough knowledge of system calls is essential for every UNIX and Linux programmer -- and for 20 years, W. Richard Stevens' Advanced Programming in the Unix Environment has delivered that. Now, Stephen Rago has completely updated this classic to reflect modern distributions including Red Hat 2.6.x, Solaris 10 3, OS X 10.5.4, FreeBSD 7.0.5 -- and for the first time, Ubuntu. As in previous editions, Rago begins with essentials such as file and process control, carefully laying the groundwork for more advanced techniques. He supports his crystal-clear explanations with nearly 10,000 lines of code, all carefully tested on each of these leading versions and distributions. Rago begins with an up-to-date overview of the UNIX System, its standardization processes, and its diverse implementations. Next, he introduces file I/O, files, directories, and the Standard I/O Library. You'll walk through working with UNIX/Linux system data files and information… controlling the process environment and its relationships… using signals, threads, and daemon processes… mastering advanced I/O techniques, interprocess communication, sockets, and advanced IPC… using Terminal I/O and Pseudo Terminals… working with database libraries, communicating with network printers, and much more. Appendices provide essential information on function prototypes, miscellaneous source code, and solutions to many of this guide's exercises. For all intermediate-to-advanced level UNIX programmers and software engineers. Product Description For more than twenty years, serious C programmers have relied on one book for practical, in-depth knowledge of the programming interfaces that drive the UNIX and Linux kernels: W. Richard Stevens’ Advanced Programming in the UNIX® Environment. Now, once again, Rich’s colleague Steve Rago has thoroughly updated this classic work. The new third edition supports today’s leading platforms, reflects new technical advances and best practices, and aligns with Version 4 of the Single UNIX Specification. Steve carefully retains the spirit and approach that have made this book so valuable. Building on Rich’s pioneering work, he begins with files, directories, and processes, carefully laying the groundwork for more advanced techniques, such as signal handling and terminal I/O. He also thoroughly covers threads and multithreaded programming, and socket-based IPC. This edition covers more than seventy new interfaces, including POSIX asynchronous I/O, spin locks, barriers, and POSIX semaphores. Most obsolete interfaces have been removed, except for a few that are ubiquitous. Nearly all examples have been tested on four modern platforms: Solaris 10, Mac OS X version 10.6.8 (Darwin 10.8.0), FreeBSD 8.0, and Ubuntu version 12.04 (based on Linux 3.2). As in previous editions, you’ll learn through examples, including more than ten thousand lines of downloadable, ISO C source code. More than four hundred system calls and functions are demonstrated with concise, complete programs that clearly illustrate their usage, arguments, and return values. To tie together what you’ve learned, the book presents several chapter-length case studies, each reflecting contemporary environments. Advanced Programming in the UNIX® Environment has helped generations of programmers write code with exceptional power, performance, and reliability. Now updated for today’s systems, this third edition will be even more valuable. Features + Benefits W. Richard Stevens' definitive, classic guide to UNIX® programming, now 100% updated for today's leading systems and distributions!The new third edition of Advanced Programming in the UNIX® Environment supports today's leading platforms, reflects new technical advances and best practices, and aligns with Version 4 of the Single UNIX Specification. This valuable tool begins with files, directories, and processes, carefully laying the groundwork for more advanced techniques, such as signal handling and terminal I/O then thoroughly covers threads and multithreaded programming, and socket-based IPC. This edition covers more than seventy new interfaces, including POSIX asynchronous I/O, spin locks, barriers, and POSIX semaphores. Students are given examples, including more than ten thousand lines of downloadable, ISO C source code. More than four hundred system calls and functions are demonstrated with concise, complete programs that clearly illustrate their usage, arguments, and return values. To tie together what they've learned, the book presents several chapter-length case studies, each reflecting contemporary environments.

Anbieter: buecher
Stand: 13.07.2020
Zum Angebot
The Art of Software Security Assessment
51,34 € *
ggf. zzgl. Versand

Computer Software is an integral part of modern society. Companies rely on applications to manage client information, payment data, and inventory tracking. Consumers use software for a variety of different reasons as well--to manage their daily lives, to communicate with friends and family, and to browse resources made available on the internet, to name a few. With such a heavy reliance on software in our society, questions surrounding the security of the pieces of software performing these various tasks begin to arise. Is the software we are using really secure? How can we verify that it is? And what are the implications of a particular application being compromised? These are some of the questions that this book attempts to address. This book sheds light on the theory and practice of code auditing--how to rip apart an application and discover security vulnerabilities, whether they be simple or subtle, and how to assess the danger that each vulnerability represents. Product Description "There are a number of secure programming books on the market, but none that go as deep as this one. The depth and detail exceeds all books that I know about by an order of magnitude." -Halvar Flake, CEO and head of research, SABRE Security GmbH The Definitive Insider's Guide to Auditing Software Security This is one of the most detailed, sophisticated, and useful guides to software security auditing ever written. The authors are leading security consultants and researchers who have personally uncovered vulnerabilities in applications ranging from sendmail to Microsoft Exchange, Check Point VPN to Internet Explorer. Drawing on their extraordinary experience, they introduce a start-to-finish methodology for "ripping apart" applications to reveal even the most subtle and well-hidden security flaws. The Art of Software Security Assessment covers the full spectrum of software vulnerabilities in both UNIX/Linux and Windows environments. It demonstrates how to audit security in applications of all sizes and functions, including network and Web software. Moreover, it teaches using extensive examples of real code drawn from past flaws in many of the industry's highest-profile applications. Coverage includes . Code auditing: theory, practice, proven methodologies, and secrets of the trade . Bridging the gap between secure software design and post-implementation review . Performing architectural assessment: design review, threat modeling, and operational review . Identifying vulnerabilities related to memory management, data types, and malformed data . UNIX/Linux assessment: privileges, files, and processes . Windows-specific issues, including objects and the filesystem . Auditing interprocess communication, synchronization, and state . Evaluating network software: IP stacks, firewalls, and common application protocols . Auditing Web applications and technologies This book is an unprecedented resource for everyone who must deliver secure software or assure the safety of existing software: consultants, security specialists, developers, QA staff, testers, and administrators alike. Contents ABOUT THE AUTHORS xv PREFACE xvii ACKNOWLEDGMENTS xxi I Introduction to Software Security Assessment 1 SOFTWARE VULNERABILITY FUNDAMENTALS 3 2 DESIGN REVIEW 25 3 OPERATIONAL REVIEW 67 4 APPLICATION REVIEW PROCESS 91 II Software Vulnerabilities 5 MEMORY CORRUPTION 167 6 C LANGUAGE ISSUES 203 7 PROGRAM BUILDING BLOCKS 297 8 STRINGS ANDMETACHARACTERS 387 9 UNIX I: PRIVILEGES AND FILES 459 10 UNIX II: PROCESSES 559 11 WINDOWS I: OBJECTS AND THE FILE SYSTEM 625 12 WINDOWS II: INTERPROCESS COMMUNICATION 685 13 SYNCHRONIZATION AND STATE 755 III Software Vulnerabilities in Practice 14 NETWORK PROTOCOLS 829 15 FIREWALLS 891 16 NETWORK APPLICATION PROTOCOLS 921 17 WEB APPLICATIONS 1007 18 WEB TECHNOLOGIES 1083 BIBLIOGRAPHY 1125 INDEX 1129 Backcover "There are a number of secure programming books on the market, but none that go as deep as this one. The depth and detail exceeds all books that I know about by an order of magnitude." -Halvar Flake, CEO and head of research, SABRE Security GmbH The Definitive Insider's Guide to Auditing Software Security This is one of the most detailed, sophisticated, and useful guides to software security auditing ever written. The authors are leading security consultants and researchers who have personally uncovered vulnerabilities in applications ranging from sendmail to Microsoft Exchange, Check Point VPN to Internet Explorer. Drawing on their extraordinary experience, they introduce a start-to-finish methodology for "ripping apart" applications to reveal even the most subtle and well-hidden security flaws. The Art of Software Security Assessment covers the full spectrum of software vulnerabilities in both UNIX/Linux and Windows environments. It demonstrates how to audit security in applications of all sizes and functions, including network and Web software. Moreover, it teaches using extensive examples of real code drawn from past flaws in many of the industry's highest-profile applications. Coverage includes . Code auditing: theory, practice, proven methodologies, and secrets of the trade . Bridging the gap between secure software design and post-implementation review . Performing architectural assessment: design review, threat modeling, and operational review . Identifying vulnerabilities related to memory management, data types, and malformed data . UNIX/Linux assessment: privileges, files, and processes . Windows-specific issues, including objects and the filesystem . Auditing interprocess communication, synchronization, and state . Evaluating network software: IP stacks, firewalls, and common application protocols . Auditing Web applications and technologies This book is an unprecedented resource for everyone who must deliver secure software or assure the safety of existing software: consultants, security specialists, developers, QA staff, testers, and administrators alike. Contents ABOUT THE AUTHORS xv PREFACE xvii ACKNOWLEDGMENTS xxi I Introduction to Software Security Assessment 1 SOFTWARE VULNERABILITY FUNDAMENTALS 3 2 DESIGN REVIEW 25 3 OPERATIONAL REVIEW 67 4 APPLICATION REVIEW PROCESS 91 II Software Vulnerabilities 5 MEMORY CORRUPTION 167 6 C LANGUAGE ISSUES 203 7 PROGRAM BUILDING BLOCKS 297 8 STRINGS ANDMETACHARACTERS 387 9 UNIX I: PRIVILEGES AND FILES 459 10 UNIX II: PROCESSES 559 11 WINDOWS I: OBJECTS AND THE FILE SYSTEM 625 12 WINDOWS II: INTERPROCESS COMMUNICATION 685 13 SYNCHRONIZATION AND STATE 755 III Software Vulnerabilities in Practice 14 NETWORK PROTOCOLS 829 15 FIREWALLS 891 16 NETWORK APPLICATION PROTOCOLS 921 17 WEB APPLICATIONS 1007 18 WEB TECHNOLOGIES 1083 BIBLIOGRAPHY 1125 INDEX 1129 ABOUT THE AUTHORS xv PREFACE xvii ACKNOWLEDGMENTS xxi I Introduction to Software Security Assessment 1 SOFTWARE VULNERABILITY FUNDAMENTALS 3 2 DESIGN REVIEW 25 3 OPERATIONAL REVIEW 67 4 APPLICATION REVIEW PROCESS 91 II Software Vulnerabilities 5 MEMORY CORRUPTION 167 6 C LANGUAGE ISSUES 203 7 PROGRAM BUILDING BLOCKS 297 8 STRINGS ANDMETACHARACTERS 387 9 UNIX I: PRIVILEGES AND FILES 459 10 UNIX II: PROCESSES 559 11 WINDOWS I: OBJECTS AND THE FILE SYSTEM 625 12 WINDOWS II: INTERPROCESS COMMUNICATION 685 13 SYNCHRONIZATION AND STATE 755 III Software Vulnerabilities in Practice 14 NETWORK PROTOCOLS 829 15 FIREWALLS 891 16 NETWORK APPLICATION PROTOCOLS 921 17 WEB APPLICATIONS 1007 18 WEB TECHNOLOGIES 1083 BIBLIOGRAPHY 1125 INDEX 1129"There are a number of secure programming books on the market, but none that go as deep as this one. The depth and detail exceeds all books that I know about by an order of magnitude." - Halvar Flake, CEO and head of research, SABRE Security GmbH The Definitive Insider's Guide to Auditing Software Security This is one of the most detailed, sophisticated, and useful guides to software security auditing ever written. The authors are leading security consultants and researchers who have personally uncovered vulnerabilities in applications ranging from sendmail to Microsoft Exchange, Check Point VPN to Internet Explorer. Drawing on their extraordinary experience, they introduce a start-to-finish methodology for "ripping apart" applications to reveal even the most subtle and well-hidden security flaws. The Art of Software Security Assessment covers the full spectrum of software vulnerabilities in both UNIX/Linux and Windows environments. It demonstrates how to audit security in applications of all sizes and functions, including network and Web software. Moreover, it teaches using extensive examples of real code drawn from past flaws in many of the industry's highest-profile applications . Coverage includes - Code auditing: theory, practice, proven methodologies, and secrets of the trade - Bridging the gap between secure software design and post-implementation review - Performing architectural assessment: design review, threat modeling, and operational review - Identifying vulnerabilities related to memory management, data types, and malformed data - UNIX/Linux assessment: privileges, files, and processes - Windows-specific issues, including objects and the filesystem - Auditing interprocess communication, synchronization, and state - Evaluating network software: IP stacks, firewalls, and common application protocols - Auditing Web applications and technologies This book is an unprecedented resource for everyone who must deliver secure software or assure the safety of existing software: consultants, security specialists, developers, QA staff, testers, and administrators alike. Contents ABOUT THE AUTHORS xv PREFACE xvii ACKNOWLEDGMENTS xxi I Introduction to Software Security Assessment 1 SOFTWARE VULNERABILITY FUNDAMENTALS 3 2 DESIGN REVIEW 25 3 OPERATIONAL REVIEW 67 4 APPLICATION REVIEW PROCESS 91 II Software Vulnerabilities 5 MEMORY CORRUPTION 167 6 C LANGUAGE ISSUES 203 7 PROGRAM BUILDING BLOCKS 297 8 STRINGS ANDMETACHARACTERS 387 9 UNIX I: PRIVILEGES AND FILES 459 10 UNIX II: PROCESSES 559 11 WINDOWS I: OBJECTS AND THE FILE SYSTEM 625 12 WINDOWS II: INTERPROCESS COMMUNICATION 685 13 SYNCHRONIZATION AND STATE 755 III Software Vulnerabilities in Practice 14 NETWORK PROTOCOLS 829 15 FIREWALLS 891

Anbieter: buecher
Stand: 13.07.2020
Zum Angebot
The Art of Software Security Assessment
51,34 € *
ggf. zzgl. Versand

Computer Software is an integral part of modern society. Companies rely on applications to manage client information, payment data, and inventory tracking. Consumers use software for a variety of different reasons as well--to manage their daily lives, to communicate with friends and family, and to browse resources made available on the internet, to name a few. With such a heavy reliance on software in our society, questions surrounding the security of the pieces of software performing these various tasks begin to arise. Is the software we are using really secure? How can we verify that it is? And what are the implications of a particular application being compromised? These are some of the questions that this book attempts to address. This book sheds light on the theory and practice of code auditing--how to rip apart an application and discover security vulnerabilities, whether they be simple or subtle, and how to assess the danger that each vulnerability represents. Product Description "There are a number of secure programming books on the market, but none that go as deep as this one. The depth and detail exceeds all books that I know about by an order of magnitude." -Halvar Flake, CEO and head of research, SABRE Security GmbH The Definitive Insider's Guide to Auditing Software Security This is one of the most detailed, sophisticated, and useful guides to software security auditing ever written. The authors are leading security consultants and researchers who have personally uncovered vulnerabilities in applications ranging from sendmail to Microsoft Exchange, Check Point VPN to Internet Explorer. Drawing on their extraordinary experience, they introduce a start-to-finish methodology for "ripping apart" applications to reveal even the most subtle and well-hidden security flaws. The Art of Software Security Assessment covers the full spectrum of software vulnerabilities in both UNIX/Linux and Windows environments. It demonstrates how to audit security in applications of all sizes and functions, including network and Web software. Moreover, it teaches using extensive examples of real code drawn from past flaws in many of the industry's highest-profile applications. Coverage includes . Code auditing: theory, practice, proven methodologies, and secrets of the trade . Bridging the gap between secure software design and post-implementation review . Performing architectural assessment: design review, threat modeling, and operational review . Identifying vulnerabilities related to memory management, data types, and malformed data . UNIX/Linux assessment: privileges, files, and processes . Windows-specific issues, including objects and the filesystem . Auditing interprocess communication, synchronization, and state . Evaluating network software: IP stacks, firewalls, and common application protocols . Auditing Web applications and technologies This book is an unprecedented resource for everyone who must deliver secure software or assure the safety of existing software: consultants, security specialists, developers, QA staff, testers, and administrators alike. Contents ABOUT THE AUTHORS xv PREFACE xvii ACKNOWLEDGMENTS xxi I Introduction to Software Security Assessment 1 SOFTWARE VULNERABILITY FUNDAMENTALS 3 2 DESIGN REVIEW 25 3 OPERATIONAL REVIEW 67 4 APPLICATION REVIEW PROCESS 91 II Software Vulnerabilities 5 MEMORY CORRUPTION 167 6 C LANGUAGE ISSUES 203 7 PROGRAM BUILDING BLOCKS 297 8 STRINGS ANDMETACHARACTERS 387 9 UNIX I: PRIVILEGES AND FILES 459 10 UNIX II: PROCESSES 559 11 WINDOWS I: OBJECTS AND THE FILE SYSTEM 625 12 WINDOWS II: INTERPROCESS COMMUNICATION 685 13 SYNCHRONIZATION AND STATE 755 III Software Vulnerabilities in Practice 14 NETWORK PROTOCOLS 829 15 FIREWALLS 891 16 NETWORK APPLICATION PROTOCOLS 921 17 WEB APPLICATIONS 1007 18 WEB TECHNOLOGIES 1083 BIBLIOGRAPHY 1125 INDEX 1129 Backcover "There are a number of secure programming books on the market, but none that go as deep as this one. The depth and detail exceeds all books that I know about by an order of magnitude." -Halvar Flake, CEO and head of research, SABRE Security GmbH The Definitive Insider's Guide to Auditing Software Security This is one of the most detailed, sophisticated, and useful guides to software security auditing ever written. The authors are leading security consultants and researchers who have personally uncovered vulnerabilities in applications ranging from sendmail to Microsoft Exchange, Check Point VPN to Internet Explorer. Drawing on their extraordinary experience, they introduce a start-to-finish methodology for "ripping apart" applications to reveal even the most subtle and well-hidden security flaws. The Art of Software Security Assessment covers the full spectrum of software vulnerabilities in both UNIX/Linux and Windows environments. It demonstrates how to audit security in applications of all sizes and functions, including network and Web software. Moreover, it teaches using extensive examples of real code drawn from past flaws in many of the industry's highest-profile applications. Coverage includes . Code auditing: theory, practice, proven methodologies, and secrets of the trade . Bridging the gap between secure software design and post-implementation review . Performing architectural assessment: design review, threat modeling, and operational review . Identifying vulnerabilities related to memory management, data types, and malformed data . UNIX/Linux assessment: privileges, files, and processes . Windows-specific issues, including objects and the filesystem . Auditing interprocess communication, synchronization, and state . Evaluating network software: IP stacks, firewalls, and common application protocols . Auditing Web applications and technologies This book is an unprecedented resource for everyone who must deliver secure software or assure the safety of existing software: consultants, security specialists, developers, QA staff, testers, and administrators alike. Contents ABOUT THE AUTHORS xv PREFACE xvii ACKNOWLEDGMENTS xxi I Introduction to Software Security Assessment 1 SOFTWARE VULNERABILITY FUNDAMENTALS 3 2 DESIGN REVIEW 25 3 OPERATIONAL REVIEW 67 4 APPLICATION REVIEW PROCESS 91 II Software Vulnerabilities 5 MEMORY CORRUPTION 167 6 C LANGUAGE ISSUES 203 7 PROGRAM BUILDING BLOCKS 297 8 STRINGS ANDMETACHARACTERS 387 9 UNIX I: PRIVILEGES AND FILES 459 10 UNIX II: PROCESSES 559 11 WINDOWS I: OBJECTS AND THE FILE SYSTEM 625 12 WINDOWS II: INTERPROCESS COMMUNICATION 685 13 SYNCHRONIZATION AND STATE 755 III Software Vulnerabilities in Practice 14 NETWORK PROTOCOLS 829 15 FIREWALLS 891 16 NETWORK APPLICATION PROTOCOLS 921 17 WEB APPLICATIONS 1007 18 WEB TECHNOLOGIES 1083 BIBLIOGRAPHY 1125 INDEX 1129 ABOUT THE AUTHORS xv PREFACE xvii ACKNOWLEDGMENTS xxi I Introduction to Software Security Assessment 1 SOFTWARE VULNERABILITY FUNDAMENTALS 3 2 DESIGN REVIEW 25 3 OPERATIONAL REVIEW 67 4 APPLICATION REVIEW PROCESS 91 II Software Vulnerabilities 5 MEMORY CORRUPTION 167 6 C LANGUAGE ISSUES 203 7 PROGRAM BUILDING BLOCKS 297 8 STRINGS ANDMETACHARACTERS 387 9 UNIX I: PRIVILEGES AND FILES 459 10 UNIX II: PROCESSES 559 11 WINDOWS I: OBJECTS AND THE FILE SYSTEM 625 12 WINDOWS II: INTERPROCESS COMMUNICATION 685 13 SYNCHRONIZATION AND STATE 755 III Software Vulnerabilities in Practice 14 NETWORK PROTOCOLS 829 15 FIREWALLS 891 16 NETWORK APPLICATION PROTOCOLS 921 17 WEB APPLICATIONS 1007 18 WEB TECHNOLOGIES 1083 BIBLIOGRAPHY 1125 INDEX 1129"There are a number of secure programming books on the market, but none that go as deep as this one. The depth and detail exceeds all books that I know about by an order of magnitude." - Halvar Flake, CEO and head of research, SABRE Security GmbH The Definitive Insider's Guide to Auditing Software Security This is one of the most detailed, sophisticated, and useful guides to software security auditing ever written. The authors are leading security consultants and researchers who have personally uncovered vulnerabilities in applications ranging from sendmail to Microsoft Exchange, Check Point VPN to Internet Explorer. Drawing on their extraordinary experience, they introduce a start-to-finish methodology for "ripping apart" applications to reveal even the most subtle and well-hidden security flaws. The Art of Software Security Assessment covers the full spectrum of software vulnerabilities in both UNIX/Linux and Windows environments. It demonstrates how to audit security in applications of all sizes and functions, including network and Web software. Moreover, it teaches using extensive examples of real code drawn from past flaws in many of the industry's highest-profile applications . Coverage includes - Code auditing: theory, practice, proven methodologies, and secrets of the trade - Bridging the gap between secure software design and post-implementation review - Performing architectural assessment: design review, threat modeling, and operational review - Identifying vulnerabilities related to memory management, data types, and malformed data - UNIX/Linux assessment: privileges, files, and processes - Windows-specific issues, including objects and the filesystem - Auditing interprocess communication, synchronization, and state - Evaluating network software: IP stacks, firewalls, and common application protocols - Auditing Web applications and technologies This book is an unprecedented resource for everyone who must deliver secure software or assure the safety of existing software: consultants, security specialists, developers, QA staff, testers, and administrators alike. Contents ABOUT THE AUTHORS xv PREFACE xvii ACKNOWLEDGMENTS xxi I Introduction to Software Security Assessment 1 SOFTWARE VULNERABILITY FUNDAMENTALS 3 2 DESIGN REVIEW 25 3 OPERATIONAL REVIEW 67 4 APPLICATION REVIEW PROCESS 91 II Software Vulnerabilities 5 MEMORY CORRUPTION 167 6 C LANGUAGE ISSUES 203 7 PROGRAM BUILDING BLOCKS 297 8 STRINGS ANDMETACHARACTERS 387 9 UNIX I: PRIVILEGES AND FILES 459 10 UNIX II: PROCESSES 559 11 WINDOWS I: OBJECTS AND THE FILE SYSTEM 625 12 WINDOWS II: INTERPROCESS COMMUNICATION 685 13 SYNCHRONIZATION AND STATE 755 III Software Vulnerabilities in Practice 14 NETWORK PROTOCOLS 829 15 FIREWALLS 891

Anbieter: buecher
Stand: 13.07.2020
Zum Angebot
The Definitive Guide to Linux Network Programming
47,99 € *
ggf. zzgl. Versand

The Definitive Guide to Linux Network Programming ab 47.99 EURO Softcover reprint of the original 1st ed

Anbieter: ebook.de
Stand: 13.07.2020
Zum Angebot
The Definitive Guide to SUSE Linux Enterprise S...
74,99 € *
ggf. zzgl. Versand

The Definitive Guide to SUSE Linux Enterprise Server 12 ab 74.99 EURO 1st ed

Anbieter: ebook.de
Stand: 13.07.2020
Zum Angebot
The Definitive Guide to SUSE Linux Enterprise S...
77,49 € *
ggf. zzgl. Versand

The Definitive Guide to SUSE Linux Enterprise Server ab 77.49 EURO Softcover reprint of the original 1st ed

Anbieter: ebook.de
Stand: 13.07.2020
Zum Angebot
The Definitive Guide to SUSE Linux Enterprise S...
77,99 € *
ggf. zzgl. Versand

The Definitive Guide to SUSE Linux Enterprise Server ab 77.99 EURO 1st ed.

Anbieter: ebook.de
Stand: 13.07.2020
Zum Angebot
Pluggable Authentication Modules: The Definitiv...
11,99 € *
ggf. zzgl. Versand

Pluggable Authentication Modules: The Definitive Guide to PAM for Linux SysAdmins and C Developers ab 11.99 EURO

Anbieter: ebook.de
Stand: 13.07.2020
Zum Angebot