This book contains the following chapters:
Chapter 1 provides an overview of the problem, introduces
security terms and concepts, and provides insight as
to why so many vulnerabilities are found in C and
C++ programs.
Chapter 2 describes string manipulation in C and C++,
common security flaws, and resulting vulnerabilities
including buffer overflow and stack smashing. Both
code and arc injection exploits are examined. Chapter 3 introduces arbitrary memory write exploits that
allows an attacker to write a single address to any
location in memory. This chapter describes how
these exploits can be used to execute arbitrary
code on a compromised machine. Vulnerabilities
resulting from arbitrary memory writes are discussed
in later chapters.
Chapter 4 describes dynamic memory management.
Dynamically allocated buffer overflows, writing to
freed memory, and double-free vulnerabilities are
described.
Chapter 5 covers integral security issues (security issues dealing
with integers) including integer overflows, sign
errors, and truncation errors.
Chapter 6 describes the correct and incorrect use of
formatted output functions. Both format string and
buffer overflows vulnerabilities resulting from the
incorrect use of these functions are described.
Chapter 7 describes common vulnerabilities associated with file
I/O including race conditions and time of creation,
time of use (TOCTOU) vulnerabilities.
Chapter 8 recommends specific development practices for
improving the overall security of your C / C++
application. These recommendat the
recommendations included in each chapter for
addressing specific vulnerability classes.
This book focuses on programming flaws in C and C++ that are the most common causes of software vulnerabilities. However, because of size and space constraints, not every potential source of vulnerabilities is covered.
Chapter 1. Running with Scissors.
Chapter 2. Strings.
Chapter 3. Pointer Subterfuge.
Chapter 4. Dynamic Memory Management.
Chapter 5. Integer Security.
Chapter 6. Formatted Output.
Chapter 7. File I/O.
Chapter 8. Recommended Practices.