Secure Programming Cookbook for C and C++
by John Viega and Matt Messier
O'Reilly, 2003.
ISBN 0-596-00394-3. 762 pages
Reviewed by Robert Bruen November 8, 2003
Writing secure is hard, even if if you are allowed to do it while working on that project. Viega has already contributed an excellent book on secure coding (Building Secure Software, Addison-Wesley 2002), but there is nothing like a cookbook full of good examples. The chapters are generally organized with a problem statement, discussion of salient points and a code recipe to deal with the problem.
The recipes can be used to help your code by using them directly. They can be used as a model on how to go about coding for the problem stated or a similar problem. Best of all, they can be used to learn how it is done coming from guys who know how it is done, because the reasons and the explanations are so good.
In the earliest days of programming (i.e. Banks and COBOL), input validation was a standard part of programming courses and practice. Somehow, that concept was lost, with the expected consequences as demonstrated over the past decade. Sending malformed requests to web servers is a common practice, for example. The authors have brought back input validation in one of the chapters. The authors say that most of the book is really about preventing malicious input in one way or another. The principles are simple: Do not trust any input period; Reject rather than filter; Validate a lot at each level. In general, you follow firewall principles such as deny(reject) everything, then allow only specific input based on some reason. All programmers are aware that C has a few features that are inherently insecure such as library functions and a lack of checking by the language itself.
The buffer overflow problem is a well known, pervasive problem which has been around for quite a while. One would think that these days anyone writing code would pay attention, but one would be wrong. I choose to believe that the real source of the continuing problem is that some programmers just do not understand enough about how to avoid it. This book is where those few programmers can get help.
Cross-Site scripting problems seem to appear almost daily with some web app or another. One would expect that like buffer overflows, there should be fewer of them because of the publicity of XSS. Again, the problem continues anew. There is a good technical description of how it happens and some good pointers about how to prevent it. SQL injection and the problems of environment variables are addressed in the same, well thought out, manner.
Much of the book deals with encryption issues such as random numbers, public keys, and authentication. There are separate chapters on symmetric encryption fundamentals and one on more advanced topics. The networking chapter covers SSL, Kerberos, sockets and other connections. There does not seem to anything that was overlooked, but I will keep trying to find it.
One especially interesting chapter looks at the problem of software protection. It is a timely topic as vendors look for software solutions to protect copyrighted materials and lock outs from playing CDs and DVDs. Reverse engineering will probably always win out, but at least analyzing the various approaches is a god exercise. This is one of the few places assembly language shows up, just to highlight how technical the book is.
Assuming a fair amount of knowledge, the Secure Code Cookbook is aimed at the programmer to provide help where it counts: in writing code. This is a highly recommended book for those writing code, but anyone who wants to truly understand what secure code is about would benefit by reading it.