Building Secure Software: How to Avoid Security Problems the Right Way
John Viega
Gary McGraw

ISBN-10: 020172152X
ISBN-13: 9780201721522

Publisher: Addison-Wesley Professional
Copyright: 2002
Format: Cloth; 528 pp
Published: 09/24/2001

Suggested retail price: $59.99
Buy from myPearsonStore

Building Secure Software cuts to the heart of computer security to help students get security right the first time. Bugs in software are a serious problem and students must learn to take that into consideration early on in the software development lifecycle. Building Secure Software provides expert perspectives and techniques to help you ensure the security of essential software. If students learn to consider threats and vulnerabilities early in the development cycle they can build security into the system. With this book students will learn how to determine an acceptable level of risk, develop security tests, and plug security holes before software is even shipped.



Foreword.


Preface.

Organization.

Code Examples.

Contacting Us.



Acknowledgments.


1. Introduction to Software Security.

It's All about the Software.

Dealing with Widespread Security Failures.

Bugtraq.

CERT Advisories.

RISKS Digest.

Technical Trends Affecting Software Security.

The 'ilities.

What Is Security?.

Isn't That Just Reliability?

Penetrate and Patch Is Bad.

On Art and Engineering.

Security Goals.

Prevention.

Traceability and Auditing.

Monitoring.

Privacy and Confidentiality.

Multilevel Security.

Anonymity.

Authentication.

Integrity.

Know Your Enemy: Common Software Security Pitfalls.

Software Project Goals.

Conclusion.



2. Managing Software Security Risk.

An Overview of Software Risk Management for Security.

The Role of Security Personnel.

Software Security Personnel in the Life Cycle.

Deriving Requirements.

Risk Assessment.

Design for Security.

Implementation.

Security Testing.

A Dose of Reality.

Getting People to Think about Security.

Software Risk Management in Practice.

When Development Goes Astray.

When Security Analysis Goes Astray.

The Common Criteria.

Conclusion.



3. Selecting Technologies.

Choosing a Language.

Choosing a Distributed Object Platform.

CORBA.

DCOM.

EJB and RMI.

Choosing an Operating System.

Authentication Technologies.

Host-Based Authentication.

Physical Tokens.

Biometric Authentication.

Cryptographic Authentication.

Defense in Depth and Authentication.

Conclusion.



4. On Open Source and Closed Source.

Security by Obscurity.

Reverse Engineering.

Code Obfuscation.

Security for Shrink-Wrapped Software.

Security by Obscurity Is No Panacea.

The Flip Side: Open-Source Software.

Is the “Many-Eyeballs Phenomenon<170) Real?

Why Vulnerability Detection Is Hard.

Other Worries.

On Publishing Cryptographic Algorithms.

Two More Open-Source Fallacies.

The Microsoft Fallacy.

The Java Fallacy.

An Example: GNU Mailman Security.

More Evidence: Trojan Horses.

To Open Source or Not to Open Source.

Another Security Lesson from Buffer Overflows.

Beating the Drum.

Conclusion.



5. Guiding Principles for Software Security.

Principle 1: Secure the Weakest Link.

Principle 2: Practice Defense in Depth.

Principle 3: Fail Securely.

Principle 4: Follow the Principle of Least Privilege.

Principle 5: Compartmentalize.

Principle 6: Keep It Simple.

Principle 7: Promote Privacy.

Principle 8: Remember That Hiding Secrets Is Hard.

Principle 9: Be Reluctant to Trust.

Principle 10: Use Your Community Resources.

Conclusion.



6. Auditing Software.

Architectural Security Analysis.

Attack Trees.

Reporting Analysis Findings.

Implementation Security Analysis.

Auditing Source Code.

Source-level Security Auditing Tools.

Using RATS in an Analysis.

The Effectiveness of Security Scanning of Software.

Conclusion.



7. Buffer Overflows.

What Is a Buffer Overflow?

Why Are Buffer Overflows a Security Problem?

Defending against Buffer Overflow.

Major Gotchas.

Internal Buffer Overflows.

More Input Overflows.

Other Risks.

Tools That Can Help.

Smashing Heaps and Stacks.

Heap Overflows.

Stack Overflows.

Decoding the Stack.

To Infinity and Beyond!

Attack Code.

A UNIX Exploit.

What About Windows?

Conclusion.



8. Access Control.

The UNIX Access Control Model.

How UNIX Permissions Work.

Modifying File Attributes.

Modifying Ownership.

The umask.

The Programmatic Interface.

Setuid Programming.

Access Control in Windows NT.

Compartmentalization.

Fine-Grained Privileges.

Conclusion.



9. Race Conditions.

What Is a Race Condition?

Time-of-Check, Time-of-Use.

Broken passwd.

Avoiding TOCTOU Problems.

Secure File Access.

Temporary Files.

File Locking.

Other Race Conditions.

Conclusion.



10. Randomness and Determinism.

Pseudo-random Number Generators.

Examples of PRNGs.

The Blum-Blum-Shub PRNG.

The Tiny PRNG.

Attacks Against PRNGs.

How to Cheat in On-line Gambling.

Statistical Tests on PRNGs.

Entropy Gathering and Estimation.

Hardware Solutions.

Software Solutions.

Poor Entropy Collection: How to Read “Secret” Netscape Messages.

Handling Entropy.

Practical Sources of Randomness.

Tiny.

Random Numbers for Windows.

Random Numbers for Linux.

Random Numbers in Java.

Conclusion.



11. Applying Cryptography.

General Recommendations.

Developers Are Not Cryptographers.

Data Integrity.

Export Laws.

Common Cryptographic Libraries.

Cryptlib.

OpenSSL.

Crypto++.

BSAFE.

Cryptix.

Programming with Cryptography.

Encryption.

Hashing.

Public Key Encryption.

Threading.

Cookie Encryption.

More Uses for Cryptographic Hashes.

SSL and TLS (Transport Layer Security.

Stunnel.

One-Time Pads.

Conclusion.



12. Trust Management and Input Validation.

A Few Words on Trust.

Examples of Misplaced Trust.

Trust Is Transitive.

Protection from Hostile Callers.

Invoking Other Programs Safely.

Problems from the Web.

Client-side Security.

Perl Problems.

Format String Attacks.

Automatically Detecting Input Problems.

Conclusion.



13. Password Authentication.

Password Storage.

Adding Users to a Password Database.

Password Authentication.

Password Selection.

More Advice.

Throwing Dice.

Passphrases.

Application-Selected Passwords.

One-Time Passwords.

Conclusion.



14. Database Security.

The Basics.

Access Control.

Using Views for Access Control.

Field Protection.

Security against Statistical Attacks.

Conclusion.



15. Client-side Security.

Copy Protection Schemes.

License Files.

Thwarting the Casual Pirate.

Other License Features.

Other Copy Protection Schemes.

Authenticating Untrusted Clients.

Tamperproofing.

Antidebugger Measures.

Checksums.

Responding to Misuse.

Decoys.

Code Obfuscation.

Basic Obfuscation Techniques.

Encrypting Program Parts.

Conclusion.



16. Through the Firewall.

Basic Strategies.

Client Proxies.

Server Proxies.

SOCKS.

Peer to Peer.

Conclusions.



Appendix A. Cryptography Basics.

The Ultimate Goals of Cryptography.

Attacks on Cryptography.

Types of Cryptography.

Symmetric Cryptography.

Types of Symmetric Algorithms.

Security of Symmetric Algorithms.

Public Key Cryptography.

Cryptographic Hashing Algorithms.

Other Attacks on Cryptographic Hashes.

What's a Good Hash Algorithm to Use?

Digital Signatures.

Conclusions.



References.


Index.

John Viega is the CTO of Secure Software Solutions (www.securesw.com) and a noted expert in the area of software security. He is responsible for numerous tools in this area, including code scanners (ITS4 and RATS), random number suites (EGADS), automated repair tools, and secure programming libraries. He is also the original author of Mailman, the GNU mailing list manager.

Gary McGraw, Cigital's CTO, is a leading authority on software security. Dr. McGraw is coauthor of the groundbreaking books Building Secure Software and Exploiting Software (both from Addison-Wesley). While consulting for major software producers and consumers, he has published over ninety peer-reviewed technical publications, and functions as principal investigator on grants from DARPA, the National Science Foundation, and NIST's Advanced Technology Program. He serves on the advisory boards of Authentica, Counterpane, and Fortify Software. He is also an advisor to the computer science departments at University of California, Davis, and the University of Virginia, as well as the School of Informatics at Indiana University.



"This book is useful, practical, understandable, and comprehensive. The fact that you have this book in your hands is a step in the right direction. Read it, learn from it. And then put its lessons into practice."
--From the Foreword by Bruce Schneier, CTO, Counterpane, and author of Secrets and Lies
"A must-read for anyone writing software for the Internet."
--Jeremy Epstein, Director, Product Security and Performance, webMethods
"This book tackles complex application security problems like buffer overflows, race conditions, and applied cryptography in a manner that is straightforward and easy to understand. This is a must for any application developer or security professional."
--Paul Raines, Global Head of Information Risk Management, Barclays Capital

Most organizations have a firewall, antivirus software, and intrusion detection systems, all of which are intended to keep attackers out. So why is computer security a bigger problem today than ever before? The answer is simple--bad software lies at the heart of all computer security problems. Traditional solutions simply treat the symptoms, not the problem, and usually do so in a reactive way. This book teaches you how to take a proactive approach to computer security.

Building Secure Software cuts to the heart of computer security to help you get security right the first time. If you are serious about computer security, you need to read this book, which includes essential lessons for both security professionals who have come to realize that software is the problem, and software developers who intend to make their code behave. Written for anyone involved in software development and use--from managers to coders--this book is your first step toward building more secure software. Building Secure Software provides expert perspectives and techniques to help you ensure the security of essential software. If you consider threats and vulnerabilities early in the devel-opment cycle you can build security into your system. With this book you will learn how to determine an acceptable level of risk, develop security tests, and plug security holes before software is even shipped.

Inside you'll find the ten guiding principles for software security, as well as detailed coverage of:

  • Software risk management for security
  • Selecting technologies to make your code more secure
  • Security implications of open source and proprietary software
  • How to audit software
  • The dreaded buffer overflow
  • Access control and password authentication
  • Random number generation
  • Applying cryptography
  • Trust management and input
  • Client-side security
  • Dealing with firewalls

Only by building secure software can you defend yourself against security breaches and gain the confidence that comes with knowing you won't have to play the "penetrate and patch" game anymore. Get it right the first time. Let these expert authors show you how to properly design your system; save time, money, and credibility; and preserve your customers' trust.



020172152XB08202001

View a Sample Chapter PDF: /samplechapter/020172152X.pdf

Pearson Higher Education offers special pricing when you choose to package your text with other student resources. If you're interested in creating a cost-saving package for your students, contact your Pearson Higher Education representative for pricing and ordering information.

This title is a member of the Addison-Wesley Professional Computing Series, which also contains the titles below . You can also visit the Addison-Wesley Professional Computing Series page.

    This book provides designers and developers the tools required to understand CORBA technology at the architectural, design, and code levels.This book offers hands-on explanations for building efficient applications, as well as lucid examples that provide practical advice on avoiding costly mistakes. With this book as a guide, programmers will find the support they need to successfully undertake CORBA development projects. The content is systematically arranged and presented so the book may be used as both a tutorial and a reference. The rich example programs in this definitive text show CORBA developers how to write clearer code that is more maintainable, portable, and efficient. The authors' detailed coverage of the IDL-to-C++ mapping moves beyond the mechanics of the APIs to discuss topics such aspotential pitfalls and efficiency. An in-depth presentation of the new Portable Object Adapter (POA) explains how to take advantage of its numerous features to create scalable and high-performance servers. In addition, detailed discussion of advanced topics, such as garbage collection and multithreading, provides developers with the knowledge they need to write commercial applications.

  • 0201379279Advanced CORBA® Programming with C++
    Henning & Vinoski
    © 1999 | Addison-Wesley Professional | Paper; 1120 pages | Instock
    ISBN-10: 0201379279 | ISBN-13: 9780201379273
    Brief Description | Buy from myPearsonStore

  • 0321525949Advanced Programming in the UNIX Environment: Paperback Edition, 2/E
    Stevens & Rago
    © 2008 | Addison-Wesley Professional | Paper; 960 pages | Instock
    ISBN-10: 0321525949 | ISBN-13: 9780321525949
    Buy from myPearsonStore

    • Advanced Programming in the Unix Environment is a must-have volume

    describing and illustrating the programming interface to the Unix system.

    Author builds on the basic information presented in the first 15 chapters to

    provide chapter-length examples illustrating among other things how to

    develop a database library as well as a postscript print driver.

    The book progresses from basic topics such as file systems, directories, and

    signals to more advanced topics including interprocess communications,

    threads and multi-threaded programming. Extensive code examples in C

    combined with a clear writing style make the more difficult aspects of Unix

    programming easy to master. This invaluable tutorial and reference teaches

    even the more experienced programmer how to get the most of their Unix

    system whether its Linux, Solaris, Free BSD or Mac OS X.

  • 0201433079Advanced Programming in the UNIX® Environment, 2/E
    Stevens & Rago
    © 2005 | Addison-Wesley Professional | Cloth; 960 pages | Instock
    ISBN-10: 0201433079 | ISBN-13: 9780201433074
    Brief Description | Buy from myPearsonStore

    • The changes to UNIX programming that have taken place since 1985 are extensive to say the least. The first edition of Advanced UNIX Programming is still used and considered to be a must have book on any UNIX programmer's shelf.

    With this new edition UNIX programmers now have a one-volume, comprehensive, in-depth guide to the essential system-level services provided to them by the UNIX family of operating systems - now including Linux, FreeBSD, and the Mac OS X kernel (Darwin). All UNIX application programs, regardless of what language they are written in, run on top of these services, so mastering them is essential for successful UNIX programming. And, with a movement towards open-source systems, programmers will appreciate the book's emphasis on portability.

  • 0131411543Advanced UNIX Programming, 2/E
    Rochkind
    © 2004 | Addison-Wesley Professional | Paper; 736 pages | Instock
    ISBN-10: 0131411543 | ISBN-13: 9780131411548
    Brief Description | Buy from myPearsonStore

    • The Art of UNIX Programming poses the belief that understanding the unwritten UNIX engineering tradition and mastering its design patterns will help programmers of all stripes to become better programmers. This book attempts to capture the engineering wisdom and design philosophy of the UNIX, Linux, and Open Source software development community as it has evolved over the past three decades, and as it is applied today by the most experienced programmers.

    Eric Raymond offers the next generation of “hackers” the unique opportunity to learn the connection between UNIX philosophy and practice through careful case studies of the very best UNIX/Linux programs. In addition, commentary is provided by Brian Kernighan, UNIX pioneer and best-selling author; Doug McIlroy, the inventor of the UNIX pipg; David Korn, the inventor of the korn shell; Jim Gettys and Keith Packard, inventors of X windows; Henry Spencer, an original UNIX hacker; and Ken Arnold, an original BSD developer and JINI creator; Mike Lesk, author of the legendary uucp, lex, and tbl programs; and Sturat Feldman, author of UNIX's famous make utility.

    The book is divided into 4 parts. Part I explores the philosophy behind the development of UNIX. Part II explores design principles and patterns that are at the core of the UNIX tradition. Part III covers the rich UNIX tradition of reuse and the amazing variety of programming tools available to the UNIX developer. Part IV explores the UNIX open standards process, and the advantage in portability that UNIX enjoys.

  • 0131429019The Art of UNIX Programming
    Raymond
    © 2004 | Addison-Wesley Professional | Paper; 560 pages | Instock
    ISBN-10: 0131429019 | ISBN-13: 9780131429017
    Brief Description | Buy from myPearsonStore

    • Building Secure Software cuts to the heart of computer security to help students get security right the first time. Bugs in software are a serious problem and students must learn to take that into consideration early on in the software development lifecycle. Building Secure Software provides expert perspectives and techniques to help you ensure the security of essential software. If students learn to consider threats and vulnerabilities early in the development cycle they can build security into the system. With this book students will learn how to determine an acceptable level of risk, develop security tests, and plug security holes before software is even shipped.

  • 020172152XBuilding Secure Software: How to Avoid Security Problems the Right Way
    Viega & McGraw
    © 2002 | Addison-Wesley Professional | Cloth; 528 pages | Instock
    ISBN-10: 020172152X | ISBN-13: 9780201721522
    Brief Description | Buy from myPearsonStore

  • 0201498413C Interfaces and Implementations: Techniques for Creating Reusable Software
    Hanson
    © 1997 | Addison-Wesley Professional | Paper; 544 pages | Instock
    ISBN-10: 0201498413 | ISBN-13: 9780201498417
    Buy from myPearsonStore

    • Published in 1995, Design Patterns: Elements of Reusable Object-Oriented Software has elicited a great deal of praise from the press and readers. The 23 patterns contained in the book have become an essential resource for anyone developing reusable software designs. In response to a great number of requests from readers of the book and from the object-oriented community as a whole, these designs patterns, along with the entire text of the book, are being made available on CD. This electronic version will enable students to install the patterns directly onto a computer and create an architecture for using and building reusable components. Produced in HTML format, the CD is heavily cross-referenced with numerous links to the online text.

  • 0201634988Design Patterns CD: Elements of Reusable Object-Oriented Software
    Gamma, Helm, Johnson & Vlissides
    © 1998 | Addison-Wesley Professional | CD-ROM Only; 2 pages | Instock
    ISBN-10: 0201634988 | ISBN-13: 9780201634983
    Brief Description | Buy from myPearsonStore

    • Capturing a wealth of experience about the design of object-oriented software, four top-notch designers present a catalog of simple and succinct solutions to commonly occurring design problems. Previously undocumented, these 23 patterns allow designers to create more flexible, elegant, and ultimately reusable designs without having to rediscover the design solutions themselves.
    • The authors begin by describing what patterns are and how they can help you design object-oriented software. They then go on to systematically name, explain, evaluate, and catalog recurring designs in object-oriented systems. With Design Patterns as your guide, you will learn how these important patterns fit into the software development process, and how you can leverage them to solve your own design problems most efficiently.

  • 0201633612Design Patterns: Elements of Reusable Object-Oriented Software
    Gamma, Helm, Johnson & Vlissides
    © 1995 | Addison-Wesley Professional | Cloth; 416 pages | Instock
    ISBN-10: 0201633612 | ISBN-13: 9780201633610
    Brief Description | Buy from myPearsonStore

    • Effective C++ 3/e is a complete update of Effective C++ and Effective C++ 2/e .

    Like its predecessors, 3/e has 55 guidelines which contain better, more

    effective ways to write code, backed by specific examples. The second edition

    published in 1997, and was basically a face-lift of the first edition, keeping most

    of the same elements, and seven years later is still selling well.

    Now, Meyers has dramatically rejuvenated the material, including more than

    50% brand-new material. Meyers began this edition by asking himself, "What

    are the 55 most important pieces of advice for practicing C++ programmers in

    2005?" He also asked thousands of past users of his books this same question.

    This resulted in a completely new book. New material includes use of UML

    notation, thread safety, exception safety, design patterns, and templates. Any

    older material has been revitalized to reflect new ideas and strides in C++

    development.

  • 0321334876Effective C++: 55 Specific Ways to Improve Your Programs and Designs, 3/E
    Meyers
    © 2005 | Addison-Wesley Professional | Paper; 320 pages | Instock
    ISBN-10: 0321334876 | ISBN-13: 9780321334879
    Brief Description | Buy from myPearsonStore

    • C++'s Standard Template Library is revolutionary, but learning to use it well has always been a challenge for students. In Effective STL, best-selling author Scott Meyers (Effective C++, More Effective C++) reveals the critical rules of thumb employed by the experts -- the things they almost always do or almost always avoid doing -- to get the most out of the library. This book offers clear, concise, and concrete guidelines to C++ programmers. While other books describe what's in the STL, Effective STL shows the student how to use it. Each of the book's 50 guidelines is backed by Meyers' legendary analysis and incisive examples, so the student will learn not only what to do, but also when to do it - and why.

  • 0201749629Effective STL: 50 Specific Ways to Improve Your Use of the Standard Template Library
    Meyers
    © 2001 | Addison-Wesley Professional | Paper; 288 pages | Instock
    ISBN-10: 0201749629 | ISBN-13: 9780201749625
    Brief Description | Buy from myPearsonStore

    • The best-selling first edition of Firewalls and Internet Security became the bible of Internet security by showing readers how to think about threats and solutions. The completely updated and expanded second edition defines the security problems students face in today's Internet, identifies the weaknesses of the most popular security technologies, and illustrates the ins and outs of deploying an effective firewall. Students learn how to plan and execute a security strategy that allows easy access to Internet services while defeating even the wiliest of hackers. Written by well-known senior researchers at AT&T Bell Labs, Lumeta, and Johns Hopkins University the students will benefit from the actual, real-world experiences of the authors maintaining, improving, and redesigning AT&T's Internet gateway.

  • 020163466XFirewalls and Internet Security: Repelling the Wily Hacker, 2/E
    Cheswick, Bellovin & Rubin
    © 2003 | Addison-Wesley Professional | Paper; 464 pages | Instock
    ISBN-10: 020163466X | ISBN-13: 9780201634662
    Brief Description | Buy from myPearsonStore

    • Forensic computing is gathering and analyzing data in a manner as free from

    distortion as possible to reconstruct data or what has happened in the past on a

    system. Many of the tools presented in this book were developed and used first

    by the authors. This is the book by the people who wrote the original versions

    of forensic tools that are now widely used. The thrust of the book deals with

    the collection and use of computer evidence to apprehend the hacker and, once

    apprehended, to either prosecute or defend. The majority of examples are from

    Solaris, FreeBSD, and Linux systems, Microsoft's Windows shows up as well.

  • 020163497XForensic Discovery
    Farmer & Venema
    © 2005 | Addison-Wesley Professional | Cloth; 240 pages | Instock
    ISBN-10: 020163497X | ISBN-13: 9780201634976
    Brief Description | Buy from myPearsonStore

  • 0321618092Forensic Discovery
    Farmer & Venema
    © 2005 | Addison-Wesley Professional | On-line Supplement | Estimated Availability: 12/27/2004
    ISBN-10: 0321618092 | ISBN-13: 9780321618092
    URL: http://safari.informit.com


    • We are fast entering the age of gigabit networking, where information ispassed along wide area and local area networks at speeds surpassing onebillion bits per second. With improvements in fiber optic signalling and thedevelopment of inexpensive high-performance computers, both thecapability and the demand for gigabit networking are here.

    • As a networking professional who needs to prepare for the immediatefuture of computer networking, you will find Gigabit Networking afascinating and practical look at the advances that are making high-speednetworking a reality. Key technologies, important protocols, applications,and the practical issues involved in implementing gigabit networks are alladdressed. The book covers in detail such topics as:
    • - Fiber optics (written for non-engineers)
    • - Cell and non-cell networking, including Asynchronous Transfer Mode (ATM)
    • - Exciting applications that utilize gigabit networking
    • - Integrating gigabit networking into existing systems
    • - Adapting today's protocols for gigabit networking

    In addition to the current status of the technology, Gigabit Networking looks ahead to the ongoing research that will shape the future of gigabit networking.

    This important book will bring you up to date on the state of gigabitnetworking, and will give you the knowledge you need to launch yourselfinto the age of truly high-speed networking.

  • 0201563339Gigabit Networking
    Partridge
    © 1994 | Addison-Wesley Professional | Paper; 416 pages | Estimated Availability: 10/30/1993
    ISBN-10: 0201563339 | ISBN-13: 9780201563337
    Brief Description | Buy from myPearsonStore

  • 0201634481Interconnections: Bridges, Routers, Switches, and Internetworking Protocols, 2/E
    Perlman
    © 2000 | Addison-Wesley Professional | Cloth; 560 pages | Instock
    ISBN-10: 0201634481 | ISBN-13: 9780201634488
    Buy from myPearsonStore

  • 0201633620Large-Scale C++ Software Design
    Lakos
    © 1996 | Addison-Wesley Professional | Paper; 896 pages | Instock
    ISBN-10: 0201633620 | ISBN-13: 9780201633627
    Buy from myPearsonStore

  • 020163371XMore Effective C++: 35 New Ways to Improve Your Programs and Designs
    Meyers
    © 1996 | Addison-Wesley Professional | Paper; 336 pages | Instock
    ISBN-10: 020163371X | ISBN-13: 9780201633719
    Buy from myPearsonStore

    • With the same insight and authority that made their book The Unix Programming Environment a classic, Brian Kernighan and Rob Pike have written The Practice of Programming to help make individual programmers more effective and productive. This book is full of practical advice and real-world examples in C, C++, Java, and a variety of special-purpose languages. Kernighan and Pike have distilled years of experience writing programs, teaching, and working with other programmers to create this book. Anyone who writes software will profit from its principles and guidance.

  • 020161586XThe Practice of Programming
    Kernighan & Pike
    © 1999 | Addison-Wesley Professional | Paper; 288 pages | Instock
    ISBN-10: 020161586X | ISBN-13: 9780201615869
    Brief Description | Buy from myPearsonStore

    • The STL Tutorial and Reference Guide is highly acclaimed as the most accessible, comprehensive, and practical introduction to the Standard Template Library (STL). Encompassing a set of C++ generic data structures and algorithms, STL provides reusable, interchangeable components adaptable to many different uses without sacrificing efficiency. Written by authors who have been instrumental in the creation and practical application of STL, STL Tutorial and Reference Guide, Second Edition includes a tutorial, a thorough description of each element of the library, numerous sample applications, and a comprehensive reference. Many new code examples throughout the book illustrate individual concepts and techniques, while larger sample programs demonstrate the use of the STL in real-world C++ software development.

  • 0201379236STL Tutorial and Reference Guide: C++ Programming with the Standard Template Library, 2/E
    Musser, Derge & Saini
    © 2001 | Addison-Wesley Professional | Cloth; 560 pages | Instock
    ISBN-10: 0201379236 | ISBN-13: 9780201379235
    Brief Description | Buy from myPearsonStore

    • For students writing applications that run over TCP/IP, or for those responsible for managing and maintaining a TCP/IP internet, this book's innovative approach helps readers at all levels to truly understand how TCP/IP really works. Rather than just describing the protocols from an abstract, standards-related point of view-describing what the standards say the protocol suite should do-TCP/IP Illustrated, Volume 1 actually shows the protocols in action. Stevens also recognizes that readers deal with multiple TCP/IP implementations on heterogeneous platforms. Therefore, the examples in this book show how current, popular TCP/IP implementations operate-SunOS 4.1.3, Solaris 2.2, System V Release 4, BSD/386, AIX 3.2.2, and 4.4 BSD-and they relate these real-world implementations to the RFC standards.

  • 0201633469TCP/IP Illustrated, Volume 1: The Protocols
    Stevens
    © 1994 | Addison-Wesley Professional | Cloth; 600 pages | Instock
    ISBN-10: 0201633469 | ISBN-13: 9780201633467
    Brief Description | Buy from myPearsonStore

    • Bestselling author W. Richard Stevens teams up with long-time colleague and TCP/IP expert Gary Wright in TCP/IP Illustrated, Volume 2. Unlike other books on the subject, TCP/IP Illustrated, Volume 2 presents the de facto standard implementation of TCP/IP from the 4.4 BSD release. The authors use a teach-by-example approach that combines hundreds of pictures and descriptions of all data structures and algorithms with 15,000 lines of code to help readers master the TCP/IP protocol suite. The book's timely coverage includes the newest TCP/IP features: multicasting, TCP's window scale and timestamp options, and protection against wrapped sequence numbers.

  • 020163354XTCP/IP Illustrated, Volume 2: The Implementation
    Wright & Stevens
    © 1995 | Addison-Wesley Professional | Cloth; 1200 pages | Instock
    ISBN-10: 020163354X | ISBN-13: 9780201633542
    Brief Description | Buy from myPearsonStore

  • 0201634953TCP/IP Illustrated, Volume 3: TCP for Transactions, HTTP, NNTP, and the UNIX® Domain Protocols
    Stevens
    © 1996 | Addison-Wesley Professional | Cloth; 352 pages | Instock
    ISBN-10: 0201634953 | ISBN-13: 9780201634952
    Buy from myPearsonStore

    • Since Tcl and the Tk Toolkit is written by the creator of the Tcl scripting language and the Tk toolkit, this book is the single authoritative resource for anyone who wants to produce far more powerful X Window System applications in a fraction of the time that would otherwise be required. Tcl and the Tk Toolkit offers an introduction and overview of this impressive programming environment, including detailed instructions for script writing in Tcl and working with the Tk toolkit. The book also describes the C interfaces for Tcl and Tk for those readers who wish to extend their built-in features by writing new C commands.

  • 020163337XTcl and the Tk Toolkit
    Ousterhout
    © 1994 | Addison-Wesley Professional | Paper; 480 pages | Out of Stock
    ISBN-10: 020163337X | ISBN-13: 9780201633375
    Brief Description

  • 0201633388UNIX® Systems for Modern Architectures: Symmetric Multiprocessing and Caching for Kernel Programmers
    Schimmel
    © 1994 | Addison-Wesley Professional | Paper; 432 pages | Instock
    ISBN-10: 0201633388 | ISBN-13: 9780201633382
    Brief Description | Buy from myPearsonStore

    • In this book, the authors offer unprecedented, start-to-finish guidance on making the most of sockets, the de facto standard for UNIX network programming. The authors begin by introducing virtually every basic capability of TCP and UDP sockets, including socket functions and options, I/O multiplexing, and name and address conversions. They present detailed coverage of the Posix.1g standard for sockets and the Posix threads. They also introduce advanced techniques for: establishing IPv4/IPv6 interoperability, implementing non-blocking I/O, routing sockets, broadcasting and multicasting, IP options, multithreading, advanced name and address conversions, UNIX domain protocols, and raw sockets.

    Teaches students how to choose among today's leading client/server design approaches, including TCP iterative, concurrent, preforked and prethreaded servers.

    The Internet/intranet revolution has dramatically increased the demand for students graduating with a sophisticated understanding of network programming APIs, especially sockets. This book helps students achieve that goal.

  • 0131411551Unix Network Programming, Volume 1: The Sockets Networking API, 3/E
    Stevens, Fenner & Rudoff
    © 2004 | Addison-Wesley Professional | Cloth; 1024 pages | Instock
    ISBN-10: 0131411551 | ISBN-13: 9780131411555
    Brief Description | Buy from myPearsonStore

Pearson Higher Education offers special pricing when you choose to package your text with other student resources. If you're interested in creating a cost-saving package for your students, browse our available packages below, or contact your Pearson Higher Education representative to create your own package.



Copyright ©2008 Pearson Education. All rights reserved. Legal Notice | Privacy Policy | Permissions