検索 - みる会図書館

全データから 214696件ヒットしました。

Software security. building security in


C あ 4 7 Defining 4 D な c ゆ 〃 〃 ビ There a 「 e two main flavors Of buffer overflows: those associated with stack- allocated buffers and those associated with heap-allocated buffers. Overflowing a stack- allocated buffer is the most common attack. This is known as "smashing the stack. " The ( Programming Language (the C "bible") shows C programmers how they should never get input (without saying "never") [Kernighan and Ritchie 1988 , p. 1 64 ]. Since we teach people tO program in C as an introduction tO programming, we should not be surprised at hOW common buffer overflow vulnerabilities are. Many, many C library functions and arithmetic issues can lead tO buffer overflows. Consider the snippet below. This is a dangerous piece 0f vulnerable code. N0t on ツ are we using gets ( ) tO get (unbounded) input, but we're using it tO load a localvariable on the stack. By providing just the right kind of input to this program,an attacker can Obtain complete ( ont 「 over program ( ont 「 0 け IOW. voi d mai n ( ) { char buf [ 1024 ] ; gets(buf); FO 「 more on buffer overflows, see Building ( リ 肥 50 Ⅳ 0 尾 (where you are taught in excruciating detail how buffer overflows work) and Exp10iting 50 斤 Ⅳ e (which desc 「 ibes trampolining and 0the 「 more advanced buffer overflow attacks, as well as plenty 0f 「 e 引 - world examples) [Viega and McGraw 2001 冫 Hoglund and McGraw 2004 ]. げ you are concerned about buffer overflow problems and 0ther basic software security bugs. don't use C. げ you must use C ′ use a source COde security scanner as described in Chapter 4. By the way, C + 十 is even worse than C from a security perspective. C + 十 is C with an object modelcrammed halfway down its throat. Flaw: A flaw is a problem at a deeper level. FIaws are often much more subtle than simply an off-by-one error in an array reference or use Of an mcorrect system call. A flaw is certainly instantiated in software COde, but it is alSO present ()r absent! ) at the design level. For example, a number Of classic flaws eXISt in error-handling and recovery systems that fail in an lnsecure or inefficient fashion. Another example can be found in the bOX, Microsoft Bob: A Design Flaw, that follows. Automated technologies to detect design-level flaws d0 not yet exist, though manual risk-analysis processes can identify flaws (see Chapter 5 ). TabIe 1 ー 2 provides some simple examples of bugs and flaws. ln practice, we find that software security problems are divided 50 / 50 between bugs

C言語による画像処理入門 Introduction to Image Processing using programming language C


280 年 11 月 20 日 281 年 2 月 20 日 281 年 9 月 30 日 2 開 2 年 4 月 30 日 282 年 12 月 10 日 283 年 9 月 10 日 284 年 6 月 1 日 285 年 4 月 10 日 286 年 4 月 5 日 287 年 3 月 20 日 2 開 8 年 5 月 20 日 ◎ 著 作 者 行 者 発 行 初 版 1 刷 発 行 初 版 2 刷 発 行 初 版 3 刷 発 行 初 版 4 刷 発 行 初 版 5 刷 発 行 初 版 6 刷 発 行 初 版 7 刷 発 行 初 版 8 刷 発 行 初 版 9 刷 発 行 初 版 10 刷 発 行 初 版 11 刷 発 行 安 あ 居 ぐ 1964 年 現 長 な が 在 尾 お 1984 年 現 在 者 紹 介 院 猛 工 学 博 士 東 京 工 業 大 学 博 士 課 程 修 了 た け し は る 究 院 教 授 横 浜 国 立 大 学 大 学 院 環 境 情 報 研 研 究 施 設 助 教 授 を へ て 東 京 工 業 大 学 工 学 部 像 情 報 工 学 東 京 工 業 大 学 博 士 課 程 修 了 智 晴 工 学 博 士 と も 東 京 工 業 大 学 名 誉 教 授 研 究 施 設 教 授 東 京 工 業 大 学 工 学 部 像 情 報 工 学 C 言 語 に よ る 画 像 処 理 入 門 lntroduction tO lmage Processing using programming language C 安 居 院 阿 井 國 猛 昭 検 印 省 略 著 者 承 認 定 価 は カ バ 発 印 刷 所 第 リ 〒 東 京 都 新 宿 区 矢 来 町 48 安 信 印 刷 工 業 株 式 会 社 東 京 都 中 央 区 月 島 2 ー 13 ー 5 樊 式 昭 晃 堂 ム 社 表 示 し て あ り ま す P r i n t e d i n J a p a n 社 日 本 書 籍 出 版 協 会 会 員 社 自 然 科 学 書 協 会 会 員 工 学 書 協 員 郵 便 番 号 162 ー 0805 東 京 都 新 宿 区 矢 来 町 48 振 替 口 座 00130 ー 0 ー 139320 電 話 ( 03 ) 3269 ー 3449 番 ( 代 表 ) F AX ( 03 ) 3269 ー 1611 番 製 本 広 瀬 製 本 所 ISBN 4 ー 7856-3124 ー 4 く 株 日 本 著 作 出 版 権 管 理 シ ス テ ム 委 託 出 版 物 〉 本 書 の 無 断 複 写 は , 著 作 権 法 上 で の 例 外 を 除 き 禁 し ら れ て い ま す . 複 写 さ れ る 場 合 は , そ の つ ど 事 前 に 株 日 本 著 作 出 版 権 管 理 シ ス テ ム ( 電 話 03 ー 3817 ー 5670 , FAX 03 ー 3815 ー 8199 ) の 許 諾 を 得 て く た さ い . http://www. shoko-do. co ・ jp/

The Best Software Writing I. Selected and Introduced by Joel Spolsky


PAUL FORD 81 Languages like those mentioned previously reward study because they represent the place where aesthetics touches computation—ln CSound, for instance, there is a score file and an orchestra file; the orchestra contarns a set Of instruments, WhiCh are made up Of OSCiIIa- tors, sound samples, and all manner Of Other time-bounded constructs: signals, lines, and waves. The score file iS a collection Of beats and vari- ables that are fed tO the instruments. There is a great deal to learn from such a language; it represents a very focused attempt tO identify a cre- atlve grammar that is constrained by three things: ( 1 ) the computer's power t0 effectively manipulate only certain kinds 0f data, ( 2 ) the lan- guage developers' biases and understanding 0f their chosen discipline, and ( 3 ) the willingness of regular programmers to work within the lim- its of ( 1 ) and ( 2 ). l'm not suggesting that everyone learn these languages, but if, like me, you're interested in understanding what computers can do with media, and the cultural factors that go into building t001S that create media on computers, you'll find that these languages are fascinat- ing objects t0 study. CSound was the first programming language I learned, in 1996 , using online documentation Of such spotty quality that I was sent tO the library to better understand oscillator theory and the differences between additive, subtractive, and granular syntheses, finally building a homegrown oscilloscope out Of an 01d TV in order tO see the patterns Of energy inherent in the sound, trying tO understand why a camel-backed S1ne wave sounded SO different from a sawtooth wave's Matterhorn. One CSound file I compiled took 20 hours to build, because there were tens Of thousands Of interactlng instruments, manipulating each Other, reverbrating all over the spectrum 0f audible sound. lt sounded dreadful; I am not a good muslcian. But it was fascinating tO 100k inside sound through that small language. When 1 100k at Processing, I see much that I learned from CSound translated tO the visual realm (Processing supports sound, but only minl- mally). The oscillator in CSound is like a "for" 100P in Processing; in the COde I posted yesterday, squares rotate around a fixed point, each frame moving the squares forward a few pixels. ln CSound I might define a series Of oscillators that modulated one another; one oscillator's changing values might add tremolo tO another oscillator's noisy chord. ln processing, looping values can be added tO one another (with some data inserted from the mouse or Other sources) that, instead Of adding some

Two Scoops of Django Best Practices for Django 1.8


73.3. ・ ん / ″ P ル 化 g 襯 ア / 雇 ぉ TIP: The Zen of Python At the command line, do the following: python —c import this' What you'll see is the Zen グ 2 ん 〃 , an eloquently-expressed set of guiding principles for the design of the Python programming language ・ 13.3 Limit Processing in TempIates lhe less processing you try to do in your templates, the better. lhis is particularly a problem when it comes tO queries and iteration performed in the template layer. \Mhenever you iterate over a queryset in a template, ask yourself the f()llowlng questions: ① How large is the queryset? Looping over gigantic querysets in your templates is almost always a bad idea. ② How large are the objects being retrieved? Are 砠 the fields needed in this template? 3 During each iteration ofthe loop, how much processing occurs? If any warning bells go 0 伍 in your head, then there's probably a better way to rewrite your WARNING: Why Not Just Cache? template code. 773 a 30-second commercial during the Super Bow1. "Free pints of ice cream for the first million Suspend your disbelief for a moment and pretend that the nutty duo behind Two Scoops ran Let's no 、 explore some examples oftemplate code that can be rewritten more effciently.. some quick run time analysi s, and refactoring. You can save yourselfa 10t ofworkby mentally tracing through your template code, doing you cache, you should first try to attack the root of the problem. Sometimes you can Just cache away your template inefflciencies. %at's fine, but before

Software security. building security in


332 Appendix ス な れ So 〃 尾 Co 施 A れ 4 s な Suite ル 4 / 2. How do you know whether or not the SCA Engine was able to find and read all of the required files? 5. ExpIoring the Basic SCA Engine Command Line Arguments ThiS exerclse contlnues the introduction 0f the Source C0de Analysis Engine. ln this exerclse, you will experiment with the basic command line arguments accepted by the SCA Engine. 1. Consider the command line syntax: ・ For C and C 十 十 source code, the syntax is: sourceanalyzer [options] compi7er [compiler-flags] 角 7e5 ・ For Java source code, the syntax is: sourceanalyzer -cp c7asspath [options] 角 7e5 ・ For a . NET executable, the syntax is: sourceanalyzer [options] -libdi rs d 「 5 executab7e 2. Experiment with the following basic command line arguments using the sample programs from the prevlous exerclse. ・ Compiler: For C and C 十 十 code, the sou rceanal yzer command is included in the compile line as a prefix to the actual build command, such as gcc or cl. For complex builds, the sou rceanal yzer command is also used tO intercept archiving commands, such as a r, and linking commands, such as 1 i nk and 1 d. The SCA Engine interprets the flags passed in tO the build command and adjusts its own operation accordingly, without affecting the actual build. For Java code, the compiler is implicitly j avac. ・ Output Format: -format format This option specifies the output format. The default format is text. To select the Fortify VuInerabiIity Description Language (FVDL) format, which is the Fortify Software XML-based vulnerability description language, specify —format fvdl. You can also specify fvdl -zi p, which produces a zipped FVDL e. FVDL is more ver- bose than text and is used by the Fortify Audit Workbench and Other tOOls. ・ Output Location: -f fi 7ename This option specifies a 61e location to which the output will be

The Best Software Writing I. Selected and Introduced by Joel Spolsky


ERIC JOHNSON 131 The C programming language fit very naturally int0 this small, tran- quil world. On most systems, C functions could call into FORTRAN and vice versa. ln any glven system, C could be the dominant, the sub- ordinate, or the equal with its peers in a development context. Why is this so important? Because for any new technology to take root, it must successfully leverage existing legacy intO which the con- tender wants tO take over,. That's just a fancy way Of saying that it can't require an orgamzatlon tO rewrlte everything from scratch. Leverage what's already there, and you're a helpful contributor. SO C comes as a helper.What makes C 十 十 SO fascinating is that it first emerges as a helper, but with enough encouragement, it's transformed intO the conqueror and eventually the new master tO which all must yield. The C + + language was purposefully designed to subsume as much of the existing C language as possible. Only the most observant C + + language lawyer can articulate the areas in which C compatibility was not kept. SO what does such 、 。 subsumption" get you ~ Existing C developers could be dropped, almost entirely unaware, intO a C 十 十 compiler. Yes, there were performance differences in those early days, and yes, C + + compilers have a cranky streak t0 them. Most C developers could be guilted into accepting such pedantic 、 varmngs. Those random warmngs about undeclared functions always gnawed away at their consclence late at night anyway. And if that didn't get them, the high-falutin' talk 0f the wondrous powers 0f object- oriented programming shamed them intO using the compiler. But in reality, all this meant was that existing C developers would contlnue tO write C and merely append a few more letters tO their com- piler invocations and their world wasn't different. NOt yet. But the trap was set. C 十 十 made the switching easler SInce it easily consumed all Of the functionality in an existing C domain. There was nothing tO rewrite. The only real code change t0 make was t0 declare those old-school functions with their "extern magIC and C 十 + could easily consume them. ln years before, interoperability between a C function and a FOR- TRAN function required a little bit of thought and some understanding of how the two worlds work. How would floating-point values be passed? ls it pass by value or pass by reference? HOW d0 B001ean return values map between the two? C + + worked differently. Heck, it just worked.

The Best Software Writing I. Selected and Introduced by Joel Spolsky


80 THE BEST SOFTWARE WRITING I bare-bones but clever IDE that allows you to click "play" to compile your applet. Processing s programming constructs are consistent and well thought out—essentially simplified Java, although "simplified" is the wrong word; it might be better tO say "elegantized, " because the authors Of Processing have identified a target audience—geeky artists—and have created something out Of Java's baroque envlronment that geeky artists can learn quickly and explore immediately; they've whittled down Java's carved-oak throne intO a SliCk, SWiSS sling-back chair on an aluminum frame. y am I discussing this here?l have a passlon, which I do not discuss in polite or easily bored company,5 for languages like processing— computer languages that compile not tO executable COde but tO aesthetic objects, whether pictures, songs, demos, or websites. Doma1n-specific languages like this include CSound, which compiles t0 sound files; POV-Ray, which compiles to 3D images; TeX, which compiles to typo- graphically consistent manuscripts; or SVG (Scalable Vector Graphics), an XML schema that creates vector graphics. There are more general-purpose languages that are focused on meet- ing the needs 0f a particular kind 0f programmer: ActionScript undergirds Macromedia's Flash, and is ubiquitous across the Web; Graham Nelson's lnform, with its large library of community-developed enhancements, compiles tO lnteractive text adventures. At the far end of the spectrum are totally generallanguages like C, Java, Perl, and Python, languages that are intended tO let you dO anything a computer can dO. Processing lives somewhere between the former and the latter kinds Of languages—lt is, in one way, a general-purpose programming lan- guage (particularly as it can call any Java function), but it is also constrained by a very small set Of primitlves—polnts, spheres, rectan- gles, etc. —and a straightforward model 0f 3D space, and it compiles to a very specific kind 0f object: an interactive graphical widget. processing is most like lnform ln its focus on a specific goal: lnform would not be useful if you wanted tO write a word processor, nor would Processing. But if you want tO create a text adventure, lnform is a solid choice, much better than raw C, and if you want to create a 200X200 clickable thingy, Processing is a pretty good bet. 5. Now you know how I see my audience.

The Best Software Writing I. Selected and Introduced by Joel Spolsky


300 INDEX performance measurement, 157 performance ranking team development, 158 Perl programming, 101 permalinks, 29 Peters, Chris, 174 Pfeffer, Jeffrey, 169 PHP, 27 Pilgrim, Mark, 114 Plato BBS system, 185 pomt-to-polnt t 、 vo-way 151 , commumcation, pre-lnternet, 185 political influences lll software success, 171 ー 72 PowerPoint, why it's bad, 262 , 264 Probst, Larry, 65 Processing programnung language, 79 ー 81 product development schedule overruns, 145 product/program managers, 144 professional VS. amateur programming, 135 programmers lnterestlng work as motivation for, 98 , 101 management of, 97 , 101 and money, 97 productivity of, 97 vs. real world in pictures, 17 values Of as basis for software, 40 programmmg precislon vs. flexibility, 27 programming language as medium Of expression, 99 programming language b00k trends, 267 programming style as required language syntax, 27 , 6 punctuation in, 269 ー 70 programs as aesthetic objects, 80 Python executable pseudocode, 73 and great programming, 95 , 98 syntax, 72 use Of whitespace, 1 quality costs, getting programming right, 137 Raikes, Jeff, 174 ranking, 0f employees, 159 RDF, 27 reading programming code aloud for understanding, 269 ー 70 Representational State Transfer (REST), 86 ー 87 reqmrement for verSIOn control and bug tracking tools, 143 responsive SOft 、 sales success factors, 234 customer commumty support, 242 customer product awareness, 235 demo availability, 240 making web buying easy, 243

Software security. building security in


Mo R な た A れ 4 5 な C lient Tier Web Tier 157 Client Computer 0 「 de 「 Processing Web lnterface Web Serve 「 CIient Computer 0 「 de 「 Processin Rich lnterface rde 「 Processing Application Ⅵ u Directory Application Server Application Server Remoting Service 「 d 部 Processing Application AppIication Tier Database Server Data Tier Order Database Figure 5 ー 3 A forest-level view 0f a standard-issue four-tier Web application. ・ The probability of such a risk being realized ・ The business lmpact of such technical risks, were they to be realized as the data flOW ・ The kinds of vulnerabilities that might exist in each component, as well ・ risks present ln each tier's envlronment ・ The threats who are likely to want to attack our system During the risk analysis process we should consider the following: the application. can immediately draw some useful conclusions about the security design 0f application. If we apply risk analysis principles to this level of design, we a simple four-tier deployment design pattern for a standard-issue ・ Web-based approaches can yield meaningful results. Consider Figure 5 ー 3 , which shows UMLsec, to attempt to model risks, even the most rudimentary analysis Although one could contemplate using modeling languages, such as possible. specified mathematical model) makes risk analysis at the architecturallevel

The Best Software Writing I. Selected and Introduced by Joel Spolsky


4 THE BEST SOFTWARE ・ WRITING I Think of it. AII the programming examples in one style. Web pages, Journals, papers, emails use one style. Reformatting issues gone. Arguments over whose style is better gone. Reformatters become a quaint historical artifact. And most of all: NO MO S り Ⅳ 4 ! Really! Think of all those cycles that we could then plOW intO something more productive, like vi/emacs wars! Or world peace! Or a 4 〃 ア good chocolate cookie recipe! You choose! Of course, you will never enforce any style globally unless people have literally no chOice. HOW many C programmers use "during" as a stylistic preference tO the keyword ? (Preprocessor abusers need not apply. On second thought, please do: We need t0 identify you for our eugemcs program. ) Or skip the parentheses around an if clause? They don't because they が た You know some would if they cou 旧 . The thing that stops these "personal styles" is that the C compiler will not accept them. If you can't compile your code you fix it. lt's so simple it's stupid. And therefore it works. SO I want the owners of language standards tO take this up. I want the next verSIOn Of these languages tO require any COde that uses new features tO conform tO some style. Let the standards committees gnash and snarl and wring their hands over which Of the common styles iS the W1nner. Sell tickets. 嶬 み e all get t0 comment and the language standards geeks decide. We know where they'll go—C will go t0 K&R; C + + will go with Bjarne's style (excuse me while I cringe); Java will go with the Sun style as shown in the language spec and most 0f the Java b00ks from Sun (including mine); Lisp style is almost already set mostly in stone. perl is a vast swamp of lexical and syntactic swill and nobody knows hOW tO format even their own COde well, but it's the only major language I can think 0f (with the possible exception 0f the recent, yet very Java- like (#) that doesn't have at least one style that's good enough. Some things are either uncheckable (Hungarian notation, using get" and "set" method prefixes) or not widely agreed upon (such as import/#include ordering). These can be left for future standards. Or not. The owners of the standard decide. But whatever they d0, they should set the style and build it into the actual freakin' grammar ・ ThiS heresy encompasses one major sub-heresy: That whitespace should matter. MOSt style rules have tO dO with the placement Of whitespace: new- lines before or after curly braces, whitespace around operators or not,