开发者

Secure C++ coding practices

I am looking for a comprehensive record of secure coding practices in C++. Since i haven't found such a list existing here already we might as well make this into a community wiki, for further reference. I am looking for solutions to security issues like stack and heap based buffer overflows and underflows, integer overflows and underflows, format string attacks, null pointer dereferencing, heap/memory inspection attacks, etc..

NB: Besides coding practices, secure libraries that defend against these kind of attacks are worth mentioning too.

LE: As suggested by MSalters in comments this question has been split into two sep开发者_如何学编程arate questions one for C++ and one for C. Also see Secure C coding practices.


The book Writing Secure Code (only sample pages in this link) is very good at explaining security issues and how to avoid them. The book has been out for a while, but most of the topics covered are still relevant.


Herb Sutter "Exceptional C++" and "C++ Coding Standards". Invaluable.

Marshall Cline C++ faq. Will tell you everything about common pitfalls. Free online.


The Joint Strike Fighter Air Vehicle C++ Coding Standards is a good start, even though it does apply mostly to reliability rather than security.


The SEI CERT C++ Coding Standard is especially developed to cover all kind of security issues. CERT stands for Computer Emergency Response Team, which is an expert group that handles computer security incidents.


I found this book very useful Secure Programming Cookbook for C and C++: Recipes for Cryptography, Authentication, Input Validation & More

It has a lot of examples for both Linux (posix) and Windows unlike the previous mentioned Writing Secure Code, Second Edition.


Let me kick it off

  • Avoid dynamically allocated memory using malloc
  • (related) use fixed size array when ever possible, or infact in C++ avoid C style arrays when practical
  • avoid the use of (void *)
0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜