Secure C++ coding practices

Question

I am looking for a comprehensive record of secure coding practices in C++. Since i haven't found such a list existing here already we might as well make this into a community wiki, for further reference. I am looking for solutions to security issues like stack and heap based buffer overflows and underflows, integer overflows and underflows, format string attacks, null pointer dereferencing, heap/memory inspection attacks, etc..

NB: Besides coding practices, secure libraries that defend against these kind of attacks are worth mentioning too.

LE: As suggested by MSalters in comments this question has been split into two separate questions one for C++ and one for C. Also see Secure C coding practices.

Answer 1

The book Writing Secure Code is very good at explaining security issues and how to avoid them. The book has been out for a while, but most of the topics covered are still relevant.

Answer 2

Herb Sutter "Exceptional C++" and "C++ Coding Standards". Invaluable.

Marshall Cline C++ faq. Will tell you everything about common pitfalls. Free online.

Answer 3

I found this book very useful Secure Programming Cookbook for C and C++: Recipes for Cryptography, Authentication, Input Validation & More

It has a lot of examples for both Linux (posix) and Windows unlike the previous mentioned Writing Secure Code, Second Edition.

Answer 4

The Joint Strike Fighter Air Vehicle C++ Coding Standards is a good start, even though it does apply mostly to reliability rather than security.

Answer 5

The SEI CERT C++ Coding Standard is especially developed to cover all kind of security issues. CERT stands for Computer Emergency Response Team, which is an expert group that handles computer security incidents.

Answer 6

Let me kick it off

• Avoid dynamically allocated memory using malloc
• (related) use fixed size array when ever possible, or infact in C++ avoid C style arrays when practical
• avoid the use of (void *)