•  23-10-2019
  •  | 
  •  

Question

I am looking for a comprehensive record of secure coding practices in C. Since i haven't found such a list existing here already we might as well make this into a community wiki, for further reference. I am looking for solutions to security issues like stack and heap based buffer overflows and underflows, integer overflows and underflows, format string attacks, null pointer dereferencing, heap/memory inspection attacks, etc..

NB: Besides coding practices, secure libraries that defend against these kind of attacks are worth mentioning too.

LE: As seen in this question Secure C++ coding practices but for C only.

Was it helpful?

Solution

The CERT C "de facto" standard is fairly well-known and addresses these issues at some extent:

SEI CERT C Coding Standard

There should be several static analyzers on the market that supports CERT C.

OTHER TIPS

Same answer Secure Programming Cookbook for C and C++: Recipes for Cryptography, Authentication, Input Validation & More

From the description:

Readers will learn:

  • How to avoid common programming errors, such as buffer overflows, race conditions, and format string problems

  • How to properly SSL-enable applications

  • How to create secure channels for client-server communication without SSL

  • How to integrate Public Key Infrastructure (PKI) into applications Best practices for using cryptography properly Techniques and strategies for properly validating input to programs

  • How to launch programs securely

  • How to use file access mechanisms properly

  • Techniques for protecting applications from reverse engineering
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top