Secure C++ coding practices

c++ security secure-coding
Shinnok picture Shinnok · Jan 24, 2011 · Viewed 7.9k times · Source

I am looking for a comprehensive record of secure coding practices in C++. Since i haven't found such a list existing here already we might as well make this into a community wiki, for further reference. I am looking for solutions to security issues like stack and heap based buffer overflows and underflows, integer overflows and underflows, format string attacks, null pointer dereferencing, heap/memory inspection attacks, etc..

NB: Besides coding practices, secure libraries that defend against these kind of attacks are worth mentioning too.

LE: As suggested by MSalters in comments this question has been split into two separate questions one for C++ and one for C. Also see Secure C coding practices.

Answer

klynch picture klynch · Jan 24, 2011

The book Writing Secure Code (only sample pages in this link) is very good at explaining security issues and how to avoid them. The book has been out for a while, but most of the topics covered are still relevant.

Related questions

Techniques for obscuring sensitive strings in C++

I need to store sensitive information (a symmetric encryption key that I want to keep private) in my C++ application. The simple approach is to do this: std::string myKey = "mysupersupersecretpasswordthatyouwillneverguess"; However, running the application through the strings process (or …

Read More
How to hide strings in a exe or a dll?

I discovered that it is possible to extract the hard-coded strings from a binary. For example the properties view of Process Explorer displays all the string with more than 3 characters. Here is the code of a simple executable that I …

Read More
Uniquely identify PC based on software/hardware

For a requirement to generate per-PC license keys, I need some code which will return a stable and (near) unique key on any PC. It doesn't have to be guaranteed unique, but close. It does need to be reasonably stable …

Read More