Secure C++ coding practices

Question

I am looking for a comprehensive record of secure coding practices in C++. Since i haven\'t found such a list existing here already we might as well make this into a community w

Answer 1

The SEI CERT C++ Coding Standard is especially developed to cover all kind of security issues. CERT stands for Computer Emergency Response Team, which is an expert group that handles computer security incidents.

Answer 2

The Joint Strike Fighter Air Vehicle C++ Coding Standards is a good start, even though it does apply mostly to reliability rather than security.

Answer 3

Herb Sutter "Exceptional C++" and "C++ Coding Standards". Invaluable.

Marshall Cline C++ faq. Will tell you everything about common pitfalls. Free online.

Answer 4

The book Writing Secure Code is very good at explaining security issues and how to avoid them. The book has been out for a while, but most of the topics covered are still relevant.

Answer 5

I found this book very useful Secure Programming Cookbook for C and C++: Recipes for Cryptography, Authentication, Input Validation & More

It has a lot of examples for both Linux (posix) and Windows unlike the previous mentioned Writing Secure Code, Second Edition.

Answer 6

Let me kick it off

• Avoid dynamically allocated memory using malloc
• (related) use fixed size array when ever possible, or infact in C++ avoid C style arrays when practical
• avoid the use of (void *)