C++: what are the most common vulnerabilities and how to avoid them?

Question

As I code, I try to be security-conscious all the time. The problem is that I need to know what to look for and what to prevent.

Is there a list somewhere of the most common (C++) software vulnerabilities and how to avoid them?

What about C++ software for specific uses, e.g. a linux console software or a web application?

Answer 1

Many resources are available, some in question are:

• SEI CERT C++ Coding Standard
• SEI CERT C Coding Standard
• The more language-agnostic Writing Secure Code book from Microsoft Press (funny, I know)
• David Wheeler's Secure Programming in Linux/Unix

Answer 2

This site may have links to what you are looking for:

http://www.deitel.com/ResourceCenters/Programming/C/CSecurity/tabid/1549/Default.aspx

---

I guess I'll add that one of the most common problems in C and C++ is buffer overflow:

http://en.wikipedia.org/wiki/Buffer_overflow#Use_of_safe_libraries

For that, use only functions that check boundaries, like strncpy() instead of strcpy().