Menu
I am looking for a comprehensive record of secure coding practices in C. Since i haven't found such a list existing here already we might as well make this into a community wiki, for further reference. I am looking for solutions to security issues like stack and heap based buffer overflows and underflows, integer overflows and underflows, format string attacks, null pointer dereferencing, heap/memory inspection attacks, etc..
NB: Besides coding practices, secure libraries that defend against these kind of attacks are worth mentioning too.
LE: As seen in this question Secure C++ coding practices but for C only.
872
As per a popular open source security and license compliance management platform, WhiteSource , 50% of the total reported open source security vulnerabilities in the last ten years, C programming language had the highest security vulnerabilities.
The checklist for secure coding is below: Authentication with secured password. Session Management with complete user details. Access Control and manage with proper verification of user. File Uploading would be specific to the context of the page.
The CERT C "de facto" standard is fairly well-known and addresses these issues at some extent:
SEI CERT C Coding Standard
There should be several static analyzers on the market that supports CERT C.
172
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
