One thing I enjoy about long flights (like mine to San Francisco and back this week) is catching up on some reading. One book I was eager to dig into for awhile is Robert C. Seacord's Secure Coding in C and C++. I have been programming mostly in C++, Java, and .NET 2.0 for the last 6-8 months, and with my security work, I wanted a detailed review of the coding practices to watch out for in daily coding. This book fits the requirement and then some.
Robert Seacord is a Senior Vulnerability Analyst with the CERT/Coordination Center at the Software Engineering Institute (SEI) (see http://www.cert.org/). His expertise (and various co-authors of each particular chapter) is displayed brilliantly through showing you the problems with writing C++ (some subtle and some not so subtle), as well as recommended mitigation solutions and correct methods to deal with the problems. From the back of the book, here is what he covers:
In the Strings chapter (incorrect string handling is the number one opportunity for buffer overflows), for example, he strongly suggests removing all instances of gets() and replacing with either fgets() or gets_s(). I particularly liked that he recommended using the STL std::string variety of functions, my favorites for C++ development. You can read an article on string management by Seacord here as well.
Seacord provides coverage of C++ usage in Windows and Linux. The table of contents, plus other information, can be found here. A sample chapter on Integer Security can be found here. Also, if you happen to be going to the Software Security Summit 2006 (Feb. 6-8, 2006) this week in San Diego, CA, don't miss Seacord's Safer Strings in C: Using the Managed String Library class.
I highly recommend this for all C/C++ developers, as well as .NET and Java developers, to understand correct secure code constructs and what to watch for in reviewing your own code.
