Robert Hurlbut Blog

Thoughts on Software Security, Software Architecture, Software Development, and Agility

Secure Coding in C and C++ book

Saturday, February 4, 2006 Comments

 .NET  Books  Personal  Security 
Share:   Share on LinkedIn    Share on Twitter    Share on Facebook   

One thing I enjoy about long flights (like mine to San Francisco and back this week) is catching up on some reading. One book I was eager to dig into for awhile is Robert C. Seacord's Secure Coding in C and C++. I have been programming mostly in C++, Java, and .NET 2.0 for the last 6-8 months, and with my security work, I wanted a detailed review of the coding practices to watch out for in daily coding. This book fits the requirement and then some.

Robert Seacord is a Senior Vulnerability Analyst with the CERT/Coordination Center at the Software Engineering Institute (SEI) (see His expertise (and various co-authors of each particular chapter) is displayed brilliantly through showing you the problems with writing C++ (some subtle and some not so subtle), as well as recommended mitigation solutions and correct methods to deal with the problems. From the back of the book, here is what he covers:

  • Improve the overall security of any C/C++ application
  • Thwart buffer overflows and stack-smashing attacks that exploit insecure string manipulation logic
  • Avoid vulnerabilities and security flaws resulting from the incorrect use of dynamic memory management functions
  • Eliminate integer-related problems: integer overflows, sign errors, and truncation errors
  • Correctly use formatted output functions without introducing format-string vulnerabilities
  • Avoid I/O vulnerabilities, including race conditions

In the Strings chapter (incorrect string handling is the number one opportunity for buffer overflows), for example, he strongly suggests removing all instances of gets() and replacing with either fgets() or gets_s(). I particularly liked that he recommended using the STL std::string variety of functions, my favorites for C++ development. You can read an article on string management by Seacord here as well.

Seacord provides coverage of C++ usage in Windows and Linux. The table of contents, plus other information, can be found here. A sample chapter on Integer Security can be found here. Also, if you happen to be going to the Software Security Summit 2006 (Feb. 6-8, 2006) this week in San Diego, CA, don't miss Seacord's Safer Strings in C: Using the Managed String Library class.

I highly recommend this for all C/C++ developers, as well as .NET and Java developers, to understand correct secure code constructs and what to watch for in reviewing your own code.

Share:   Share on LinkedIn    Share on Twitter    Share on Facebook