Coding Practices

This content area describes methods, techniques, processes, tools, and runtime libraries that can prevent or limit exploits against vulnerabilities. Each document describes the development and technology context in which the coding practice is applied, as well as the risk of not following the practice and the type of attacks that could result.

Title	Updated	Authors
Phkmalloc	2013-07-31	Robert C. Seacord
OpenBSD	2013-07-31	Daniel Plakosh
MITRE CWE and CERT Secure Coding Standards	2013-07-25	Robert C. Seacord, Robert Martin
Assume that Human Behavior Will Introduce Vulnerabilities into Your System	2013-06-26	William L. Fithen
Do Not Perform Arithmetic with Unvalidated Input	2013-06-26	William L. Fithen
Never Use Unvalidated Input as Part of a Directive to any Internal Component	2013-06-26	William L. Fithen
Treat the Entire Inherited Process Context as Unvalidated Input	2013-06-26	William L. Fithen
Do Not Use the "%n" Format String Specifier	2013-06-26	William L. Fithen
Be Suspicious about Trusting Unauthenticated External Representation of Internal Data Structures	2013-06-26	William L. Fithen
Handle All Errors Safely	2013-06-26	William L. Fithen
If Emulation of Another System Is Necessary, Ensure that It Is as Correct and Complete as Possible	2013-06-26	William L. Fithen
Carefully Study Other Systems Before Incorporating Them into Your System	2013-06-24	William L. Fithen
Clear Discarded Storage that Contained Secrets and Do Not Read Uninitialized Storage	2013-06-24	William L. Fithen
Use Well-Known Cryptography Appropriately and Correctly	2013-06-21	William L. Fithen
Design Configuration Subsystems Correctly and Distribute Safe Default Configurations	2013-06-20	William L. Fithen
Follow the Rules Regarding Concurrency Management	2013-06-20	William L. Fithen
Ensure that Input Is Properly Canonicalized	2013-06-20	William L. Fithen
Guidelines Overview	2013-06-20	William L. Fithen
Ensure that the Bounds of No Memory Region Are Violated	2013-06-20	William L. Fithen
Use Authorization Mechanisms Correctly	2013-06-20	William L. Fithen
Use Authentication Mechanisms, Where Appropriate, Correctly	2013-06-19	William L. Fithen
Vstr	2013-05-20	Daniel Plakosh
strncpy_s() and strncat_s()	2013-05-14	Daniel Plakosh
SEI: Coding Practices	2013-05-14	Daniel Plakosh, Robert C. Seacord
strlcpy() and strlcat()	2013-05-14	Daniel Plakosh
strncpy() and strncat()	2013-05-14	Daniel Plakosh
OpenBSD's strlcpy() and strlcat()	2013-05-14	Daniel Plakosh
strcpy_s() and strcat_s()	2013-05-14	Daniel Plakosh
strcpy() and strcat()	2013-05-14	Daniel Plakosh
fgets() and gets_s()	2013-05-14	Robert C. Seacord
C++ std::string	2013-05-14	Daniel Plakosh
Consistent Memory Management Conventions	2013-05-13	Daniel Plakosh
Strong Typing	2013-05-10	Robert C. Seacord
Safe Integer Operations	2013-05-10	Daniel Plakosh
Runtime Analysis Tools	2013-05-10	Daniel Plakosh
Detection and Recovery	2013-05-10	Daniel Plakosh
Range Checking	2013-05-10	Daniel Plakosh, Robert C. Seacord
Randomization	2013-05-10	Robert C. Seacord
Null Pointers	2013-05-10	Daniel Plakosh
Heap Integrity Detection	2013-05-10	Daniel Plakosh
Guard Pages	2013-05-10	Daniel Plakosh
Compiler Checks	2013-05-10	Robert C. Seacord
Arbitrary Precision Arithmetic	2013-05-10	Robert C. Seacord
Windows XP SP2	2013-05-10	Robert C. Seacord
Strsafe.h	2013-05-10	Daniel Plakosh
SafeStr	2013-05-10	Daniel Plakosh
memcpy_s() and memmove_s()	2008-10-06	Daniel Plakosh

Subscribe to Coding Practices