Secure Programming in C/ C++
1 Buffer Overflow + Smashing The Stack
- Prabhaker Mateti, "Buffer Overflow", http://www.cs.wright.edu/~pmateti/ InternetSecurity/ Lectures/ BufferOverflow/, 2012. (This article not the embedded Aleph One article) Required Reading.
- Secure Programming for Linux and Unix HOWTO – Creating Secure Software http://www.dwheeler.com/secure-programs/ 2003. Reference
- Ulfar Erlingsson, Yves Younan, and Frank Piessens "Low-Level Software Security by Example" 2008 Chapter 30 Low-Level Sofware Security by Example.pdf URL TBD Recommended Reading
2 Code Analysis Tools and Run-time Protection
- [Web search for URLs]
- Splint for C
- RatScan 6 (a graphical front end to RATS)
- Coverity.com
- CodeSonar 7 from Grammatech
- en.wikipedia.org List-of-tools-for-static-code-analysis
- Common Weakness Scoring System Recommended Reading.
3 References
- [Book] Introduction to Computer Security, Michael Goodrich, University of California, Irvine Roberto Tamassia, Brown University, Addison Wesley, 2011. Reference
- Robert C. Seacord, Secure Coding in C and C++, 600 pages, Addison-Wesley Professional; 2 edition, 2013 Recommended Reading.