Ç安全编码实践 [英] Secure C coding practices
问题描述
我要寻找的C.安全编码实践的一个COM prehensive纪录,因为我还没有发现这样一个现有的已经在这里,我们还不如让这成为一个社区维基,以备将来参考名单。我正在寻找像堆和栈基于缓冲区溢出和下溢,整数溢出和下溢,格式化字符串攻击,空指针解引用,堆/内存检测攻击等安全问题的解决方案。
I am looking for a comprehensive record of secure coding practices in C. Since i haven't found such a list existing here already we might as well make this into a community wiki, for further reference. I am looking for solutions to security issues like stack and heap based buffer overflows and underflows, integer overflows and underflows, format string attacks, null pointer dereferencing, heap/memory inspection attacks, etc..
NB:除了编码做法,即抵御这类攻击的安全库是值得一提的太
NB: Besides coding practices, secure libraries that defend against these kind of attacks are worth mentioning too.
LE:由于在这个问题
LE: As seen in this question Secure C++ coding practices but for C only.
推荐答案
的CERT C事实上的标准是相当知名的,并在一定程度上解决了这些问题:
The CERT C "de facto" standard is fairly well-known and addresses these issues at some extent:
<一个href=\"https://www.securecoding.cert.org/confluence/display/sec$c$c/CERT+C+Secure+Coding+Standard\">https://www.securecoding.cert.org/confluence/display/sec$c$c/CERT+C+Secure+Coding+Standard
应该有一个支持CERT C市场上的一些静态分析仪。
There should be several static analyzers on the market that supports CERT C.
这篇关于Ç安全编码实践的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
