安全C ++编码实践 [英] Secure C++ coding practices

问题描述

我在寻找C ++中安全编码实践的全面记录。
因为我没有找到这样的列表存在于这里已经我们可以将它变成一个社区wiki，供进一步参考。
我正在寻找解决安全问题的解决方案，如基于堆栈和堆的缓冲区溢出和下溢，整数溢出和下溢，格式字符串攻击，空指针解引用，堆/内存检查攻击等。

I am looking for a comprehensive record of secure coding practices in C++. Since i haven't found such a list existing here already we might as well make this into a community wiki, for further reference. I am looking for solutions to security issues like stack and heap based buffer overflows and underflows, integer overflows and underflows, format string attacks, null pointer dereferencing, heap/memory inspection attacks, etc..

注意：除了编码实践，安全的图书馆防御这类攻击也值得一提。

NB: Besides coding practices, secure libraries that defend against these kind of attacks are worth mentioning too.

LE：在评论中，这个问题已分为两个单独的问题，一个用于C ++和一个用于C.
另请参阅安全C编码实践。

LE: As suggested by MSalters in comments this question has been split into two separate questions one for C++ and one for C. Also see Secure C coding practices.

推荐答案

本书编写安全代码非常善于解释安全问题以及如何避免这些问题。这本书已经出版了一段时间，但大部分涵盖的主题仍然是相关的。

The book Writing Secure Code is very good at explaining security issues and how to avoid them. The book has been out for a while, but most of the topics covered are still relevant.

这篇关于安全C ++编码实践的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！