I am looking for a comprehensive record of secure coding practices in C. Since i haven't found such a list existing here already we might as well make this into a community wiki, for further reference. I am looking for solutions to security issues like stack and heap based buffer overflows and underflows, integer overflows and underflows, format string attacks, null pointer dereferencing, heap/memory inspection attacks, etc..
NB: Besides coding practices, secure libraries that defend against these kind of attacks are worth mentioning too.
LE: As seen in this question Secure C++ coding practices but for C only.
The CERT C "de facto" standard is fairly well-known and addresses these issues at some extent:
SEI CERT C Coding Standard
There should be several static analyzers on the market that supports CERT C.
Same answer Secure Programming Cookbook for C and C++: Recipes for Cryptography, Authentication, Input Validation & More
From the description:
Readers will learn:
How to avoid common programming
errors, such as buffer overflows,
race conditions, and format string
problems
How to properly SSL-enable
applications
How to create secure channels for
client-server communication without
SSL
How to integrate Public Key
Infrastructure (PKI) into
applications Best practices for using
cryptography properly Techniques and
strategies for properly validating
input to programs
How to launch
programs securely
How to use file
access mechanisms properly
- Techniques
for protecting applications from
reverse engineering
