I am looking for a comprehensive record of secure coding practices in C++. Since i haven't found such a list existing here already we might as well make this into a community wiki, for further reference. I am looking for solutions to security issues like stack and heap based buffer overflows and underflows, integer overflows and underflows, format string attacks, null pointer dereferencing, heap/memory inspection attacks, etc..

NB: Besides coding practices, secure libraries that defend against these kind of attacks are worth mentioning too.

LE: As suggested by MSalters in comments this question has been split into two separate questions one for C++ and one for C. Also see Secure C coding practices.

The book Writing Secure Code is very good at explaining security issues and how to avoid them. The book has been out for a while, but most of the topics covered are still relevant.

Herb Sutter "Exceptional C++" and "C++ Coding Standards". Invaluable.

Marshall Cline C++ faq. Will tell you everything about common pitfalls. Free online.

I found this book very useful Secure Programming Cookbook for C and C++: Recipes for Cryptography, Authentication, Input Validation & More

It has a lot of examples for both Linux (posix) and Windows unlike the previous mentioned Writing Secure Code, Second Edition.

The Joint Strike Fighter Air Vehicle C++ Coding Standards is a good start, even though it does apply mostly to reliability rather than security.

The SEI CERT C++ Coding Standard is especially developed to cover all kind of security issues. CERT stands for Computer Emergency Response Team, which is an expert group that handles computer security incidents.

Let me kick it off

• Avoid dynamically allocated memory using malloc
• (related) use fixed size array when ever possible, or infact in C++ avoid C style arrays when practical
• avoid the use of (void *)