{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 女痞 的问题《Secure C++ coding practices》','https://www.manongdao.com/q-489214.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I am looking for a comprehensive record of secure coding practices in C++. Since i haven't found such a list existing here already we might as well make this into a community wiki, for further reference. I am looking for solutions to security issues like stack and heap based buffer overflows and underflows, integer overflows and underflows, format string attacks, null pointer dereferencing, heap/memory inspection attacks, etc..
NB: Besides coding practices, secure libraries that defend against these kind of attacks are worth mentioning too.
LE: As suggested by MSalters in comments this question has been split into two separate questions one for C++ and one for C. Also see Secure C coding practices.
The SEI CERT C++ Coding Standard is especially developed to cover all kind of security issues. CERT stands for Computer Emergency Response Team, which is an expert group that handles computer security incidents.
The Joint Strike Fighter Air Vehicle C++ Coding Standards is a good start, even though it does apply mostly to reliability rather than security.
Let me kick it off
(void *)Herb Sutter "Exceptional C++" and "C++ Coding Standards". Invaluable.
Marshall Cline C++ faq. Will tell you everything about common pitfalls. Free online.
I found this book very useful Secure Programming Cookbook for C and C++: Recipes for Cryptography, Authentication, Input Validation & More
It has a lot of examples for both Linux (posix) and Windows unlike the previous mentioned Writing Secure Code, Second Edition.
The book Writing Secure Code is very good at explaining security issues and how to avoid them. The book has been out for a while, but most of the topics covered are still relevant.