This is the Safari online edition of the printed book.

“I’m an enthusiastic supporter of the CERT Secure Coding Initiative. Programmers have lots of sources of advice on correctness, clarity, maintainability, performance, and even safety. Advice on how specific language features affect security has been missing. The CERT^® C Secure
Coding Standard fills this need.”
—Randy Meyers, Chairman of ANSI C


“For years we have relied upon the CERT/CC to publish advisories documenting an endless stream of security problems. Now CERT has embodied the advice of leading technical experts to give programmers and managers the practical guidance needed to avoid those problems in new  applications and to help secure legacy systems. Well done!”
—Dr. Thomas Plum, founder of Plum Hall, Inc.

“Connectivity has sharply increased the need for secure, hacker-safe applications. By combining this CERT standard with other safety guidelines, customers gain all-round protection and approach the goal of zero-defect software.”
—Chris Tapp, Field Applications Engineer, LDRA Ltd.

“I’ve found this standard to be an indispensable collection of expert information on exactly how modern software systems fail in practice. It is the perfect place to start for establishing internal secure coding guidelines. You won’t find this information elsewhere, and, when it comes to software security, what you don’t know is often exactly what hurts you.”
—John McDonald, coauthor of The Art of Software Security Assessment


Software security has major implications for the operations and assets of organizations, as well as for the welfare of individuals. To create secure software, developers must know where the dangers lie. Secure programming in C can be more difficult than even many experienced  programmers believe.

This book is an essential desktop reference documenting the first official release of  The CERT^® C Secure Coding Standard. The standard itemizes those coding errors that are the root causes of software vulnerabilities in C and prioritizes them by severity, likelihood of exploitation, and remediation costs. Each guideline provides examples of insecure code as well as secure, alternative implementations. If uniformly applied, these guidelines will eliminate the critical coding errors that lead to buffer overflows, format string vulnerabilities, integer  overflow, and other common software vulnerabilities.

Amazon.com® Reader Reviews (Ranked by Helpfulness)

Average Amazon.com® Rating:  Based on 2 Ratings

A great resource - 2009-07-13
Reviewer Rating:
This book does a great job in taking on the herculean task of trying to produce proscriptive rules for secure C development. It's very thorough, covering the core language and usage of standard libraries, clearly showing what can go wrong.

Development teams can easily use this book to set secure programming guidelines. The book makes it easy for organizations to prioritize rules for their environment. I think development organizations should go to security analysis vendors and say, "Here are the rules we want, show me which ones you can enforce."

Because this book is a about the C language and standard library, it does not cover the use of other library APIs, such as those dealing with cryptography or the OpenSSL library. In these and other cases, this coding standard must be supplemented with API specific guidance.

The CERT C Secure Coding Standard: A Review - 2008-12-12
Reviewer Rating:
The CERT C Secure Coding Standard is a must have for developers. It is aimed at helping programmers follow secure coding practices to eliminate undefined behaviors.

Writing secure code is a difficult task even for experienced programmers. This book enumerates programming errors that can result in software vulnerabilities along with their severity levels, remediation costs and probability of occurrence. The book provides rules and recommendations on C language topics such as using the preprocessor, file I / O, memory management and error handling. Although this book is lacking in design level advice, if followed consistently, the guidelines in this book would go a long way towards producing secure software systems. What I really like about this book is its simple structure with comprehensive coverage on the dangers of certain coding styles as well as the secure alternative solutions.

Everyone remembers the Blaster worm that caused at least $525 million in damage! It could have been avoided by bounding the while loop in the GetMachineName() in the Windows Distributed Component Object Model (DCOM) Remote Procedure Call (RPC) interface in compliance with the CERT rule ARR35-C. Do not allow loops to iterate beyond the end of an array of the book. Examples such as these provide a compelling reason for investing time, money and energy into ensuring that C (and to a lesser extent C++) programs comply with these guidelines.

For example, "ENV03-C. Sanitize the environment when invoking external programs" states:

"Many programs and libraries, including the shared library loader on both UNIX and Windows systems, depend on environment variable settings. Because environment variables are inherited from the parent process when a program is executed, an attacker can easily sabotage variables, causing a program to behave in an unexpected and insecure.
All programs, particularly those running with higher privileges than the caller (such as those with setuid/setgid flags), should treat their environment as untrusted user input. Because the environment is inherited by processes spawned by calls to the fork(), system(), or exec() functions, it is important to verify that the environment does not contain any values that can lead to unexpected behavior.

The best practice for such programs is to:
* drop privileges once they are no longer necessary (see POS02-C. Follow the principle of least privilege)
* avoid calling system() (see ENV04-C. Do not call system() if you do not need a command processor)
* clear the environment and fill it with trusted or default values..."

The rules provide examples of non compliant code and how they can result in undefined behavior and vulnerabilities and then suggest alternative solutions to eliminate the problems. For example, the recommendation shows that when a system call is made to execute the /bin/ls program, the C99 system function passes a string to the command processor in the host environment to be executed. The attacker can set the IFS value to `.' to ensure that the intended directory is not found. To handle this, the recommendation suggests two ways: to call clearenv() (in case of POSIX) or to obtain environment variable names from environ and removing each one using unsetenv(). I found sanitizing the environment to be helpful advice.

One thing that I would to see more of in this book are more real world vulnerabilities that have already occurred to support the need for following the given rules and recommendations. Giving developers an incentive to follow the guidelines would lead to more compliant code than just stating the rules.

CERT's website has a wiki, [...] which gives details on the rules and recommendations for the C language along with Java and C++. However, searches for vulnerabilities resulting from the violation of specific guidelines do not yield many results.

All said and done, this is a good place to start coding securely and averting probable vulnerabilities.

Browse Similar Topics

Top Level Categories:
Security
Software Engineering

Sub-Categories:
Security > Software Engineering
Software Engineering > Security and Cryptography
Software Engineering > Security and Cryptography