Secure Coding Practices

These notes are about programming techniques that prevent errors in security software. Buffer overflow issues are addressed in a separate article.

1 Secure Coding Practices: All OS

In this article, we describe a few source code analysis tools, and the background needed to understand their use. A few TOC entries from the above linked notes are posted below.

4. Design and Coding Practices
4.1. Living with Bugs
4.3. Fail-Open or Fail-Closed?
4.4. Trusting Untrustworthy Channels
4.5. Proper defaults
5. Correct By Design and Mathematical Proof
6. Security compartments
7. Writing Safe setuid Programs
8. Source Code Analysis
8.1. Splint
8.2. Coverity
8.3. frama-c
8.4. Rough Auditing Tool (RAT) (for Security)
8.6. Valgrind
9.1. Lab Experiment-1
9.2. Lab Experiment-2

2 Secure Coding Practices: Android

  1. Secure Coding Practices for Java
  2. CERT Recommendations for Java and Android
  3. Android Secure Coding Practices

Copyright © 2016 www.wright.edu/~pmateti • 2019-04-16