CERT-C

Summary

The SEI CERT C Coding Standard, 2016 Edition provides rules for secure coding in the C programming language. These rules and recommendations are used to develop safe, reliable, and secure systems, for example by eliminating undefined behaviors that can lead to undefined program behaviors and exploitable vulnerabilities.

Definitions

Definition	Requirements
EXP33-C. Do not read uninitialized memory	168. Initialize variables explicitly
INT32-C. Ensure that operations on signed integers do not result in overflow	345. Establish protections against overflows
STR30-C. Do not attempt to modify string literals	172. Encrypt connection strings
FIO30-C. Exclude user input from format strings	160. Encode system outputs 173. Discard unsafe inputs
FIO32-C. Do not perform operations on devices that are only appropriate for files	095. Define users with privileges 096. Set user's required privileges
CON38-C. Preserve thread safety and liveness when using condition variables	337. Make critical logic flows thread safe
MSC32-C. Properly seed pseudorandom number generators	223. Uniform distribution in random numbers

free trial

Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.