U.S. Flag Official website of the Department of Homeland Security

Note: This page is part of the us-cert.gov archive.This document is part of the US-CERT website archive. These documents are no longer updated and may contain outdated information. Links may also no longer function. Please contact info@us-cert.gov if you have any questions about the US-CERT website archive.


Coding Practices

This content area describes methods, techniques, processes, tools, and runtime libraries that can prevent or limit exploits against vulnerabilities. Each document describes the development and technology context in which the coding practice is applied, as well as the risk of not following the practice and the type of attacks that could result.

Title Updated datesort ascending
Phkmalloc 2013-07-31
OpenBSD 2013-07-31
MITRE CWE and CERT Secure Coding Standards 2013-07-25
Assume that Human Behavior Will Introduce Vulnerabilities into Your System 2013-06-26
Do Not Perform Arithmetic with Unvalidated Input 2013-06-26
Never Use Unvalidated Input as Part of a Directive to any Internal Component 2013-06-26
Treat the Entire Inherited Process Context as Unvalidated Input 2013-06-26
Do Not Use the "%n" Format String Specifier 2013-06-26
Be Suspicious about Trusting Unauthenticated External Representation of Internal Data Structures 2013-06-26
Handle All Errors Safely 2013-06-26
If Emulation of Another System Is Necessary, Ensure that It Is as Correct and Complete as Possible 2013-06-26
Carefully Study Other Systems Before Incorporating Them into Your System 2013-06-24
Clear Discarded Storage that Contained Secrets and Do Not Read Uninitialized Storage 2013-06-24
Use Well-Known Cryptography Appropriately and Correctly 2013-06-21
Design Configuration Subsystems Correctly and Distribute Safe Default Configurations 2013-06-20
Follow the Rules Regarding Concurrency Management 2013-06-20
Ensure that Input Is Properly Canonicalized 2013-06-20
Guidelines Overview 2013-06-20
Ensure that the Bounds of No Memory Region Are Violated 2013-06-20
Use Authorization Mechanisms Correctly 2013-06-20
Use Authentication Mechanisms, Where Appropriate, Correctly 2013-06-19
Vstr 2013-05-20
strncpy_s() and strncat_s() 2013-05-14
SEI: Coding Practices 2013-05-14
strlcpy() and strlcat() 2013-05-14
strncpy() and strncat() 2013-05-14
OpenBSD's strlcpy() and strlcat() 2013-05-14
strcpy_s() and strcat_s() 2013-05-14
strcpy() and strcat() 2013-05-14
fgets() and gets_s() 2013-05-14
C++ std::string 2013-05-14
Consistent Memory Management Conventions 2013-05-13
Strong Typing 2013-05-10
Safe Integer Operations 2013-05-10
Runtime Analysis Tools 2013-05-10
Detection and Recovery 2013-05-10
Range Checking 2013-05-10
Randomization 2013-05-10
Null Pointers 2013-05-10
Heap Integrity Detection 2013-05-10
Guard Pages 2013-05-10
Compiler Checks 2013-05-10
Arbitrary Precision Arithmetic 2013-05-10
Windows XP SP2 2013-05-10
Strsafe.h 2013-05-10
SafeStr 2013-05-10
memcpy_s() and memmove_s() 2008-10-06
Back to Top