US Flag Official website of the Department of Homeland Security
U.S. Department of Homeland Security Seal. Build Security In. Setting a higher standard for software assurance.

Coding Practices Articles

This content area describes methods, techniques, processes, tools, and runtime libraries that can prevent or limit exploits against vulnerabilities. Each document describes the development and technology context in which the coding practice is applied, as well as the risk of not following the practice and the type of attacks that could result.

Title Updated datesort ascending

Assume that Human Behavior Will Introduce Vulnerabilities into Your System

2013-06-26

Do Not Perform Arithmetic with Unvalidated Input

2013-06-26

Never Use Unvalidated Input as Part of a Directive to any Internal Component

2013-06-26

Treat the Entire Inherited Process Context as Unvalidated Input

2013-06-26

Do Not Use the "%n" Format String Specifier

2013-06-26

Be Suspicious about Trusting Unauthenticated External Representation of Internal Data Structures

2013-06-26

Handle All Errors Safely

2013-06-26

If Emulation of Another System Is Necessary, Ensure that It Is as Correct and Complete as Possible

2013-06-26

Carefully Study Other Systems Before Incorporating Them into Your System

2013-06-24

Clear Discarded Storage that Contained Secrets and Do Not Read Uninitialized Storage

2013-06-24

Design Configuration Subsystems Correctly and Distribute Safe Default Configurations

2013-06-20

Follow the Rules Regarding Concurrency Management

2013-06-20

Ensure that Input Is Properly Canonicalized

2013-06-20

Guidelines Overview

2013-06-20

Ensure that the Bounds of No Memory Region Are Violated

2013-06-20

Use Authorization Mechanisms Correctly

2013-06-20

Use Authentication Mechanisms, Where Appropriate, Correctly

2013-06-19

MITRE CWE and CERT Secure Coding Standards

2013-07-25

strlcpy() and strlcat()

2013-05-14

Detection and Recovery

2013-05-10

SEI: Coding Practices

2013-05-14

Use Well-Known Cryptography Appropriately and Correctly

2013-06-21

Arbitrary Precision Arithmetic

2013-05-10

Compiler Checks

2013-05-10

Consistent Memory Management Conventions

2013-05-13

fgets() and gets_s()

2013-05-14

Guard Pages

2013-05-10

Heap Integrity Detection

2013-05-10

memcpy_s() and memmove_s()

2008-10-06

Null Pointers

2013-05-10

OpenBSD

2013-07-31

OpenBSD's strlcpy() and strlcat()

2013-05-14

Phkmalloc

2013-07-31

Randomization

2013-05-10

Range Checking

2013-05-10

Runtime Analysis Tools

2013-05-10

Safe Integer Operations

2013-05-10

SafeStr

2013-05-10

strcpy() and strcat()

2013-05-14

strcpy_s() and strcat_s()

2013-05-14

strncpy() and strncat()

2013-05-14

strncpy_s() and strncat_s()

2013-05-14

Strong Typing

2013-05-10

Strsafe.h

2013-05-10

Vstr

2013-05-20

Windows XP SP2

2013-05-10

C++ std::string

2013-05-14
Back to Top