Good Programming in C/C++


Most vulnerabilities in C are related to buffer overflows and string manipulation. In most cases, this would result in a segmentation fault, but specially crafted malicious input values, adapted to the architecture and environment could yield to arbitrary code execution. You will find below a list of the most common errors and suggested fixes/solutions. (Some tips for C++ are available here.)


C++ is not C. That's the first advice we can give. Don't use printf, char* and friends, but instead go the C++ way. If you are forced to do things in the C way, please review the C guidelines.


Flawfinder Free stand-alone script Flawfinder checks for calls to known potentially vulnerable library function calls.
RATS Free stand-alone script RATS targets various languages and has specific detection rules for each.
For C / C++, it will check for calls to vulnerable library functions and some bad practices that can lead to buffer overflows.
Coverity Prevent Commercial/
available at CERN
... Coverity is a security company with extensive static analysis experience.
They have conducted many open source scans and have high reputable clients.