Good Programming in C/C++
Most vulnerabilities in C are related to buffer overflows and string manipulation. In most cases, this would result in a segmentation fault, but specially crafted malicious input values, adapted to the architecture and environment could yield to arbitrary code execution. You will find below a list of the most common errors and suggested fixes/solutions. (Some tips for C++ are available here.)
C++ is not C. That's the first advice we can give. Don't use printf, char* and friends, but instead go the C++ way. If you are forced to do things in the C way, please review the C guidelines.
|Flawfinder||Free||stand-alone script||Flawfinder checks for calls to known potentially vulnerable library function calls.|
|RATS||Free||stand-alone script|| RATS targets various languages and has specific detection rules for each.
For C / C++, it will check for calls to vulnerable library functions and some bad practices that can lead to buffer overflows.
|Coverity Prevent|| Commercial/|
available at CERN
|...|| Coverity is a security company with extensive static analysis experience.
They have conducted many open source scans and have high reputable clients.