SECURE_CODING 概要 zz

最新推荐文章于 2024-07-31 07:30:00 发布
最新推荐文章于 2024-07-31 07:30:00 发布
阅读量807 收藏
点赞数
文章标签: buffer string function

以下总结的内容来自于Coverity Prevent分析,SECURE_CODING 是Prevent中关于编码安全方面的一个检查器,是全球百万余开发人员从历史上的各种安全漏洞事件中总结出来的。

 

× [VERY RISKY]. Use of "strcpy" has been known to cause a buffer overflow when used incorrectly.  If the destination string of a strcpy() is not large enough then anything might happen. Use strncpy() instead

 

 

×[VERY RISKY]. Use of "sprintf" has been known to cause a buffer overflow when used incorrectly.  Because sprintf() assumes an arbitrarily long string, callers must be careful not to overflow the actual space of the destination. Use snprintf() instead, or correct precision specifiers.

 

×[VERY RISKY]. Use of "strcat" has been known to cause a buffer overflow when used incorrectly.  The destination of a strcat() call must have enough space to accept the source. Use strncat() instead.

 

×You should never use the gets() function because you cannot control the amount of data that is read.

 

From: http://www.51testing.com/?uid-10851-action-viewspace-itemid-106174

lychee007
关注
  • 0
    点赞
  • 0
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
Secure.Coding.in.C.and.Cplusplus.2nd.Edition.0321822137.epub
07-20
Learn the Root Causes of Software Vulnerabilities and How to Avoid Them Commonly exploited software vulnerabilities are usually caused by avoidable software defects. Having analyzed tens of thousands of vulnerability reports since 1988, CERT has determined that a relatively small number of root causes account for most of the vulnerabilities. Secure Coding in C and C++, Second Edition, identifies and explains these root causes and shows the steps that can be taken to prevent exploitation. Moreover, this book encourages programmers to adopt security best practices and to develop a security mindset that can help protect software from tomorrow’s attacks, not just today’s. Drawing on the CERT’s reports and conclusions, Robert C. Seacord systematically identifies the program errors most likely to lead to security breaches, shows how they can be exploited, reviews the potential consequences, and presents secure alternatives. Coverage includes technical detail on how to Improve the overall security of any C or C++ application Thwart buffer overflows, stack-smashing, and return-oriented programming attacks that exploit insecure string manipulation logic Avoid vulnerabilities and security flaws resulting from the incorrect use of dynamic memory management functions Eliminate integer-related problems resulting from signed integer overflows, unsigned integer wrapping, and truncation errors Perform secure I/O, avoiding file system vulnerabilities Correctly use formatted output functions without introducing format-string vulnerabilities Avoid race conditions and other exploitable vulnerabilities while developing concurrent code The second edition features Updates for C11 and C++11 Significant revisions to chapters on strings, dynamic memory management, and integer security A new chapter on concurrency Access to the online secure coding course offered through Carnegie Mellon’s Open Learning Initiative (OLI) Secure Coding in C and C++, Second Edition, presents hundreds of examples of secure code, insecure code, and exploits, implemented for Windows and Linux. If you’re responsible for creating secure C or C++ software–or for keeping it safe–no other book offers you this much detailed, expert assistance. Table of Contents Chapter 1 Running with Scissors Chapter 2 Strings Chapter 3 Pointer Subterfuge Chapter 4 Dynamic Memory Management Chapter 5 Integer Security Chapter 6 Formatted Output Chapter 7 Concurrency Chapter 8 File I/O Chapter 9 Recommended Practices
CERT C/C++ Secure Coding Standard
yasi_xi的专栏
10-28 3770
CERT C Secure Coding Standard CERT C++ Secure Coding Standard
security 相关标准secure coding
cnbird's blog
12-20 1000
http://www.cert.org/secure-coding/scstandards.html http://cwe.mitre.org/top25/index.html
IOS安全编码指南 Secure Coding Guide -- 01 Introduction 上
静静燃烧的雪的专栏
06-05 1002
IOS安全编码指南 Secure Coding Guide -- 01 Introduction 上 Introduction to Secure Coding Guide     Secure coding is the practice of writing programs that are resistant to attack by maliciou
Top 10 Secure Coding Practices
我编程,我快乐
02-09 1407
Top 10 Secure Coding Practices  Validate input. Validate input from all untrusted data sources. Proper input validation can eliminate the vast majority of software vulnerabilities. Be suspicious
entropy_coding.zip_Huffman coding_coding_entropy
09-21
熵编码(Entropy Coding)是一种无损数据压缩技术,它的核心理念是利用数据的统计特性来减少表示数据所需的位数。在信息论中,熵是衡量信息不确定性或信息量的度量,因此熵编码旨在尽可能地接近数据源的熵,从而实现...
channel_coding.zip_Channel Coding
09-14
在标题为“channel_coding”的项目中,我们很可能看到一个名为“channel_coding.m”的Matlab程序,这可能是一个用于模拟或实现不同通道编码算法的代码。 在通信系统中,数据在传输过程中会受到各种噪声和干扰,如热...
my_lzw_coding.rar_LZW coding_lzw_my_lzw_coding
09-21
在"my_lzw_coding.cpp"中,编码器可能会实现以下几个关键功能: - 字典的创建和管理,包括初始化、查找和添加新条目。 - 输入字符串的读取和处理,生成编码序列。 - 输出编码序列,可以是二进制或特定的文本格式。 -...
ITCT.rar_coding USING MATLAB
07-14
Information coding using MATLAB
entropy_coding.rar_ entropy_coding_游程编码_游程编码c++
09-20
在这个“entropy_coding.rar”压缩包中,包含了三种不同的熵编码方法:哈弗曼编码(Huffman Coding)、算术编码(Arithmetic Coding)以及游程编码(Run-Length Encoding)。接下来,我们将详细探讨这些编码方式。 ...
IOS开发NSSecureCoding
李小源的博客
02-04 521
NSSecureCoding 官方解释:A protocol that enables encoding and decoding in a manner that is robust against object substitution attacks. 一种协议,它以一种抗对象替换攻击的健壮方式实现编码和解码。 NSSecureCoding相对NSCoding来说对数据的处理添加了一定的安全性 存与取 NSData *data = [NSData dataWithContentsOf.
什么是安全编码,为什么它很重要?
最新发布
07-31 67
通过遵循 OWASP 和 SEI CERT 等标准,您可以使您的软件对用户更安全,并避免因任何漏洞利用、黑客攻击或违规而导致的法律和财务复杂性。安全编码的重要性:幸运的是,通过遵循一些已经建立的安全编码标准,比如OWASP(开放网络应用安全项目)和SEI Cert(软件工程研究所的认证),可以缓解大多数常见的软件安全漏洞。如果您几乎没有安全编码的经验,那么使用他们的服务来确保源代码的安全性和健壮性将是一个好主意。此外,请查看他们的工具,该工具可以查找可能影响您项目的依赖关系和公开披露的漏洞。
数据治理:数据安全100个基本概念全解
fuyipingwml1976124的博客
01-15 1505
根据DAMA的定义,数据安全指定义、规划、开发、执行安全策略和规程,以提供对数据和信息资产的适当验证、授权、访问和审计。数据安全的目标有三个:启用对企业数据资产的适当访问,并防止不适当的访问理解并遵守所有有关隐私、保护和保密的法规和政策确保所有利益相关方的隐私和保密需求得到执行和审计在《数据治理:一文讲透数据安全》一文中,我对如何实施数据安全进行了相对宏观的介绍。本文将从微观入手,对104个数据安...
平台间函数差异与系统移植:snprintf/_snprintf
fibbery学习笔记
11-13 4022
  snprintf函数并不是标准c/c++中规定的函数,但是在许多编译器中,厂商提供了其实现的版本。在gcc中,该函数名称就snprintf,而在VC中称为_snprintf。  由于不是标准函数,没有一个统一的标准来规定该函数的行为,所以导致了各厂商间的实现版本可能会有差异。今天也的的确确看到了差异,因为这个小小的差异是我的程序无法正常的处理数据。  这个小小的差异发生在count参数。在VC
NSCoding和NSSecureCoding
weixin_34247299的博客
05-25 1262
NSCodingNSCoding is a protcol that you can implement on your data classes to support encoding and decoding your data into a data buffer, which can then be persisted to disk.如果想把自定义的对象持久化(存到硬盘),或者用于网络传...
man 3 printf fprintf sprintf
LongZh_CN的专栏
07-08 1099
NAME printf, fprintf, sprintf, snprintf, vprintf, vfprintf, vsprintf, vsnprintf - formatted output conversion   SYNOPSIS #include stdio.h> int printf(const char *format, ...);  int fprintf(FILE *
strcpy的实现
coderlang
05-02 1114
在前面的文章中,我们详细介绍了memcpy函数的实现及其缺陷,本文我们主要介绍下strcpy函数的实现及其与memcpy函数的区别 一样,通过google搜搜strcpy,我们可以得到以下一段话 char * strcpy ( char* destination, const char * source ); Copy string Copies the C string poin
使用安全的库增强C++代码的安全性
stereohomology
02-16 1632
http://msdn.microsoft.com/en-us/magazine/cc163794.aspx#S5 Repel Attacks on Your Code with the Visual Studio 2005 Safe C and C++ Libraries Martyn Lovell This article is based on a pr
man 3 printf
LongZh_CN的专栏
07-08 1547
PRINTF(3) Linux Programmer's Manual PRINTF(3) NAME        printf, fprintf, sprintf, snprintf, vprintf, vfprintf, vsprintf, vsnprintf - formatted output conversion SYNOPSIS
python 安装arithmetic_coding
12-03
要在Python中安装arithmetic_coding模块,首先需要使用pip或者conda等包管理工具来安装arithmetic_coding库。在命令行或终端中输入以下命令即可安装: 使用pip安装: ``` pip install arithmetic_coding ``` 使用...
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值