C/C++ Secure Coding

Language Insecure Function Vulnerability Scenario Remediation/Secure Function

Language	Insecure Function	Vulnerability	Scenario	Remediation/Secure Function
C	`strcpy`	Buffer Overflow	A software application takes user input and stores it in a fixed-size buffer.	`strncpy` with bounds checking and null termination
C	`gets`	Stack Buffer Overflow	A program reads user input into a stack buffer without bounds checking.	`fgets` with bounds checking
C	`malloc` with unchecked bounds	Heap Buffer Overflow	A program allocates memory for user data but does not check the size of the input.	Ensure loop limits are correct and check allocation size
C	`strcpy`	Stack Buffer Overflow leading to Stack Smashing	A web server takes input from a request and copies it into a local stack buffer.	`strncpy` with bounds checking and null termination
C	`system`	Command Injection	An application runs system commands based on user input.	Validate input, use `snprintf` and validate input securely
C	Unchecked arithmetic operations	Integer Overflow	A program performs arithmetic operations without checking for overflow.	Check arithmetic bounds and validate inputs
C	`printf`	Format String Vulnerability	A program prints user input directly using `printf`.	Use format specifiers, e.g., `printf("%s", user_input)`

strcpy

Buffer Overflow

A software application takes user input and stores it in a fixed-size buffer.

strncpy with bounds checking and null termination

gets

Stack Buffer Overflow

A program reads user input into a stack buffer without bounds checking.

fgets with bounds checking

malloc with unchecked bounds

Heap Buffer Overflow

A program allocates memory for user data but does not check the size of the input.

Ensure loop limits are correct and check allocation size

strcpy

Stack Buffer Overflow leading to Stack Smashing

A web server takes input from a request and copies it into a local stack buffer.

strncpy with bounds checking and null termination

system

Command Injection

An application runs system commands based on user input.

Validate input, use snprintf and validate input securely

Unchecked arithmetic operations

Integer Overflow

A program performs arithmetic operations without checking for overflow.

Check arithmetic bounds and validate inputs

printf

Format String Vulnerability

A program prints user input directly using printf.

Use format specifiers, e.g., printf("%s", user_input)

String Handling Vulnerabilities

Language Insecure Function Vulnerability Scenario Remediation/Secure Function

Language	Insecure Function	Vulnerability	Scenario	Remediation/Secure Function
C	`strcpy`	Buffer Overflow	A software application takes user input and stores it in a fixed-size buffer.	`strncpy` with bounds checking and null termination
C	`strncpy` without null termination	Buffer Overflow	A program uses `strncpy` but does not ensure null termination.	Ensure null termination after `strncpy`

strcpy

Buffer Overflow

A software application takes user input and stores it in a fixed-size buffer.

strncpy with bounds checking and null termination

strncpy without null termination

Buffer Overflow

A program uses strncpy but does not ensure null termination.

Ensure null termination after strncpy

Buffer Overflow

Language Insecure Function Vulnerability Scenario Remediation/Secure Function

Language	Insecure Function	Vulnerability	Scenario	Remediation/Secure Function
C	`gets`	Stack Buffer Overflow	A program reads user input into a stack buffer without bounds checking.	`fgets` with bounds checking
C	Manual memory management	Heap Buffer Overflow	A program does not properly manage dynamic memory allocation and bounds.	Use safe memory allocation functions and check bounds

gets

Stack Buffer Overflow

A program reads user input into a stack buffer without bounds checking.

fgets with bounds checking

Manual memory management

Heap Buffer Overflow

A program does not properly manage dynamic memory allocation and bounds.

Use safe memory allocation functions and check bounds

Integer Security

Language	Insecure Function	Vulnerability	Scenario	Remediation/Secure Function
C	Unchecked arithmetic operations	Integer Overflow	A program performs arithmetic operations without checking for overflow.	Check arithmetic bounds and validate inputs

Language

Insecure Function

Vulnerability

Scenario

Remediation/Secure Function

Unchecked arithmetic operations

Integer Overflow

A program performs arithmetic operations without checking for overflow.

Check arithmetic bounds and validate inputs

Code Injection

Language Insecure Function Vulnerability Scenario Remediation/Secure Function

Language	Insecure Function	Vulnerability	Scenario	Remediation/Secure Function
C	`system`	Command Injection	An application runs system commands based on user input.	Validate input, use `snprintf` and validate input securely

system

Command Injection

An application runs system commands based on user input.

Validate input, use snprintf and validate input securely

Exploiting Formatted Output Functions

Language Insecure Function Vulnerability Scenario Remediation/Secure Function

Language	Insecure Function	Vulnerability	Scenario	Remediation/Secure Function
C	`printf`	Format String Vulnerability	A program prints user input directly using `printf`.	Use format specifiers, e.g., `printf("%s", user_input)`

printf

Format String Vulnerability

A program prints user input directly using printf.

Use format specifiers, e.g., printf("%s", user_input)

PreviousOut of Bounds NextJava/JS Secure Coding

Last updated 1 month ago