CERT-C | Compliance | Fluid Attacks Help

CERT-C

logo

Summary

The SEI CERT C Coding Standard, 2016 Edition provides rules for secure coding in the C programming language. These rules and recommendations are used to develop safe, reliable, and secure systems, for example by eliminating undefined behaviors that can lead to undefined program behaviors and exploitable vulnerabilities.

Definitions

Definition Requirements
EXP33-C. Do not read uninitialized memory 168. Initialize variables explicitly
INT32-C. Ensure that operations on signed integers do not result in overflow 345. Establish protections against overflows
STR30-C. Do not attempt to modify string literals 172. Encrypt connection strings
FIO30-C. Exclude user input from format strings 160. Encode system outputs
173. Discard unsafe inputs
FIO32-C. Do not perform operations on devices that are only appropriate for files 095. Define users with privileges
096. Set user's required privileges
CON38-C. Preserve thread safety and liveness when using condition variables 337. Make critical logic flows thread safe
MSC32-C. Properly seed pseudorandom number generators 223. Uniform distribution in random numbers
Free trial message
Free trial
Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.