Question

The SEI/CERT website is full of best-practices for developing secure code for various popular programming languages. Select a software threat/vulnerability of your choice and idenitfy two secure coding practices to mitigate that threat/vulnerability. You may choose any programming language you wish.

Answer 1

Answer:  

Input-Output rule:  

char *file_name:

FILE *f+ptr;  

f_ptr = fopen(file_name, "w");

if(f_ptr == NULL){

}  

if(fclose(f_ptr)!=0){

}  

if(remove(file_name) !=0){

}  

Expression:  

void set_fl(int num ,int *s_fl){

if(NULL == s_fl){

return;

}  

if(num>0){

*s_fl =1;

}

else if(num <0) {

*s_fl = -1;

}

}  

int is_negative(int num) {

int s;

set_fl(num , &s);

return s<0;

Explanation:  

Computer Emergency Response Team(CERT) has found most vulnerabilities discovered in applications stem from a comparatively small number of common programming errors that developers repeatedly make. The CERT secure coding initiative is functioning to determine secure coding standards for commonly used programming languages and to advance the practice of secure coding.

There are many security coding practices:  

SEI CERT C coding standard:  

The C rules and proposals are a piece ongoing and reflect the present thinking of the secure coding community. As rules and proposals mature, they're published in report or book form as official releases.