1. Home
  2. Programming
  3. Principles of Secure Coding

A.3 Web Sites and Online Resources

Of the hundreds (now, perhaps, thousands) of sites on the Web that address some facet of secure coding, the ones we have listed below are those we recommend you check first.

AusCERT Secure Programming Checklist

ftp://ftp.auscert.org.au/pub/auscert/papers/secure_programming_checklist

Secure programming information from the Australian Computer Emergency Response Team, AusCERT.

FreeBSD Security Information

http://www.freebsd.org/security/security.html

Security tips specific to the FreeBSD operating system.

Institute for Security and Open Methodologies

http://www.isecom.org/ (formerly www.Ideahamster.org/)

Contains, among other things, a repository of secure programming guidelines and testing methodologies. Included in this set is "The Secure Programming Standards Methodology Manual" by Victor A. Rodriguez.

International Systems Security Engineering Association (ISSEA)

http://www.issea.org/

A not-for-profit professional organization "dedicated to the adoption of systems security engineering as a defined and measurable discipline."

Packetstorm Tutorials List

http://packetstormsecurity.nl/programming-tutorials/

A useful list of tutorials on various programming languages, testing methodologies, and more.

Secure, Efficient, and Easy C Programming

http://irccrew.org/~cras/security/c-guide.html

A useful "howto" document by Timo Sirainen with tips and examples of secure C coding.

Secure Programming for Linux and Unix HOWTO

http://www.dwheeler.com/secure-programs/

David Wheeler's "Howto" page for secure programming information specific to Linux and Unix. Not an FAQ, but a substantial online book with accurate and far-ranging advice. Includes specific secure programming tips for Ada95, C, C++, Java, Perl, and Python.

Systems Security Engineering?Capability Maturity Model

http://www.sse-cmm.org/

Information on the Software Engineering Institute-derived SSE-CMM, which measures the maturity level of system security engineering processes (and provides guidelines to which to aspire).

Secure Unix Programming FAQ

http://www.whitefang.com/sup/secure-faq.html

Another document with secure programming tips that are specific to Unix and Unix-like environments.

Windows Security

http://www.windowsecurity.com/

A repository of information on Microsoft Windows security issues.

Writing Safe Setuid Programs

http://nob.cs.ucdavis.edu/~bishop/

Home page of Professor Matt Bishop at the University of California at Davis. Contains numerous highly useful and informative papers, including his "Writing Safe Setuid Programs" paper.

The World Wide Web Security FAQ

http://www.w3.org/Security/Faq/www-security-faq.html

Security and secure coding tips specific to web environments.

The Open Web Application Security Project

http://www.owasp.org/

Useful web site with tips, tools, and information on developing secure web-based applications.