Secure Coding Practices

Nagarro C++
 Secure
coding
practice
● As a developer, you are not only
responsible to meet the business
requirements of a project but also take
into account the security of it
● C/C++ are historically languages that do
not enforce any safety and it all comes to
down the developer to make sure its
code is secure
What are secure
coding practices?
● Secure coding practices are a set of recommendations to develop
safe, reliable and security systems, for example by eliminating
unexpected behaviours that can lead to undefined program
behaviour and exploitable vulnerabilities
● The conformance to this practices is necessary but usually not
sufficient.
● It’s also necessary, for example, to provide a safe and secure design of
your applications
● Safety-critical systems typically have stricter requirements than
imposed by the coding standards.
● One example would be MISRA C/C++ compliance which requires that
all memory to be statically allocated
 ● Validate input
Validate input from all untrusted data
sources. Proper input validation can
Top 12 eliminate the vast majority of software
vulnerabilities. Be suspicious of most
external data sources:
Secure ■
■
■
Command line arguments
Network interfaces
Environmental variables

Coding ●
■ User controlled files

Heed compiler warnings

practices Compile code using the highest warning
level available for your compiler and
eliminate warnings by modifying the code.
Use static and dynamic analysis tools to
detect and eliminate additional security
flaws
● Architect and design for security policies
Create a software architecture and design your
software to implement and enforce security
policies. For example, if your system requires
different privileges at different times, consider
dividing the system into distinct
intercommunicating subsystems, each with an
Top 12
appropriate privilege set.

● Keep it simple
Keep the design as simple and small as possible.
Secure
Complex designs increase the likelihood that
errors will be made in their implementation,
configuration, and use. Additionally, the effort
Coding
required to achieve an appropriate level of
assurance increases dramatically as security
mechanisms become more complex.
practices
● Default deny
Base access decisions on permission rather than
exclusion. This means that, by default, access is
denied and the protection scheme identifies
conditions under which access is permitted.
 ● Adhere to the principle of least privilege
Every process should execute with the least set of
privileges necessary to complete the job. Any
elevated permission should only be accessed for
the least amount of time required to complete the
Top 12 privileged task. This approach reduces the
opportunities an attacker has to execute arbitrary
code with elevated privileges.
Secure ● Sanitize data sent to other systems
Sanitize all data passed to complex subsystems

Coding such as command shells, relational databases, and

commercial off-the-shelf (COTS) components.
Attackers may be able to invoke unused

practices functionality in these components through the use

of SQL, command, or other injection attacks. This is
not necessarily an input validation problem
because the complex subsystem being invoked
does not understand the context in which the call is
made. Because the calling process understands the
context, it is responsible for sanitizing the data
before invoking the subsystem.
● Practice defense in depth
Manage risk with multiple defensive strategies, so
that if one layer of defense turns out to be
inadequate, another layer of defense can prevent
a security flaw from becoming an exploitable
vulnerability and/or limit the consequences of a
successful exploit. For example, combining
secure programming techniques with secure
Top 12
runtime environments should reduce the
likelihood that vulnerabilities remaining in the
code at deployment time can be exploited in the
Secure
operational environment.

● Use effective quality assurance techniques

Coding
Good quality assurance techniques can be
effective in identifying and eliminating
vulnerabilities. Fuzz testing, penetration testing,
practices
and source code audits should all be
incorporated as part of an effective quality
assurance program. Independent security
reviews can lead to more secure systems. External
reviewers bring an independent perspective; for
example, in identifying and correcting invalid
assumptions.
 ● Adopt a secure coding standard
Develop and/or apply a secure coding standard for
your target development language and platform.

Top 12 ● Define security requirements

Identify and document security requirements early in
the development life cycle and make sure that
Secure subsequent development artifacts are evaluated for
compliance with those requirements. When security
requirements are not defined, the security of the

Coding ●
resulting system cannot be effectively evaluated.

Model threats

practices Use threat modeling to anticipate the threats to which

the software will be subjected. Threat modeling
involves identifying key assets, decomposing the
application, identifying and categorizing the threats to
each asset or component, rating the threats based on
a risk ranking, and then developing threat mitigation
strategies that are implemented in designs, code, and
test cases.
CWE/SANS Top 25 Most Dangerous Software Errors
(2023 edition)

● It’s a list of the most widespread and critical errors that can lead to
serious vulnerabilities in software
● They are often easy to find and easy to exploit
● They are dangerous because they will frequently allow attackers to
completely take over the software, steal data or prevent software from
working at all
● It can be used as a measuring stick of progress in the effort to secure
the code
● Entries are sorted into 3 high-level categories
○ Insecure Interaction between components
○ Risky Resource Management
○ Porous Defenses
● https://cwe.mitre.org/top25/archive/2023/2023_top25_list.html
Questions?