🔥🔥 Don’t Miss Out on Our End of Autumn Sale. If you have any questions, feel free to click the bottom right corner to contact our customer service..

Concat us[email protected]
Shopping Cart

No products in the cart.

🔍
BSI PD ISO/IEC TR 24772-3:2020

BSI PD ISO/IEC TR 24772-3:2020

$198.66

Programming languages. Guidance to avoiding vulnerabilities in programming languages – C

Published By Publication Date Number of Pages
BSI 2020 54
PDF Format Searchable Printable Preview Now
Guaranteed Safe Checkout
Category:

If you have any questions, feel free to reach out to our online customer service team by clicking on the bottom right corner. We’re here to assist you 24/7.
Email:[email protected]

This document specifies software programming language vulnerabilities to be avoided in the development of systems where assured behaviour is required for security, safety, mission-critical and business-critical software. In general, this guidance is applicable to the software developed, reviewed, or maintained for any application.

This document describes the way that the vulnerabilities listed in ISO/IEC TR 24772-1 are manifested or avoided in the C language.

PDF Catalog

PDF Pages PDF Title
2 undefined
9 Foreword
10 Introduction
11 1 Scope
2 Normative references
3 Terms and definitions
12 4 Language concepts
5 Avoiding programming language vulnerabilities in C
13 6 Specific guidance for C vulnerabilities
6.1 General
14 6.2 Type system [IHN]
6.2.1 Applicability to language
15 6.2.2 Guidance to language users
6.3 Bit representations [STR]
6.3.1 Applicability to language
6.3.2 Guidance to language users
16 6.4 Floating-point arithmetic [PLF]
6.4.1 Applicability to language
6.4.2 Guidance to language users
6.5 Enumerator issues [CCB]
6.5.1 Applicability to language
17 6.5.2 Guidance to language users
18 6.6 Conversion errors [FLC]
6.6.1 Applicability to language
19 6.6.2 Guidance to language users
20 6.7 String termination [CJM]
6.7.1 Applicability to language
6.7.2 Guidance to language users
6.8 Buffer boundary violation (buffer overflow) [HCB]
6.8.1 Applicability to language
21 6.8.2 Guidance to language users
6.9 Unchecked array indexing [XYZ]
6.9.1 Applicability to language
22 6.9.2 Guidance to language users
6.10 Unchecked array copying [XYW]
6.10.1 Applicability to language
6.10.2 Guidance to language users
23 6.11 Pointer type conversions [HFC]
6.11.1 Applicability to language
6.11.2 Guidance to language users
6.12 Pointer arithmetic [RVG]
6.12.1 Applicability to language
24 6.12.2 Guidance to language users
6.13 Null pointer dereference [XYH]
6.13.1 Applicability to language
6.13.2 Guidance to language users
25 6.14 Dangling reference to heap [XYK]
6.14.1 Applicability to language
6.14.2 Guidance to language users
26 6.15 Arithmetic wrap-around error [FIF]
6.15.1 Applicability to language
6.15.2 Guidance to language users
27 6.16 Using shift operations for multiplication and division [PIK]
6.16.1 Applicability to language
6.16.2 Guidance to language users
6.17 Choice of clear names [NAI]
6.17.1 Applicability to language
6.17.2 Guidance to language users
28 6.18 Dead store [WXQ]
6.18.1 Applicability to language
6.18.2 Guidance to language users
6.19 Unused variable [YZS]
6.19.1 Applicability to language
6.19.2 Guidance to language users
6.20 Identifier name reuse [YOW]
6.20.1 Applicability to language
29 6.20.2 Guidance to language users
6.21 Namespace issues [BJL]
6.21.1 Applicability to language
6.22 Initialization of variables [LAV]
6.22.1 Applicability to language
6.22.2 Guidance to language users
6.23 Operator precedence and associativity [JCW]
6.23.1 Applicability to language
30 6.23.2 Guidance to language users
6.24 Side-effects and order of evaluation of operands [SAM]
6.24.1 Applicability to language
6.24.2 Guidance to language users
31 6.25 Likely incorrect expression [KOA]
6.25.1 Applicability to language
6.25.2 Guidance to language users
32 6.26 Dead and deactivated code [XYQ]
6.26.1 Applicability to language
6.26.2 Guidance to language users
6.27 Switch statements and static analysis [CLL]
6.27.1 Applicability to language
33 6.27.2 Guidance to language users
6.28 Demarcation of control flow [EOJ]
6.28.1 Applicability to language
6.28.2 Guidance to language users
34 6.29 Loop control variables [TEX]
6.29.1 Applicability to language
6.29.2 Guidance to language users
35 6.30 Off-by-one error [XZH]
6.30.1 Applicability to language
6.30.2 Guidance to language users
6.31 Unstructured programming [EWD]
6.31.1 Applicability to language
6.31.2 Guidance to language users
36 6.32 Passing parameters and return values [CSJ]
6.32.1 Applicability to language
6.32.2 Guidance to language users
37 6.33 Dangling references to stack frames [DCM]
6.33.1 Applicability to language
6.33.2 Guidance to language users
6.34 Subprogram signature mismatch [OTR]
6.34.1 Applicability to language
38 6.34.2 Guidance to language users
6.35 Recursion [GDL]
6.35.1 Applicability to language
6.35.2 Guidance to language users
6.36 Ignored error status and unhandled exceptions [OYB]
6.36.1 Applicability to language
6.36.2 Guidance to language users
39 6.37 Type-breaking reinterpretation of data [AMV]
6.37.1 Applicability to language
6.37.2 Guidance to language users
6.38 Deep vs. shallow copying [YAN]
6.38.1 Applicability to language
6.38.2 Guidance to language users
40 6.39 Memory leaks and heap fragmentation [XYL]
6.39.1 Applicability to language
6.39.2 Guidance to language users
6.40 Templates and generics [SYM]
6.41 Inheritance [RIP]
6.42 Violations of the Liskov substitution principle or the contract model [BLP]
6.43 Redispatching [PPH]
6.44 Polymorphic variables [BKK]
6.45 Extra intrinsics [LRM]
6.46 Argument passing to library functions [TRJ]
6.46.1 Applicability to language
41 6.46.2 Guidance to language users
6.47 Inter-language calling [DJS]
6.47.1 Applicability to language
6.47.2 Guidance to language users
6.48 Dynamically linked code and self-modifying code [NYY]
6.48.1 Applicability to language
42 6.48.2 Guidance to language users
6.49 Library signature [NSQ]
6.49.1 Applicability to language
6.49.2 Guidance to language users
6.50 Unanticipated exceptions from library routines [HJW]
6.51 Pre-processor directives [NMP]
6.51.1 Applicability to language
43 6.51.2 Guidance to language users
6.52 Suppression of language-defined run-time checking [MXB]
6.53 Provision of inherently unsafe operations [SKL]
6.53.1 Applicability to language
6.53.2 Guidance to language users
44 6.54 Obscure language features [BRS]
6.54.1 Applicability of language
6.54.2 Guidance to language users
6.55 Unspecified behaviour [BQF]
6.55.1 Applicability of language
6.55.2 Guidance to language users
6.56 Undefined behaviour [EWF]
6.56.1 Applicability to language
45 6.56.2 Guidance to language users
6.57 Implementation–defined behaviour [FAB]
6.57.1 Applicability to language
6.57.2 Guidance to language users
46 6.58 Deprecated language features [MEM]
6.58.1 Applicability to language
6.58.2 Guidance to language users
6.59 Concurrency — Activation [CGA]
6.59.1 Applicability to language
6.59.2 Guidance to language users
6.60 Concurrency — Directed termination [CGT]
6.61 Concurrent data access [CGX]
6.61.1 Applicability to language
47 6.61.2 Guidance to language users
6.62 Concurrency — Premature termination [CGS]
6.62.1 Applicability to language
6.62.2 Guidance to language users
6.63 Lock protocol errors [CGM]
6.63.1 Applicability to language
6.63.2 Guidance to language users
6.64 Reliance on external format strings
6.64.1 Applicability to language
6.64.2 Guidance to language users
48 Bibliography
49 Index

Related products

BSI PD ISO/IEC TR 24772-3:2020
$198.66