- AusCERT Secure Programming Checklist
-
ftp://ftp.auscert.org.au/pub/auscert/papers/secure_programming_checklist
Secure programming information from the Australian Computer Emergency
Response Team, AusCERT.
- FreeBSD Security Information
-
http://www.freebsd.org/security/security.html
Security tips specific to the FreeBSD operating system.
- Institute for Security and Open Methodologies
-
http://www.isecom.org/
(formerly www.Ideahamster.org/)
Contains, among other things, a repository of secure programming
guidelines and testing methodologies. Included in this set is
"The Secure Programming Standards Methodology
Manual" by Victor A. Rodriguez.
- International Systems Security Engineering Association (ISSEA)
-
http://www.issea.org/
A not-for-profit professional organization
"dedicated to the adoption of systems security
engineering as a defined and measurable discipline."
- Packetstorm Tutorials List
-
http://packetstormsecurity.nl/programming-tutorials/
A useful list of tutorials on various programming languages, testing
methodologies, and more.
- Secure, Efficient, and Easy C Programming
-
http://irccrew.org/~cras/security/c-guide.html
A useful "howto" document by Timo
Sirainen with tips and examples of secure C coding.
- Secure Programming for Linux and Unix HOWTO
-
http://www.dwheeler.com/secure-programs/
David Wheeler's
"Howto" page for secure programming
information specific to Linux and Unix. Not an FAQ, but a substantial
online book with accurate and far-ranging advice. Includes specific
secure programming tips for Ada95, C, C++, Java, Perl, and Python.
- Systems Security Engineering—Capability Maturity Model
-
http://www.sse-cmm.org/
Information on the Software Engineering Institute-derived SSE-CMM,
which measures the maturity level of system security engineering
processes (and provides guidelines to which to aspire).
- Secure Unix Programming FAQ
-
http://www.whitefang.com/sup/secure-faq.html
Another document with secure programming tips that are specific to
Unix and Unix-like environments.
- Windows Security
-
http://www.windowsecurity.com/
A repository of information on Microsoft Windows security issues.
- Writing Safe Setuid Programs
-
http://nob.cs.ucdavis.edu/~bishop/
Home page of Professor Matt Bishop at the University of California at
Davis. Contains numerous highly useful and informative papers,
including his "Writing Safe Setuid
Programs" paper.
- The World Wide Web Security FAQ
-
http://www.w3.org/Security/Faq/www-security-faq.html
Security and secure coding tips specific to web environments.
- The Open Web Application Security Project
-
http://www.owasp.org/
Useful web site with tips, tools, and information on developing
secure web-based applications.
