Secure Programming HOWTO - Creating Secure Software

This is the main web site for my free book, the Secure Programming HOWTO (previously titled Secure Programming for Linux and Unix HOWTO and Secure Programming for Linux HOWTO). This book provides a set of design and implementation guidelines for writing secure programs. Such programs include application programs used as viewers of remote data, web applications (including CGI scripts), network servers, and setuid/setgid programs. This document includes specific guidance for a number of languages, including C, C++, Java, Perl, Python, and Ada95. I give this book away in the hope that future software developers won't repeat past mistakes, resulting in more secure systems.

Getting the current version of the Book

You can get the book as:

Getting older versions

You can get certain older versions:

If you assign this book as a class textbook, you might want to specify a specific version listed above, since the current version is updated without warning.

This document is part of the Linux Documentation Project (LDP), and hence is also distributed in various Linux distributions. However, note that the LDP's version or the version in a CD-ROM distribution may not be as current as the main (master) web site at https://dwheeler.com/secure-programs.

Presentations

Presentations on developing secure software, based on the book, are available. These presentations are from the graduate course I teach at George Mason University (SWE 681/ISA 681) on the design and implementation of secure software. Reading presentations is not the same as taking a class, but you may find them very helpful.

The video "How to Develop Secure Applications: The BadgeApp Example" walks through the "assurance case" of the BadgeApp program. An assurance case is simply a structured argument that explains (in this case) why it's secure enough. I think examples are very helpful when learning - I hope you also find it useful.

Donating!

I gladly take donations. The easy way is to use Paypal to send a donation dwheeler @ dwheeler.com. Thanks so much for your generousity!

Learning from Disaster is a set of essays describing specific serious problems (like Heartbleed) and what lessons we should learn. Much of the material in my book on developing secure software is based on the lessons learned from past mistakes.

Many people have said nice things about my book. Here's a few:

"Android is built using the Linux kernel and being familiar with Linux development security best practices is especially useful if you are going to use native code. Linux security practices are beyond the scope of this document, but one of the most popular resources is 'Secure Programming for Linux and Unix HOWTO', available at https://dwheeler.com/secure-programs - from "Security Tips", Android.com, retrieved 2014-02-16.

"Another outstanding online resource for examples of secure coding is the "Secure Programming for Linux and UNIX HOWTO", by David Wheeler. It's available online... While the entire volume is strong, we liked particularly David's discussion of making safe temporary files in C." - Securecoding.org

"[I] read your secure programming how-to when in college, it's one of the most influential books on me on how to program." - Dimitris Mistriotis

"[This book is] the tome that stays permanently printed on my desk... I've been using Sec.Progr.Howto for years now and I have to say great work... It's unspeakably useful to have the document there as a reference. I don't just like the book, it's one of the top 5 reference documents I use! ... flawfinder and the Secure Programming Howto were integral to patching and correcting an in-house invoicing system for a nation wide Australian company." - Jason Spalding, November 2008

Comments?

If you have comments, proposed improvements, or intend to translate it to another human language, please send email to me. I edit the SGML (DocBook DTD) file; all the other formats are generated from this master version. You can also see the ChangeLog, and users of the SGML format may find the makefile useful. As of February 28, 2002, I've switched to the LDP's document generation process (e.g., using HTMLDOC), which I think generates nicer results than the tools I had been using before. Notice that as of version 2.00, the document is in SGML using the DocBook DTD; previous versions up through version 1.60 were in SGML but they used the Linuxdoc DTD. I've kept old versions of this document to help translators deal with this transition in format.

I realize that some other articles/books have shown up since. These include Top 10 Ajax Security Holes and Driving Factors by Shreeraj Shah - net square (10 November 2006).

Translations

I cannot guarantee that the translations accurately reflect the original English work; I'm sorry, but I'm simply not qualified to judge that. If you find an error in translation, please contact the translators directly. If you find an error in the underlying content, or do not get satisfaction when reporting errors to the translator, then contact me.

I hope to mention or link to additional translations as I learn about them. Please contact me before translating, so that duplicate work can be avoided (for example, perhaps multiple translators could divide the work), and let me know when you're done. I am very grateful to these people who have taken the time to translate this fairly lengthy work.

Miscellaneous

This document keeps getting longer than the typical HOWTO; I may eventually split this into a ``short form'' and a ``longer form''. I'm also thinking about how to handle publication for the ``long form'', since I think many people will want a nice bound version of it so they can read it easily.

When I wrote the original work there wasn't anything else out there. In fact, this was the first book on how to develop secure programs written for software developers. Previous books tended to be written for security specialists (not developers), or had high-level priniciples instead of detailed information that a programmer could actually use. Now there are lots of materials (hooray!). Dr. Holger Peine has lecture notes for a college class available on-line. Robert C. Seacord has his CMU lecture online. Google's Browser Security Handbook is also available.

You might want to see other works of mine about security. My program flawfinder is a source code security scanning tool (a "static analyzer") that reports on likely security problems in source code; its home page links to other analysis programs and papers about them. My paper on Software Configuration Management (SCM) Security describes security requirements that can be useful for SCM systems. Securing Microsoft Windows (for Home and Small Business Users) explains how you can get some basic security measures set up on Windows. My paper Countering Trusting Trust through Diverse Double-Compiling describes a technique for countering the "uncounterable" Trusting Trust attack; while I didn't come up with the original idea, I developed it from an idea described in a few sentences to a justification and demonstration that it actually works.

If you are interested high assurance software or free-libre/open source software (FLOSS), take a peek at my paper High Assurance (for Security or Safety) and Free-Libre / Open Source Software (FLOSS), which examines the relationship between them; in particular, it lists FLOSS tools that can be helpful in developing higher-assurance software.

Some other papers of mine might be of interest to you. For example, many look at my paper Why Open Source Software / Free Software? Look at the Numbers! Feel free to see my main web site at https://dwheeler.com.