How To Program in C

If you must program in C, here are a few references I’ve collected from the twitterverse. It should keep you busy for the next few… years. And even then this only covers the basics. You’ll need to do more research on concurrency, signals, testing and some other topics in security.

How to C in 2016

How to C in 2016 by Matt Stancliff is the article I wish I wrote when I was in my prime C programming days and wish I had when I was starting out.

Update: Matt as also written a guide on const rules So You Think You Can const as well.

A Critique

A critique of “How to C in 2016” by Matt adds or corrects a lot of details. I believe most of which has been integrated in the original document.

And another critique

Some notes C in 2016 by Robert Graham (@ErrataRob) and David Maynor(@Dave_Maynor) of Errata Security is more higher level criticism and worth reading.

Modern Memory Safety: C/C++ Vulnerability Discovery, Exploitation, Hardening

From the README

This repo contains the slides for a training course originally developed in 2012. It has been delivered to many students since its creation. It’s sold out at the Black Hat USA conference several years in a row. The content has gone through many iterations based on feedback from those classes. The original training focused mainly on browser vulnerability discovery and exploitation. This latest version still focuses on that but also covers more topics such as custom memory allocators, hardening concepts, and exploitation at a high level.

The full PDF is here:

This covers C++ (even more things to remember) as well.

Note from Rich Felker

Rich Felker is the author of an excellent libc implementation musl.

Notes from CopperheadOS

CopperheadOS is a “A hardened open-source operating system based on Android”. They also drop tweets on how-to C.

Final Thoughts

Wow! You read all that? Here’s a final thought: