C++ Security Vulnerabilities and Language Overview
What is C++?
Designed by Danish computer scientist Bjarne Stroustrup at Bell Laboratories, C++ first appeared in 1983 while the latest stable release became available in December 2014.
C++ is a general purpose programming language with imperative, object-oriented and generic programming features while providing facilities for low-level memory manipulation.
C++ is a cross-platform operating system that added oriented features to its predecessor, “C.” C++ is used widely by developers working on graphical applications and in Stack Overflow’s 2016 Developer Survey, C++ was the seventh most popular technology with 20.6% of the 21,982 respondents indicating that they used C++, a 1% decrease from the results in the 2015 survey.
C++ was influenced by C, Simula, ALGOL 68, Ada, CLU and ML and played a role in influencing the development of Ada 95, C99, C++, Chapel, D, Java, Lua, Rust, Python, Perl and PHP.
What was C++ Created?
In the mid-1960s, a group of Norwegian scientists pondered why there wasn’t a programming language that worked for all disciplinary domains, rather than linear algebra and business. Up until that point there was COBOL for business use and Fortran for scientific uses.
As a result, they built Simula which introduced the “class system” which represented concepts in the application world which made the language accessible for a variety of programming goals. This also introduced relationships between classes which then became known as object-oriented programming, or data abstraction.
While designing C++, Bjarne Stroustrup took the classes found in Singula code and then ensured that they ran as fast as C code which created a very useful combination.
Who Uses C++?
Massive applications from a wide variety of verticals have been built with C++. These include all major Adobe Systems applications such as Illustrator, Photoshop and InDesign, Amazon.com’s e-commerce platform, the “finder” feature in OS X, Autodesk, HP’s Java VM core, IBM’s K42, a open source, general-purpose operating system kernel for cache-coherent multiprocessors, Quicken tax software and many more across the computing, aerospace, communication and general technology landscapes.
C++ Security Vulnerabilities
High-Risk C++ Security Vulnerabilities:
Alongside SQL Injections (SQLi), Command Injections and process control issues, which affect many contemporary programming languages, C++ applications also face threats from:
- LDAP Injections
- Command Injections
- XPath Injections
- Second Order SQL Injection
- Connection String Injection
- Resource Injection
Securing your C++ Code
Checkmarx’s CxSAST, a static code analysis solution, stands out amongst C++ testing solutions as not only the solution which will keep your C++ code free from security and compliance issues, but also as the tool which will contribute to your organization’s advancement when it comes to application security maturity.
CxSAST works with the tools your developers are already using as it seamlessly integrates with most of the common development programs available at every stage of the SDLC. CxSAST’s features such as incremental code scanning and the best fix location made it ideal for any continuous integration continuous development (CICD) environment.
When vulnerabilities are detected in the C++ code, CxSAST will not only identify the best fix location, but will also offer resources to the developer to understand how the attack vector work as well as remediation advice which will help them ensure similar mistakes are avoided in the future.
Learn more about the coding languages, and their frameworks, that Checkmarx supports by clicking here.
Want to learn more about C++ vulnerabilities, why they happen, and how to eliminate them? Click for a tutorial and start sharpening your skills!