Secure Programming HOWTO - Creating Secure Software

Picture of David A. Wheeler This is the main web site for my free book, the Secure Programming HOWTO (previously titled Secure Programming for Linux and Unix HOWTO and Secure Programming for Linux HOWTO). This book provides a set of design and implementation guidelines for writing secure programs. Such programs include application programs used as viewers of remote data, web applications (including CGI scripts), network servers, and setuid/setgid programs. This document includes specific guidance for a number of languages, including C, C++, Java, Perl, Python, and Ada95. I give this book away in the hope that future software developers won't repeat past mistakes, resulting in more secure systems.

Getting the current version of the Book

You can get the book as:

  1. Multipage HTML (good for online viewing)
  2. Single long HTML
  3. PDF (good for printing)

Getting older versions

You can get certain older versions:

If you assign this book as a class textbook, you might want to specify a specific version listed above, since the current version is updated without warning.

This document is part of the Linux Documentation Project (LDP), and hence is also distributed in various Linux distributions. However, note that the LDP's version or the version in a CD-ROM distribution may not be as current as the main (master) web site at


Presentations on developing secure software, based on the book, are available. These presentations are from the graduate course I teach at George Mason University (SWE 681/ISA 681) on the design and implementation of secure software. Reading presentations is not the same as taking a class, but you may find them very helpful.


I gladly take donations. The easy way is to use Paypal to send a donation dwheeler @ Thanks so much for your generousity!

Related materials

Learning from Disaster is a set of essays describing specific serious problems (like Heartbleed) and what lessons we should learn. Much of the material in my book on developing secure software is based on the lessons learned from past mistakes. the entire secure programmer series of articles. You can also jump right to article #1 (developing secure programs), article #2 (validating input), article #3 (keep an eye on input, identifying various input sources), article #4 (countering buffer overflows), article #5 (minimizing privileges), article #6 (preventing race conditions), and article #7 (call components safely).

You can also see Write It Secure: Format Strings and Locale Filtering that I wrote for E-Security Journal.

If you're looking for information on how to secure your Microsoft Windows system, look at my essay on How to Secure Microsoft Windows (for home and small business users). -->


Many people have said nice things about my book. Here's a few:


If you have comments, proposed improvements, or intend to translate it to another human language, please send email to me. I edit the SGML (DocBook DTD) file; all the other formats are generated from this master version. You can also see the ChangeLog, and users of the SGML format may find the makefile useful. As of February 28, 2002, I've switched to the LDP's document generation process (e.g., using HTMLDOC), which I think generates nicer results than the tools I had been using before. Notice that as of version 2.00, the document is in SGML using the DocBook DTD; previous versions up through version 1.60 were in SGML but they used the Linuxdoc DTD. I've kept old versions of this document to help translators deal with this transition in format.

I realize that some other articles/books have shown up since. These include Top 10 Ajax Security Holes and Driving Factors by Shreeraj Shah - net square (10 November 2006).


Various translations are available:

I cannot guarantee that the translations accurately reflect the original English work; I'm sorry, but I'm simply not qualified to judge that. If you find an error in translation, please contact the translators directly. If you find an error in the underlying content, or do not get satisfaction when reporting errors to the translator, then contact me.

I hope to mention or link to additional translations as I learn about them. Please contact me before translating, so that duplicate work can be avoided (for example, perhaps multiple translators could divide the work), and let me know when you're done. I am very grateful to these people who have taken the time to translate this fairly lengthy work.


I have a few little scripts and programs here that are related to the book's material, for example, is a short script I use for testing the complex URI validation patterns.

This document keeps getting longer than the typical HOWTO; I may eventually split this into a ``short form'' and a ``longer form''. I'm also thinking about how to handle publication for the ``long form'', since I think many people will want a nice bound version of it so they can read it easily.

When I wrote the original work there wasn't anything else out there. In fact, this was the first book on how to develop secure programs written for software developers. Previous books tended to be written for security specialists (not developers), or had high-level priniciples instead of detailed information that a programmer could actually use. Now there are lots of materials (hooray!). Dr. Holger Peine has lecture notes for a college class available on-line. Robert C. Seacord has his CMU lecture online. Google's Browser Security Handbook is also available.

You might want to see other works of mine about security. My program flawfinder is a source code security scanning tool (a "static analyzer") that reports on likely security problems in source code; its home page links to other analysis programs and papers about them. My paper on Software Configuration Management (SCM) Security describes security requirements that can be useful for SCM systems. Securing Microsoft Windows (for Home and Small Business Users) explains how you can get some basic security measures set up on Windows. My paper Countering Trusting Trust through Diverse Double-Compiling describes a technique for countering the "uncounterable" Trusting Trust attack; while I didn't come up with the original idea, I developed it from an idea described in a few sentences to a justification and demonstration that it actually works.

If you are interested high assurance software or free-libre/open source software (FLOSS), take a peek at my paper High Assurance (for Security or Safety) and Free-Libre / Open Source Software (FLOSS), which examines the relationship between them; in particular, it lists FLOSS tools that can be helpful in developing higher-assurance software.

Some other papers of mine might be of interest to you. For example, many look at my paper Why Open Source Software / Free Software? Look at the Numbers! Feel free to see my main web site at