Master C and C++ with our new Testing Handbook chapter

A new chapter has been added to the Testing Handbook, focusing on a comprehensive security checklist for C and C++ code. The chapter covers common bug classes, known footguns, and API gotchas across C and C++ codebases, organized into sections covering Linux, Windows, and seccomp. This chapter provides a strong basis for manual code review, complementing other handbook chapters that focus on static and dynamic analysis. The checklist is being developed into a Claude skill that will turn the checklist into bug-finding prompts that a large language model can run against a codebase. The chapter covers five areas, including general bug classes, Linux usermode and kernel, Windows usermode and kernel, and seccomp/BPF sandboxes. The Linux usermode section focuses on libc gotchas, while the Windows sections cover DLL planting, unquoted path vulnerabilities, and path traversal issues. Two challenges are provided at the end of the post to test C/C++ review skills, with the first 10 correct submissions receiving Trail of Bits swag. The challenges include a simple ping program with two libc gotchas and a Windows Driver Framework driver request handler with several bugs, including an easy-to-exploit denial of service. The goal is to continuously update the handbook, including this chapter, to remain a key resource for security practitioners and developers involved in source code security review.