Book Excerpt

Buffer Overruns: Other resources

The 19 Deadly Sins of Software Security The following excerpt is from Chapter 1 of "The 19 Deadly Sins of Software Security" written by Michael Howard, David LeBlanc and John Viega. Click for the complete book excerpt series or visit McGraw-Hill to purchase the book.

Other resources

Summary

  • Do carefully check your buffer accesses by using safe string and buffer handling functions.
  • Do use compiler-based defenses such as /GS and ProPolice.
  • Do use operating-system-level buffer overrun defenses such as DEP and PaX.
  • Do understand what data the attacker controls, and manage that data safely in your code.
  • Do not think that compiler and OS defenses are sufficient -- they are not; they are simply extra defenses.
  • Do not create new code that uses unsafe functions.
  • Consider updating your C/C++ compiler since the compiler authors add more defenses to the generated code.
  • Consider removing unsafe functions from old code over time.
  • Consider using C++ string and container classes rather than low-level C string functions.

Click for the book excerpt series or visit McGraw-Hill to purchase the book.



This was first published in September 2005

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: