Buffer Overruns: Other resources

This excerpt from Chapter 1 of The 19 Deadly Sins of Software Security, shares resources on buffer overruns and a list of guidelines for securing code.

The 19 Deadly Sins of Software Security The following excerpt is from Chapter 1 of "The 19 Deadly Sins of Software Security" written by Michael Howard, David LeBlanc and John Viega. Click for the complete book excerpt series or visit McGraw-Hill to purchase the book.

Other resources

Summary

  • Do carefully check your buffer accesses by using safe string and buffer handling functions.
  • Do use compiler-based defenses such as /GS and ProPolice.
  • Do use operating-system-level buffer overrun defenses such as DEP and PaX.
  • Do understand what data the attacker controls, and manage that data safely in your code.
  • Do not think that compiler and OS defenses are sufficient -- they are not; they are simply extra defenses.
  • Do not create new code that uses unsafe functions.
  • Consider updating your C/C++ compiler since the compiler authors add more defenses to the generated code.
  • Consider removing unsafe functions from old code over time.
  • Consider using C++ string and container classes rather than low-level C string functions.

Click for the book excerpt series or visit McGraw-Hill to purchase the book.


This was last published in September 2005

Dig Deeper on Microsoft Office Suite

PRO+

Content

Find more PRO+ content and other member only offers, here.

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

-ADS BY GOOGLE

SearchVirtualDesktop

SearchWindowsServer

SearchExchange

Close