Buffer Overruns: Other resources

This excerpt from Chapter 1 of The 19 Deadly Sins of Software Security, shares resources on buffer overruns and a list of guidelines for securing code.

The 19 Deadly Sins of Software Security The following excerpt is from Chapter 1 of "The 19 Deadly Sins of Software Security" written by Michael Howard, David LeBlanc and John Viega. Click for the complete book excerpt series or visit McGraw-Hill to purchase the book.

Other resources

Summary

  • Do carefully check your buffer accesses by using safe string and buffer handling functions.
  • Do use compiler-based defenses such as /GS and ProPolice.
  • Do use operating-system-level buffer overrun defenses such as DEP and PaX.
  • Do understand what data the attacker controls, and manage that data safely in your code.
  • Do not think that compiler and OS defenses are sufficient -- they are not; they are simply extra defenses.
  • Do not create new code that uses unsafe functions.
  • Consider updating your C/C++ compiler since the compiler authors add more defenses to the generated code.
  • Consider removing unsafe functions from old code over time.
  • Consider using C++ string and container classes rather than low-level C string functions.

Click for the book excerpt series or visit McGraw-Hill to purchase the book.


This was first published in September 2005

Dig deeper on Microsoft Office Suite

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

SearchVirtualDesktop

SearchWindowsServer

SearchExchange

Close