Home > Buffer Overruns: Other resources
Book Excerpt:
EMAIL THIS

Buffer Overruns: Other resources

19 Sep 2005 | McGraw-Hill

Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   

The 19 Deadly Sins of Software Security The following excerpt is from Chapter 1 of "The 19 Deadly Sins of Software Security" written by Michael Howard, David LeBlanc and John Viega. Click for the complete book excerpt series or visit McGraw-Hill to purchase the book.

Other resources

Summary

  • Do carefully check your buffer accesses by using safe string and buffer handling functions.
  • Do use compiler-based defenses such as /GS and ProPolice.
  • Do use operating-system-level buffer overrun defenses such as DEP and PaX.
  • Do understand what data the attacker controls, and manage that data safely in your code.
  • Do not think that compiler and OS defenses are sufficient -- they are not; they are simply extra defenses.
  • Do not create new code that uses unsafe functions.
  • Consider updating your C/C++ compiler since the compiler authors add more defenses to the generated code.
  • Consider removing unsafe functions from old code over time.
  • Consider using C++ string and container classes rather than low-level C string functions.


Click for the book excerpt series or visit McGraw-Hill to purchase the book.




Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   



RELATED CONTENT
Microsoft Office Suite
Should you switch to the Office 2007 file format?
Microsoft Office 2010: At a glance
Microsoft Office 2010 ready for testing
New Enterprise Desktop e-zine
Microsoft wraps Office SP2 with better doc support
Combining folder redirection with roaming profiles
Microsoft releases infrastructure updates for server products
Microsoft Office Project Server 2007: New features and some that have been retired
What's hot in Windows security? New Microsoft Office Security Guide
Free HTML editor makes intranet updates a breeze

Microsoft Internet Explorer (IE)
Admins can wear many hats using Netcat
Patching third-party browsers adds more work in Windows shops
Four Internet Explorer 8 Group Policy security settings
Safe enterprise Web browsing: Five tips in five minutes
Top client security tips of 2006
General security configuration: Step 1
Protection against international domain names, URL handling: Step 3
ActiveX opt-ins, information bar and cross-domain protection: Step 4
Windows Vista and IE7: Step 5
Phishing filter: Step 2

RELATED GLOSSARY TERMS
Terms from Whatis.com − the technology online dictionary
system tray  (SearchEnterpriseDesktop.com)

RELATED RESOURCES
2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems
Search Bitpipe.com for the latest white papers and business webcasts
Whatis.com, the online computer dictionary




Windows Admin Solutions - User Management, Application Management, Windows Deployments
HomeTopicsITKnowledge ExchangeTipsMultimediaWhite PapersBlogs
About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
SEARCH 
TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Site Map




All Rights Reserved, Copyright 2008 - 2009, TechTarget | Read our Privacy Policy
  TechTarget - The IT Media ROI Experts