Call to Action

Previous page
Table of content
Next page

  • Consider using SAL for any new code, and annotate functions that take writeable buffers as arguments. Consider annotating readable buffers too.

  • Over time you should remove all banned APIs from your C and C++ codebase. Use the list provided at http://msdn.microsoft.com/security as a starting list. Functions like strcpy and strcat should be removed first because they are most prone to error.

  • Over time you should remove all banned cryptography from your codebase. Use the list of banned cryptographic algorithms provided at http://msdn.microsoft.com/security. Also start planning for cryptoagility.

  • Determine as soon as possible a good toolset to use, and draw up a list of warnings you consider heinous. Any error or warning that relates to buffer overruns or integer overflow problems should be top of the list to fix.

  • Compile your code with /GS, and link with /SafeSEH, /DynamicBase and /NXCompat.


Previous page
Table of content
Next page
Writing Secure Code for Windows Vista
Writing Secure Code for Windows Vista (Best Practices (Microsoft))
ISBN: 0735623937
EAN: 2147483647
Year: 2004
Pages: 122
Authors: Michael Howard, David LeBlanc
BUY ON AMAZON
OpenSSH: A Survival Guide for Secure Shell Handling (Version 1.0)
Introduction to 80x86 Assembly Language and Computer Architecture
AutoCAD 2005 and AutoCAD LT 2005. No Experience Required
Web Systems Design and Online Consumer Behavior
HTI+ Home Technology Integrator & CEDIA Installer I All-In-One Exam Guide
Digital Character Animation 3 (No. 3)
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy