Export (0) Print
Expand All

Security Best Practices for C++ 

This topic contains information on recommended security tools and practices. Using these resources and tools doesn't make applications immune from attack, but it makes successful attacks less likely.

Visual C++ Security Features

This section discusses security features that are built into the Visual C++ compiler and linker.

/GS (Buffer Security Check)

This compiler option (which is on by default), instructs the compiler to inject overrun detection code into functions that are at risk of being exploited. When an overrun is detected, execution is halted.

/SAFESEH (Image has Safe Exception Handlers)

This linker option (which is not enabled by default), instructs the linker to include into the output image, a table containing the address of each exception handler. At runtime, the operating system uses this table to insure that only legitimate exception handlers are executed. This helps prevent the execution of exception handlers introduced by a runtime hacker attack.

/analyze (Enterprise Code Analysis)

This compiler option (which is not enabled by default) activates code analysis that reports potential security issues such as buffer overrun, un-initialized memory, null pointer dereferencing, and memory leaks. See Code Analysis for C/C++ Overview for more information.

Security-Enhanced CRT

For Visual C++ 2005, the C Runtime Library (CRT) has been augmented to include secure versions of functions that pose security risks. (The unchecked strcpy string copy function, for example.) The older, insecure versions of these functions are now deprecated, so their use results in compile-time warnings. Programmers are strongly encouraged to use the secure versions of these CRT functions rather than suppress these compilation warnings. See Security Enhancements in the CRT for more information.

Checked Iterators

With checked iterators, users of the Standard C++ Library container classes are notified of attempts to access elements outside the bounds of a container. See Checked Iterators for more information.

Code Analysis for Managed Code

Code Analysis for Managed Code, also known as FxCop, is a tool which checks assemblies for conformance to the Microsoft .NET Framework Design Guidelines. FxCop analyzes the code and metadata within each assembly to check for defects in the following areas:

  • Library design

  • Localization

  • Naming conventions

  • Performance

  • Security

Code Analysis for Managed Code is included in Visual Studio Team System, and can also be downloaded at http://www.gotdotnet.com/team/fxcop/.

Windows Application Verifier

Available as part of the Application Compatibility Toolkit, the Application Verifier (AppVerifier) is a tool that can help developers identify potential application compatibility, stability, and security issues.

The AppVerifier works by monitoring an application's use of the operating system, including the file system, registry, memory, and APIs, while the application is being run. The tool then provides guidance for source-code level fixes of the issues it uncovers.

The verifier lets you:

  • Test for potential application compatibility errors caused by common programming mistakes.

  • Examine an application for memory-related issues.

  • Determine an application's compliance with various requirements of the Designed for Windows XP or Certified for Windows Server™ 2003 Logo Programs.

  • Identify potential security issues in an application.

The Windows Application Verifier is available at http://www.microsoft.com/windows/appcompatibility/appverifier.mspx.

.NET Framework Security Features

This section gives an overview of two related .NET Framework security features.

Code Access Security

Describes the .NET Framework security system and how it interfaces with application code.

Configuring Security Policy

Describes guidelines and tools for adjusting .NET Framework security policies.

Windows User Accounts

Using Windows user accounts that belong to the Administrators group exposes developers and--by extension--customers to security risks. See Running as a Member of the Users Group for more information.

Increasing Security by Using User Account Control under Windows Vista

User Account Control (UAC) is a feature of Windows Vista in which user accounts have limited privileges. Detailed information about UAC can be found at http://go.microsoft.com/fwlink/?linkid=53781.

NoteNote

If you build a Visual C++ project on Windows Vista with UAC disabled, and you later enable UAC, you will need to clean and rebuild the project for it to work correctly.

See Also

Reference

System.Security

Other Resources

Securing Applications

Community Additions

ADD
Show:
© 2014 Microsoft