Secure Coding Techniques (Windows Embedded CE 6.0)
1/6/2010
The book Writing Secure Code by Michael Howard and David LeBlanc, Microsoft Press, 2002, is an excellent source of secure programming best practices. The book discusses the vulnerabilities of applications to malicious attacks and shows examples of code defects.
One important issue discussed in the book and often overlooked by application developers is buffer overruns. You should avoid using the following C/C++ functions. These functions can cause buffer overruns and cause your application to fail or enable code to be injected into your process space:
- strcpy
- strcat
- memcpy
- gets
- sprintf
- scanf
Be especially careful if you call any of the listed functions to copy data into a stack-based buffer. Generally, it is much easier to execute malicious code when the buffer is allocated on the stack, rather than memory allocated on the heap. For information on Strsafe functions which are alternatives to the standard C/C++ string functions, see Safe String Functions. Strsafe functions enable the safer handling of strings and are recommended for better security for your application.
As the original equipment manufacturer or application developer, you can use sample applications that come with Platform Builder to quickly build and test your application or operating system. To protect against security vulnerability, before you ship, you must replace the samples with your own application code that provides the appropriate security level that you require.