|Important||This document may not represent best practices for current development, links to downloads and other resources may no longer be valid. Current recommended version can be found here.|
Security Best Practices for C++
This topic contains information about recommended security tools and practices. Using these resources and tools does not make applications immune from attack, but it makes successful attacks less likely.
For Visual C++ 2005, the C Runtime Library (CRT) has been augmented to include secure versions of functions that pose security risks. (The unchecked strcpy string copy function, for example.) The older, nonsecure versions of these functions are now deprecated, and therefore their use causes compile-time warnings. Programmers are strongly encouraged to use the secure versions of these CRT functions rather than suppress these compilation warnings. See Security Enhancements in the CRT for more information.
With checked iterators, users of the Standard C++ Library container classes are notified of attempts to access elements outside the bounds of a container. See Checked Iterators for more information.
Code Analysis for Managed Code, also known as FxCop, is a tool which checks assemblies for conformance to the Microsoft .NET Framework Design Guidelines. FxCop analyzes the code and metadata within each assembly to check for defects in the following areas:
Code Analysis for Managed Code is included in Visual Studio Team System, and can also be downloaded at http://www.gotdotnet.com/team/fxcop/.
Available as part of the Application Compatibility Toolkit, the Application Verifier (AppVerifier) is a tool that can help developers identify potential application compatibility, stability, and security issues.
The AppVerifier works by monitoring an application's use of the operating system, including the file system, registry, memory, and APIs, while the application is running. The tool provides guidance for source-code level fixes of the issues it uncovers.
The verifier lets you perform the following:
Test for potential application compatibility errors caused by common programming mistakes.
Examine an application for memory-related issues.
Determine an application's compliance with various requirements of the Designed for Windows XP or Certified for Windows Server™ 2003 Logo Programs.
Identify potential security issues in an application.
The Windows Application Verifier is available at http://www.microsoft.com/windows/appcompatibility/appverifier.mspx.
Using Windows user accounts that belong to the Administrators group exposes developers and--by extension--customers to security risks. See Running as a Member of the Users Group for more information.
User Account Control (UAC) is a feature of Windows Vista in which user accounts have limited privileges. For more information, see How User Account Control (UAC) Affects Your Application.