Justin T. Ho

August 14, 2006

@ 10:48 AM

Comments [0]

Writing Secure Code

Post Revisions

Posted February 28th 2006
Updated August 14th 2006

Links

10 Security Tips: Defend Your Code with Top Ten Security Tips Every Developer Must Know
Secure Coding Guidelines for the .NET Framework
Designing Application-Managed Authorization
Using the Strsafe.h Functions
XSS, Cookies, and Session ID (added August 14th 2006)

More: http://msdn.microsoft.com/security/securecode/default.aspx

Insecure
void DoSomething(char *cBuffSrc, DWORD cbBuffSrc) {
char cBuffDest[32];
memcpy(cBuffDest,cBuffSrc,cbBuffSrc);
}

Secure
void DoSomething(char *cBuffSrc, DWORD cbBuffSrc) {
    const DWORD cbBuffDest = 32;
    char cBuffDest[cbBuffDest];
#ifdef _DEBUG
    memset(cBuffDest, 0x33, cbBuffSrc);
#endif
    memcpy(cBuffDest, cBuffSrc, min(cbBuffDest, cbBuffSrc));
}

Categories: IT

« DNS and Domain Mail Tools | Home | Powerline Networking Improves - NetGear ... »

Tightness is key

Navigation for Justin T. Ho - Writing Secure Code