by Jorge R
The topic of my article this week talks about the security implementation in Visual Studio has in place to counter security threats. The author explains that the most common attack on website is the buffer overflow. Which is done by overwriting the buffer storing return address with the substring of source code. This attack changes the control flow by the attack which is then given full control over the software. In a attempt to stop these attacks researchers have designs new defensive techniques to stop hacker. These techniques include boundary checking, source backup, memory access control, address randomization, modification detecting, and instruction scrambling. The GS tool in Visual studio for C/C++ compiler is a useful tool for developers to write secure software. The problem upon using GS is the fact that it only defeats half the problem with buffer overflows. It cannot prevent a called function from manipulating the callers frame pointer. With these issues at hand Microsoft has taken the step to address these issues and help developers writer secure programs. With Visual Studios new updates, it has the ability to, “protect the caller’s frame pointer from callee’s tampering at no additional cost”. It also has the ability to generate higher security strength while alleviating the denial of service attack by analyzing the indirect function call by the prologue pattern.
While this side of Visual Studio does not deal with Visual Basic or web design, I found it to be an interesting article because it showcases how powerful Visual Studio is. While we are only going into dept on Visual Basic coding, Visual Studio has an array of extra features to help developers write software that is secure and complex. This article pertains to the class because it shows students the other side of Visual Studio which showcases program development. This can be useful in other classes or in the real world when we are being conflicted with a security problem.
Dong, Y. (2009, May 20). Enhancing Security Check in Visual Studio C/C++ Compiler . Software Engineering, 2009. WCSE ’09. WRI World Congress on. Retrieved May 25, 2012, from 0-ieeexplore.ieee.org.opac.library.csupomona.edu/xpl/articleDetails.jsp?tp=&arnumber=5319513&contentType=Conference+Publications&searchField%3DSearch_All%26queryText%3DVisual+Studio