Add more security in Visual Studio 2012

• Compile flags:
  • /GS: Stack protection from buffer overrun.
  • /SDL: Subset of W3&W4 security warnings as errors.
  • Use warning 4.
  • /WX: Treat Warnings As Errors.
• Linker flags:
  • /DYNAMICBASE: Randomize module base address to ensure that our code is at different location each time it is loaded.
  • /NXCOMPAT: Data Execution Prevention to ensure that data is difficult to execute.
  • /SAFESEH: Secure Exception Handling. Project->Properties->Linker->Advanced->Image has Safe Exception Handlers.
• Using VS Code Analysis to find vulnerability.
• Including Banned.h in projects to find unsafe methods which are listed in Banned.h.
• Using BannedAPIextension to flag banned api use in editor. (only available for VS2010)
• Enable /SEHOP in registry setting:
  • 1. Click Start, click Run, type regedit, and
       then press ENTER.
    2. Locate the following registry subkey:
       HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\kernel\DisableExceptionChainValidation

       Note If you cannot find the DisableExceptionChainValidation registry entry under the

       HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\kernel\

       subkey, follow these steps to create it:

       1. Right-click kernel, point to New, and then click DWORD Value.
       2. Type DisableExceptionChainValidation, and then press ENTER.
    3. Double-click DisableExceptionChainValidation.
    4. Change the value of the DisableExceptionChainValidation registry entry to 0 to enable it, and then click OK. 
       
       
       
       Note A value of 1 disables the registry entry. A value of 0 enables it.