Add more security in Visual Studio 2012

• Compile flags:
  • /GS: stack protection from buffer overrun.
  • /SDL: subset of W3 & W4 security warnings as errors.
  • Use warning 4.
  • /Wx: Treat warnings as errors.
• Linker flags:
  • /Dynamicbase: randomize Module Base Address to ensure that our code is at different location each time it is loaded.
  • /Nxcompat: Data Execution Prevention to ensure that data is difficult to execute.
  • /Safeseh: Secure exception handling.Project-> properties-> linker-> advanced-> image has safe exception handlers.
• Using vs code analysis to find vulnerability.
• Including banned. h in projects to find unsafe methods which are listed in banned. h.
• Using bannedapiextension to flag banned API use in editor. (only available for vs2010)
• Enable/sehop in registry setting:
  • 2. ClickStart, ClickRun, TypeRegedit, And then press Enter.
    3. Locate the following registry subkey: HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ Session Manager \ kernel \ disableexceptionchainvalidation Note If you cannot find Disableexceptionchainvalidation Registry entry under thehkey_local_machine \ System \ CurrentControlSet \ Control \ Session Manager \ kernel \ subkey, follow these steps to create it:
       1. Right-clickKernel, PointNew, And then clickDWORD Value.
       2. TypeDisableexceptionchainvalidation, And then press Enter.
    5. Double-clickDisableexceptionchainvalidation.
    7. Change the value ofDisableexceptionchainvalidationRegistry entry to 0 to enable it, and then clickOK.
       
       NoteA value of 1 disables the registry entry. A value of 0 enables it.