{"id":184,"date":"2012-08-30T02:00:00","date_gmt":"2012-08-30T02:00:00","guid":{"rendered":"http:\/\/marcbook.local\/wds\/playground\/cybertrust\/2012\/08\/30\/microsofts-free-security-tools-banned-h\/"},"modified":"2023-05-15T23:06:25","modified_gmt":"2023-05-16T06:06:25","slug":"microsofts-free-security-tools-banned-h","status":"publish","type":"post","link":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2012\/08\/30\/microsofts-free-security-tools-banned-h\/","title":{"rendered":"Microsoft\u2019s Free Security Tools \u2013 banned.h"},"content":{"rendered":"

This article in our series focused on Microsoft\u2019s free security tools is on the Security Development Lifecycle (SDL) banned.h header file. This is an important tool for developers who are trying to minimize the number of security vulnerabilities that exist in the C or C++ code they write.\u00a0 It\u2019s also important for IT Professionals to know about this tool as they can ask the ISVs and developers of the applications they deploy and operate in their environments whether they were developed using banned.h.<\/p>\n

The banned.h header file is a sanitizing resource that is designed to help developers avoid using and help identify and remove banned functions from code that may lead to vulnerabilities. Banned functions are those calls in code that have been deemed dangerous by making it relatively easy to introduce vulnerabilities into code during development.\u00a0 For example, if a developer decided to use the strcpy<\/a> function in his\/her code, using banned.h in the same application will generate error(s) when its recompiled telling the developer that strcpy has been deprecated.\u00a0 When the developer investigates why the error is being generated, they will likely figure out that strcpy has been replaced with a more secure version called strcpy_s<\/a>, that makes it more difficult to make mistakes that lead to simple buffer overflows.<\/p>\n

Any code that is exposed to the internet or is used to process personally identifiable information should be verified to see if banned application programming interfaces (APIs) are present.\u00a0 By removing banned APIs, developers can help minimize an application\u2019s risk exposure and ultimately improve the customer experience.<\/p>\n

Banned.h is designed to provide a list of all banned APIs so that developers can quickly locate them in the code and address each accordingly.\u00a0 To illustrate how banned.h works, I\u2019ve provide a screen shot below of an application loaded into a compiler using banned.h.<\/p>\n

\"\"<\/a><\/p>\n

In this example we have inserted the following code (circled in Red):<\/p>\n

#include \u201cbanned.h\u201d<\/p>\n

Then by recompiling the code we can see which APIs have been banned by the Microsoft Security Development Lifecycle. In the example above, we can see the banned APIs in the Output box highlighted in Red at the bottom of the screen shot.\u00a0 Existing code that has banned APIs identified should either be replaced with a more secure version or re-architected so that the banned function is not used.<\/p>\n

If you are interested in learning more about the Security Development Lifecycle Banned.h header file, I encourage you to check out these resources:<\/p>\n

Tim Rains
\nDirector, Trustworthy Computing<\/p>\n","protected":false},"excerpt":{"rendered":"

This article in our series<\/a> focused on Microsoft’s free security tools is on the Security Development Lifecycle (SDL) banned.h header file<\/a>. This is an important tool for developers who are trying to minimize the number of security vulnerabilities that exist in the C or C++ code they write.  It’s also important for IT Professionals to know about this tool as they can ask the ISVs and developers of the applications they deploy and operate in their environments whether they were developed using banned.h.<\/p>\n","protected":false},"author":61,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"ep_exclude_from_search":false,"_classifai_error":"","footnotes":""},"content-type":[3663],"topic":[3687],"products":[],"threat-intelligence":[3732],"tags":[],"coauthors":[1954],"class_list":["post-184","post","type-post","status-publish","format-standard","hentry","content-type-research","topic-threat-intelligence","threat-intelligence-influence-operations"],"yoast_head":"\nMicrosoft\u2019s Free Security Tools \u2013 banned.h | Microsoft Security Blog<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2012\/08\/30\/microsofts-free-security-tools-banned-h\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Microsoft\u2019s Free Security Tools \u2013 banned.h | Microsoft Security Blog\" \/>\n<meta property=\"og:description\" content=\"This article in our series focused on Microsoft’s free security tools is on the Security Development Lifecycle (SDL) banned.h header file. This is an important tool for developers who are trying to minimize the number of security vulnerabilities that exist in the C or C++ code they write.  It’s also important for IT Professionals to know about this tool as they can ask the ISVs and developers of the applications they deploy and operate in their environments whether they were developed using banned.h.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2012\/08\/30\/microsofts-free-security-tools-banned-h\/\" \/>\n<meta property=\"og:site_name\" content=\"Microsoft Security Blog\" \/>\n<meta property=\"article:published_time\" content=\"2012-08-30T02:00:00+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2023-05-16T06:06:25+00:00\" \/>\n<meta property=\"og:image\" content=\"http:\/\/blogs.microsoft.com\/wp-content\/uploads\/2012\/08\/7268.untitled.png\" \/>\n<meta name=\"author\" content=\"Tim Rains\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Tim Rains\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2012\/08\/30\/microsofts-free-security-tools-banned-h\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2012\/08\/30\/microsofts-free-security-tools-banned-h\/\"},\"author\":[{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/author\/timrains\/\",\"@type\":\"Person\",\"@name\":\"Tim Rains\"}],\"headline\":\"Microsoft\u2019s Free Security Tools \u2013 banned.h\",\"datePublished\":\"2012-08-30T02:00:00+00:00\",\"dateModified\":\"2023-05-16T06:06:25+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2012\/08\/30\/microsofts-free-security-tools-banned-h\/\"},\"wordCount\":438,\"publisher\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2012\/08\/30\/microsofts-free-security-tools-banned-h\/#primaryimage\"},\"thumbnailUrl\":\"http:\/\/blogs.microsoft.com\/wp-content\/uploads\/2012\/08\/7268.untitled.png\",\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2012\/08\/30\/microsofts-free-security-tools-banned-h\/\",\"url\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2012\/08\/30\/microsofts-free-security-tools-banned-h\/\",\"name\":\"Microsoft\u2019s Free Security Tools \u2013 banned.h | Microsoft Security Blog\",\"isPartOf\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2012\/08\/30\/microsofts-free-security-tools-banned-h\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2012\/08\/30\/microsofts-free-security-tools-banned-h\/#primaryimage\"},\"thumbnailUrl\":\"http:\/\/blogs.microsoft.com\/wp-content\/uploads\/2012\/08\/7268.untitled.png\",\"datePublished\":\"2012-08-30T02:00:00+00:00\",\"dateModified\":\"2023-05-16T06:06:25+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2012\/08\/30\/microsofts-free-security-tools-banned-h\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2012\/08\/30\/microsofts-free-security-tools-banned-h\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2012\/08\/30\/microsofts-free-security-tools-banned-h\/#primaryimage\",\"url\":\"http:\/\/blogs.microsoft.com\/wp-content\/uploads\/2012\/08\/7268.untitled.png\",\"contentUrl\":\"http:\/\/blogs.microsoft.com\/wp-content\/uploads\/2012\/08\/7268.untitled.png\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2012\/08\/30\/microsofts-free-security-tools-banned-h\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Microsoft\u2019s Free Security Tools \u2013 banned.h\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#website\",\"url\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/\",\"name\":\"Microsoft Security Blog\",\"description\":\"Expert coverage of cybersecurity topics\",\"publisher\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#organization\",\"name\":\"Microsoft Security Blog\",\"url\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/08\/cropped-cropped-microsoft_logo_element.png\",\"contentUrl\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/08\/cropped-cropped-microsoft_logo_element.png\",\"width\":512,\"height\":512,\"caption\":\"Microsoft Security Blog\"},\"image\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#\/schema\/logo\/image\/\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Microsoft\u2019s Free Security Tools \u2013 banned.h | Microsoft Security Blog","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2012\/08\/30\/microsofts-free-security-tools-banned-h\/","og_locale":"en_US","og_type":"article","og_title":"Microsoft\u2019s Free Security Tools \u2013 banned.h | Microsoft Security Blog","og_description":"This article in our series focused on Microsoft’s free security tools is on the Security Development Lifecycle (SDL) banned.h header file. This is an important tool for developers who are trying to minimize the number of security vulnerabilities that exist in the C or C++ code they write.  It’s also important for IT Professionals to know about this tool as they can ask the ISVs and developers of the applications they deploy and operate in their environments whether they were developed using banned.h.","og_url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2012\/08\/30\/microsofts-free-security-tools-banned-h\/","og_site_name":"Microsoft Security Blog","article_published_time":"2012-08-30T02:00:00+00:00","article_modified_time":"2023-05-16T06:06:25+00:00","og_image":[{"url":"http:\/\/blogs.microsoft.com\/wp-content\/uploads\/2012\/08\/7268.untitled.png"}],"author":"Tim Rains","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Tim Rains","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2012\/08\/30\/microsofts-free-security-tools-banned-h\/#article","isPartOf":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2012\/08\/30\/microsofts-free-security-tools-banned-h\/"},"author":[{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/author\/timrains\/","@type":"Person","@name":"Tim Rains"}],"headline":"Microsoft\u2019s Free Security Tools \u2013 banned.h","datePublished":"2012-08-30T02:00:00+00:00","dateModified":"2023-05-16T06:06:25+00:00","mainEntityOfPage":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2012\/08\/30\/microsofts-free-security-tools-banned-h\/"},"wordCount":438,"publisher":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#organization"},"image":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2012\/08\/30\/microsofts-free-security-tools-banned-h\/#primaryimage"},"thumbnailUrl":"http:\/\/blogs.microsoft.com\/wp-content\/uploads\/2012\/08\/7268.untitled.png","inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2012\/08\/30\/microsofts-free-security-tools-banned-h\/","url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2012\/08\/30\/microsofts-free-security-tools-banned-h\/","name":"Microsoft\u2019s Free Security Tools \u2013 banned.h | Microsoft Security Blog","isPartOf":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2012\/08\/30\/microsofts-free-security-tools-banned-h\/#primaryimage"},"image":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2012\/08\/30\/microsofts-free-security-tools-banned-h\/#primaryimage"},"thumbnailUrl":"http:\/\/blogs.microsoft.com\/wp-content\/uploads\/2012\/08\/7268.untitled.png","datePublished":"2012-08-30T02:00:00+00:00","dateModified":"2023-05-16T06:06:25+00:00","breadcrumb":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2012\/08\/30\/microsofts-free-security-tools-banned-h\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.microsoft.com\/en-us\/security\/blog\/2012\/08\/30\/microsofts-free-security-tools-banned-h\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2012\/08\/30\/microsofts-free-security-tools-banned-h\/#primaryimage","url":"http:\/\/blogs.microsoft.com\/wp-content\/uploads\/2012\/08\/7268.untitled.png","contentUrl":"http:\/\/blogs.microsoft.com\/wp-content\/uploads\/2012\/08\/7268.untitled.png"},{"@type":"BreadcrumbList","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2012\/08\/30\/microsofts-free-security-tools-banned-h\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/"},{"@type":"ListItem","position":2,"name":"Microsoft\u2019s Free Security Tools \u2013 banned.h"}]},{"@type":"WebSite","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#website","url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/","name":"Microsoft Security Blog","description":"Expert coverage of cybersecurity topics","publisher":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#organization","name":"Microsoft Security Blog","url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/08\/cropped-cropped-microsoft_logo_element.png","contentUrl":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/08\/cropped-cropped-microsoft_logo_element.png","width":512,"height":512,"caption":"Microsoft Security Blog"},"image":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#\/schema\/logo\/image\/"}}]}},"msxcm_display_generated_audio":false,"distributor_meta":false,"distributor_terms":false,"distributor_media":false,"distributor_original_site_name":"Microsoft Security Blog","distributor_original_site_url":"https:\/\/www.microsoft.com\/en-us\/security\/blog","push-errors":false,"_links":{"self":[{"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/posts\/184"}],"collection":[{"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/users\/61"}],"replies":[{"embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/comments?post=184"}],"version-history":[{"count":0,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/posts\/184\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/media?parent=184"}],"wp:term":[{"taxonomy":"content-type","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/content-type?post=184"},{"taxonomy":"topic","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/topic?post=184"},{"taxonomy":"products","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/products?post=184"},{"taxonomy":"threat-intelligence","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/threat-intelligence?post=184"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/tags?post=184"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/coauthors?post=184"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}