Get full access to Hands-On Security in DevOps and 60K+ other titles, with a free 10-day trial of O'Reilly.

There are also live events, courses curated by job role, and more.

Secure compiling

Memory corruption and buffer overflow may result in exploit code injection attacks. For the C/C++ programming language, these can be protected by compiler options. By a properly secured configuration of a C/C++ compiler (GCC, MS Visual Studio), the application will be able to add an additional layer of runtime defenses against exploit code injection attacks. These are also mostly ignored by a development team. The common secure options are summarized in the following table:

Protection techniques

Secure options

OS/Compiler

Address Space Layout Randomization (ASLR)

echo 1 >/proc/sys/kernel/randomize_va_space

Android, Linux OS

Stack-based buffer overrun protection

-fstack-protector

–fstack-protector-all ...

Get Hands-On Security in DevOps now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Don’t leave empty-handed

Get Mark Richards’s Software Architecture Patterns ebook to better understand how to design components—and how they should interact.

It’s yours, free.

Get it now

Check it out now on O’Reilly

Dive in for free with a 10-day trial of the O’Reilly learning platform—then explore all the other resources our members count on to build skills and solve problems every day.

Start your free trial Become a member now