Updated Banned API Documentation Available

Hi, Michael Howard here.

One very low-cost and low-friction SDL task that has high impact is removing (and not adding) banned functionality. The most common examples of banned functionality include various C runtime functions, such as strcpy(), strcat(), strncpy(), sprint(), gets() and their evil brethren; and weak crypto algorithms, such as DES, MD4 and SHA-1.

Over the years, I have shepherded the banned API requirement through the SDL, making updates along the way. One of the biggest changes in recent years (other than adding memcpy() to the list) is a separation of ‘required banned’ functions and ‘recommended banned’ functions. The reason for this change is some functions are a ‘clear and present danger’ and should never be used in any code. Ever. E.V.E.R! This is the SDL ‘required banned’ list.

Other C runtime functions pose less of a risk; but in high-risk code, or code with a very high attack surface, they should be considered for removal, and certainly not added to new code in the first place. This is the SDL ‘recommended banned’ list.

We have created an update to the original banned API and recommended replacements list. That updated text is here and the header file is here.

Feel free to leave a note if you have a question of comment

- Michael

About the Author
Michael Howard

Principal Security Program Manager

Michael Howard is a principal security program manager on the Trustworthy Computing (TwC) Security team at Microsoft, where he is responsible for managing secure design, programming, and testing techniques across the company. Michael is an architect of the Security Development Read more »

Join the conversation

2 comments
  1. Anonymous

    The header file link is to

    Version:  2.0

    Date Published:  12/15/2010

    Is this the new version, or should we be waiting for a 2.1/3.0 to appear on Microsoft Downloads?

  2. michael_HOWARD

    Josh – the header is current, the doc was old, but we figured we'd point out the header anyway :)

    - michael

Comments are closed.