Skip to main content Why Microsoft Security AI-powered cybersecurity Cloud security Data security & governance Identity & network access Privacy & risk management Security for AI Unified SecOps Zero Trust Microsoft Defender Microsoft Entra Microsoft Intune Microsoft Priva Microsoft Purview Microsoft Sentinel Microsoft Security Copilot Microsoft Entra ID (Azure Active Directory) Microsoft Entra Agent ID Microsoft Entra External ID Microsoft Entra ID Governance Microsoft Entra ID Protection Microsoft Entra Internet Access Microsoft Entra Private Access Microsoft Entra Permissions Management Microsoft Entra Verified ID Microsoft Entra Workload ID Microsoft Entra Domain Services Azure Key Vault Microsoft Sentinel Microsoft Defender for Cloud Microsoft Defender XDR Microsoft Defender for Endpoint Microsoft Defender for Office 365 Microsoft Defender for Identity Microsoft Defender for Cloud Apps Microsoft Security Exposure Management Microsoft Defender Vulnerability Management Microsoft Defender Threat Intelligence Microsoft Defender Suite for Business Premium Microsoft Defender for Cloud Microsoft Defender Cloud Security Posture Mgmt Microsoft Defender External Attack Surface Management Azure Firewall Azure Web App Firewall Azure DDoS Protection GitHub Advanced Security Microsoft Defender for Endpoint Microsoft Defender XDR Microsoft Defender for Business Microsoft Intune core capabilities Microsoft Defender for IoT Microsoft Defender Vulnerability Management Microsoft Intune Advanced Analytics Microsoft Intune Endpoint Privilege Management Microsoft Intune Enterprise Application Management Microsoft Intune Remote Help Microsoft Cloud PKI Microsoft Purview Communication Compliance Microsoft Purview Compliance Manager Microsoft Purview Data Lifecycle Management Microsoft Purview eDiscovery Microsoft Purview Audit Microsoft Priva Risk Management Microsoft Priva Subject Rights Requests Microsoft Purview Data Governance Microsoft Purview Suite for Business Premium Microsoft Purview data security capabilities Pricing Services Partners Cybersecurity awareness Customer stories Security 101 Product trials How we protect Microsoft Industry recognition Microsoft Security Insider Microsoft Digital Defense Report Security Response Center Microsoft Security Blog Microsoft Security Events Microsoft Tech Community Documentation Technical Content Library Training & certifications Compliance Program for Microsoft Cloud Microsoft Trust Center Security Engineering Portal Service Trust Portal Microsoft Secure Future Initiative Business Solutions Hub Contact Sales Start free trial Microsoft Security Azure Dynamics 365 Microsoft 365 Microsoft Teams Windows 365 Microsoft AI Azure Space Mixed reality Microsoft HoloLens Microsoft Viva Quantum computing Sustainability Education Automotive Financial services Government Healthcare Manufacturing Retail Find a partner Become a partner Partner Network Microsoft Marketplace Marketplace Rewards Software development companies Blog Microsoft Advertising Developer Center Documentation Events Licensing Microsoft Learn Microsoft Research View Sitemap

Microsoft’s Free Security Tools – banned.h

By Tim Rains

Content types

Topics

This article in our series focused on Microsoft’s free security tools is on the Security Development Lifecycle (SDL) banned.h header file. This is an important tool for developers who are trying to minimize the number of security vulnerabilities that exist in the C or C++ code they write.  It’s also important for IT Professionals to know about this tool as they can ask the ISVs and developers of the applications they deploy and operate in their environments whether they were developed using banned.h.

The banned.h header file is a sanitizing resource that is designed to help developers avoid using and help identify and remove banned functions from code that may lead to vulnerabilities. Banned functions are those calls in code that have been deemed dangerous by making it relatively easy to introduce vulnerabilities into code during development.  For example, if a developer decided to use the strcpy function in his/her code, using banned.h in the same application will generate error(s) when its recompiled telling the developer that strcpy has been deprecated.  When the developer investigates why the error is being generated, they will likely figure out that strcpy has been replaced with a more secure version called strcpy_s, that makes it more difficult to make mistakes that lead to simple buffer overflows.

Any code that is exposed to the internet or is used to process personally identifiable information should be verified to see if banned application programming interfaces (APIs) are present.  By removing banned APIs, developers can help minimize an application’s risk exposure and ultimately improve the customer experience.

Banned.h is designed to provide a list of all banned APIs so that developers can quickly locate them in the code and address each accordingly.  To illustrate how banned.h works, I’ve provide a screen shot below of an application loaded into a compiler using banned.h.

In this example we have inserted the following code (circled in Red):

#include “banned.h”

Then by recompiling the code we can see which APIs have been banned by the Microsoft Security Development Lifecycle. In the example above, we can see the banned APIs in the Output box highlighted in Red at the bottom of the screen shot.  Existing code that has banned APIs identified should either be replaced with a more secure version or re-architected so that the banned function is not used.

If you are interested in learning more about the Security Development Lifecycle Banned.h header file, I encourage you to check out these resources:

Tim Rains
Director, Trustworthy Computing

Avatar of Tim Rains

Tim Rains

See Tim Rains posts

Related posts

Get started with Microsoft Security

Protect your people, data, and infrastructure with AI-powered, end-to-end security from Microsoft.

Learn how

Connect with us on social

Surface Pro Surface Laptop Surface Laptop Studio 2 Copilot for organizations Copilot for personal use AI in Windows Explore Microsoft products Windows 11 apps Account profile Download Center Microsoft Store support Returns Order tracking Certified Refurbished Microsoft Store Promise Flexible Payments Microsoft in education Devices for education Microsoft Teams for Education Microsoft 365 Education How to buy for your school Educator training and development Deals for students and parents AI for education
Microsoft AI Microsoft Security Dynamics 365 Microsoft 365 Microsoft Power Platform Microsoft Teams Microsoft 365 Copilot Small Business Azure Microsoft Developer Microsoft Learn Support for AI marketplace apps Microsoft Tech Community Microsoft Marketplace Marketplace Rewards Visual Studio Careers About Microsoft Company news Privacy at Microsoft Investors Diversity and inclusion Accessibility Sustainability
English (United States)
Your Privacy Choices Opt-Out Icon Your Privacy Choices
Consumer Health Privacy Sitemap Contact Microsoft Privacy Manage cookies Terms of use Trademarks Safety & eco Recycling About our ads