Cybersecurity attacks are one of the leading causes of intellectual property (IP) and productivity loss.
Autodesk has been making the investment in fortifying and securing AutoCAD-based products since the 2013 product releases through the introduction of these and other features:
- Safe mode - Restricts the loading of custom applications
- Trusted application locations and domains - Restricts the locations in which AutoCAD-based products can load custom applications
- Support for and validation of digitally signed applications - Identifies the company who authored\published the custom application and whether the file was altered after it was published
- Scan for vulnerable modules during development - Checks are made to verify the latest version of development libraries are being used prior to the product release
In order to truly secure AutoCAD-based applications, all entry points must be protected and those include custom and third-party applications. There are a number of tasks you should perform to help secure the applications you write and distribute, and those tasks are:
- Use security related compiler flags
- /GS – Enables the Stack Buffer Overrun Detection feature for your application to help minimize attempts by shell code to exploit a buffer overrun.
- /NXCOMPAT – Enables the Windows Data Execution Prevention feature which makes it difficult for data to be executed.
- /DYNAMICBASE – Enables the use of Address Space Layout Randomization (ASLR) which generates an executable image which can be randomly rebased at load time.
- /SAFESEH – Enables exception handler protection in 32-bit executables. Only exception handlers whose address is listed in the PE header are dispatched.
- /SDL – Enables Security Development Lifecycle (SDL) checks which include additional secure code-generation features and extra security related warnings.
- Add #define _SDL_BANNED_RECOMMENDED
- Include banned.h
- Support Structured Exception Handler Overwrite Protection (SEHOP) – A per-executable (EXE) registry entry that helps to protect against exception chain corruption without rebuilding your EXE files
- Digitally sign all executable (DLL/EXE/JS/…) files
- Validate any input before it is used
- Use the HTTPS protocol for accessing information over the network
- When utilizing a third-party and open source library, make sure the latest version is being used by your application and that the library is being maintained
- Check for any memory leaks utilizing the tools built into Microsoft Visual Studio or a third-party utility, such as Micro Focus DevPartner for Visual C++ / BoundsChecker Suite and TeamBLUE PurifyPlus
- Test your applications to make sure they work properly with the default values of the following settings:
- LEGACYCODESEARCH = 0 - Controls whether searching for executable files includes the folder from which the program is started.
- SECURELOAD = 1 - Controls whether AutoCAD loads executable files based on whether they are in a trusted folder.