How can I check security vulnerabilities with VC8-Collection of common programming errors
Buffer overflow checking (/GS flag) is enabled by default under VS 2005. /RTCsu gives you extra runtime error checking.
Visual Studio 2005, Team System edition, can also do static analysis of programs to warn you about vulnerabilities during compile time. The menu item is Build:Project Only:Run Code Analysis (/analyze flag). As an example, it warns on the following:
void
test(char* src){char dst[10]; strcpy( dst, src );
}