In recent years, computer security is becoming increasingly important as more and morebusiness is conducted over the Internet. However, the current security situation is not so satisfied as software today is massive and inevitably introduces software vulnerabilities, e.g.,buffer overflow and format string, which could hence cause many security attacks, such asserver break-in, denial-of-service, zombies, and botnet. As a result, how to eliminate ormitigate these vulnerabilities is a great challenge for security researchers and practitioners. In this dissertation, we explored dynamic software vulnerability prevention technology,and propose three novel tools, i.e., LibsafeXP, FASTV, and DSPF, to defend against bufferoverflow and format string attacks. As dynamic shared library and an extension to Libsafeand LibsafePlus, LibsafeXP contains wrapper functions for all the buffer related functionsin C Standard Library. These wrapper functions are enforced to check the source and tar-get buffers size using the following information: global buffer knowledge extracted fromthe program symbol information, heap buffer knowledge by intercepting memory alloca-tion family functions, and stack buffer bound information by dynamically determined fromthe frame pointer, for the buffer overflow defense. Similar to LibsafeXP,FASTV (FormatString Taint and Validation) also works as a shared library. By leveraging library interpo-sition and ELF binary analysis, FASTV taint all the entrusted user-supplied data as wellas their propagations during program execution, and adds a security validation layer to theprintf-family functions in C Standard Library in order to enforce a flexible policy todetect the format string attack on the basis of whether the format string has been taintedand contains dangerous format specifiers. For DSPF (Dynamic Software Patching Frame-work), it is a practical framework to immunize software security vulnerabilities on the flyDSPF achieves the vulnerability immunization by using a security antibody, which canbe implemented independently from the protected software and is used to defend againstvulnerability exploitations. As DSPF employs in-core patching technique to attach the an-tibody quietly into running process, and it neither needs to re-compile nor re-execute theprotected software. Compared with other approaches, these three tools offer several advantages. First, Lib-safeXP, FASTV and DSPF all works at binary level, and they do neither require the knowl-edge of the application nor any modification to the program source code, and can thereforealso be used with legacy applications, including proprietary and commodity programs forwhich no source code is available. Second, these three tools are all highly effective againstreal-world attacks. We collected many notable buffer overflow and format string attacks totest our tools, and LibsafeXP and FASTV both can successfully prevent all of them. ForDSPF, it aims to address non-stoppable software protections and is also highly effective inour experiment, by extending Libsafe as the test security antibody. Third, for protections,users only need to set the environment variable and restart the program to use LibsafeXPand FASTV Moreover, they both can be simply set for the protection of either specific pro-gram or all processes on the machine. Even simpler, users only need to inject the antibodyto vulnerable software when using DSPF. At last, as shown in our the experiment, all ofthem (including DSPF) impose little performance overhead (no more than 10 percent) onthe protected software.