Canary comes from a bird name called the Canary.
Canary is used for Protecting Stack buffer.

If we exploit RAO(Return Address Overwrite), We put a bunch of data into the buffer up to the return address.
so that we can exploit what we want to execute code.

BUT, What if there is a kind of Barrier like It is compromised when something is tampered with.
YES, The barrier is called the Canary.

mov rax,QWORD PTR fs:0x28
mov [rbp-0x8], rax

Process read a Canary value from fs:0x28.

mov rcx, QWORD PTR [rbp-0x8]
xor rcx, QWORD PTR fs:0x28
je CODE

If rcx, value of rbp-0x8, is same with fs:0x28, it means Canary hasn't been tampered with!