Application and platform security

Applications and platform security is the basis of preventing vulnerabilities and attacks. Learn the latest about applications attacks, secure software development, patch management, OS security, virtualization, open source security, API security, web app and server security and more.

December 01, 2021 01 Dec'21
BlackByte ransomware attacks exploiting ProxyShell flaws

Red Canary said BlackByte's campaign is using wormable ransomware against organizations vulnerable to ProxyShell flaws in Microsoft Exchange.
November 30, 2021 30 Nov'21
Windows Installer zero-day under active exploitation

McAfee said the Windows Installer vulnerability is being exploited in 23 countries around the world, including the United States, China, India and others.
November 23, 2021 23 Nov'21
Researcher drops instant admin Windows zero-day bug

A newly-disclosed zero-day vulnerability in Windows could potentially allow local users to elevate their permissions to administrator status, and Microsoft has yet to post a fix.
November 15, 2021 15 Nov'21
Microsoft releases out-of-band update for Windows Server

Less than a week after November's Patch Tuesday, Microsoft released an unscheduled security update for Windows Server to address an authentication vulnerability.

Bring yourself up to speed with our introductory content

cookie poisoning

Cookie poisoning is a type of cyber attack in which a bad actor hijacks, forges, alters or manipulates a cookie to gain unauthorized access to a user's account, open a new account in the user's name or steal the user's information for purposes such ... Continue Reading
content filtering

On the internet, content filtering -- also known as information filtering -- is the use of a program to screen and exclude from access or availability webpages or email that is deemed objectionable. Continue Reading
cross-site scripting (XSS)

Cross-site scripting (XSS) is a type of injection attack in which a threat actor inserts data, such as a malicious script, into content from otherwise trusted websites. Continue Reading

Weigh the pros and cons of technologies, products and projects you are considering.

Applying web application reconnaissance to offensive hacking

Learn how to apply web application reconnaissance fundamentals to improve both offensive and defensive hacking skills in an excerpt of 'Web Application Security' by Andrew Hoffman. Continue Reading
Collaboration is key to a secure web application architecture

Author Andrew Hoffman explains the importance of a secure web application architecture and how to achieve it through collaboration between software and security engineers. Continue Reading
Weighing remote browser isolation benefits and drawbacks

Remote browser isolation benefits end-user experience and an organization's network security. Compare the pros, cons and cost challenges before investing in the zero-trust approach. Continue Reading

Learn to apply best practices and optimize your operations.

5 principles for AppSec program maturity

Applications remain a top cause of external data breaches. Follow these five principles to achieve application security program maturity. Continue Reading
How to navigate cybersecurity product coverage

Cybersecurity tools are complex. It can be difficult for organizations to know which tools do what, and which tools they need -- or don't. Continue Reading
11 video conferencing security and privacy best practices

Video conferencing tools are a remote worker's lifeline. As such, it is essential to maintain their security. These 11 best practices will help ensure secure, private, video-enabled meetings. Continue Reading

We’ve gathered up expert advice and tips from professionals like you so that the answers you need are always available.

6 reasons unpatched software persists in the enterprise

Patching is like flossing -- everyone knows they should do it, yet too few do it often and well. Explore why unpatched software is still ubiquitous, despite the risks. Continue Reading
How to conduct security patch validation and verification

Learn about the verification and validation phases of the security patch deployment cycle, two steps key to ensuring an organization's patch management procedure is proactive. Continue Reading
Key security patch testing best practices

Every company has to update and patch its software, but unless the process is carefully managed, serious problems can occur. How can you make sure you're following the right steps? Continue Reading