Application and platform security
Applications and platform security is the basis of preventing vulnerabilities and attacks. Learn the latest about applications attacks, secure software development, patch management, OS security, virtualization, open source security, API security, web app and server security and more.
Top Stories
-
News
26 Nov 2024
Russian hackers exploit Firefox, Windows zero-days in wild
RomCom threat actors chain two Firefox and Windows zero-day vulnerabilities together in order to execute arbitrary code in vulnerable Mozilla browsers. Continue Reading
By- Alexander Culafi, Senior News Writer
-
News
22 Nov 2024
Volexity details Russia's novel 'Nearest Neighbor Attack'
The security company warned that the new attack style highlights the importance of securing Wi-Fi networks, implementing MFA and patching known vulnerabilities. Continue Reading
By- Arielle Waldman, News Writer
-
Tip
30 Mar 2010
Using Windows software restriction policies to stop executable code
Software restriction policies are one way to prevent known malware and file-sharing applications from taking control of your network. Continue Reading
By- Tom Chmielarski, Contributor
-
Quiz
19 Nov 2009
Quiz: How to build secure applications
Use this five-question quiz to test your knowledge of how to secure your enterprise apps. Continue Reading
-
Tip
03 Nov 2009
Security benefits of virtual desktop infrastructures
In a highly regulated industry where security is critical, financial-services firms are turning to virtual desktop infrastructures. In this tip, Eric Ogren explains the security benefits of virtualized desktops and virtual workspace projects, including malware-resistant software configurations and enhanced data loss prevention. Continue Reading
By- Eric Ogren, The Ogren Group
-
Tip
23 Sep 2009
Determine your Microsoft Windows patch level
A handful of patch management tools from Microsoft and third -parties can help your organization determine your Windows patch level and identify missing security patches. Continue Reading
By- Tony Bradley, Bradley Strategy Group
-
Answer
22 Sep 2009
How to prevent ActiveX security risks
Application expert Michael Cobb explains why ActiveX security relies entirely on human judgment. Continue Reading
By -
Tip
18 Jun 2009
When BIOS updates become malware attacks
Most security pros don't give the system BIOS a second thought, or even a first one, but today's BIOS types are highly susceptible to malicious hackers. Information security threats expert Sherri Davidoff explains how attackers can plant BIOS malware and how security pros can thwart such attacks. Continue Reading
By- Sherri Davidoff, LMG Security
-
Tip
02 Mar 2009
How many firewalls do you need?
Whether your organizations needs multiple sets of firewalls depends on whether they will protect clients, servers or both and what kind of traffic they will monitor. Continue Reading
By- Joel Snyder, Opus One
-
Answer
11 Feb 2009
How does a Web server model differ from an application server model?
A Web server model and an application server model share many similarities but require different defense methods. Each model, for example, calls for distinct placement of application servers. Continue Reading
By -
Answer
14 Oct 2008
What are the basics of a Web browser exploit?
John Strand explains how attackers target a flaw in either the browser or in an application that the browser calls to process a Web request. Continue Reading
By- John Strand, Black Hills Information Security
-
Definition
13 Aug 2008
honey monkey
A honey monkey is a virtual computer system that is programmed to lure, detect, identify and neutralize malicious activity on the Internet. The expression, coined by Microsoft, is based on the term honey pot, which refers to a computer system expressly set up to attract and "trap" people who attempt to penetrate other people's computers... (Continued) Continue Reading
-
Tip
19 May 2008
Ophcrack: Password cracking made easy
Scott Sidel examines the open source security tool Ophcrack, a password cracking tool aimed at ensuring the strength of corporate passwords. Continue Reading
By- Scott Sidel
-
Definition
08 Apr 2008
Open Source Hardening Project
The Open Source Hardening Project is an initiative of the United States Department of Homeland Security, created to improve the security of open source code. Because the infrastructure of the Internet, financial institutions and many other critcal systems in the U.S. run on open source software, the security of these applications is crucial... (Continued) Continue Reading
-
Answer
11 Feb 2008
What software development practices prevent input validation attacks?
Improper input validation leads to numerous kinds of attacks, including cross-site scripting, SQL injection and command injection. In this expert Q&A, Michael Cobb reviews the most important application development practices. Continue Reading
By- Ed Skoudis, SANS Technology Institute
-
Tip
17 Jan 2008
Developing a patch management policy for third-party applications
Enterprises may push the latest critical Windows patches once a month, but here's a dirty little secret: Most organizations don't bother patching their third-party applications. The diversity of client-side software -- including everything from Acrobat Reader to iTunes -- complicates matters, but security professionals shouldn't lose hope. Effective patch management for third-party products is possible, and contributor Ed Skoudis has the tools to do it. Continue Reading
By- Ed Skoudis, SANS Technology Institute
-
Tip
11 Oct 2007
Preparing for uniform resource identifier (URI) exploits
URIs have always been a user-friendly way to recognize and access Web resources. By crafting malicious URLs and manipulating protocol handlers, however, attackers have devised new attacks that take advantage of the URI's locator functionality. Web security expert Michael Cobb explains how the identifier exploits may start a fresh round of problems for developers and users alike. Continue Reading
By -
Answer
31 May 2007
What are the drawbacks to application firewalls?
Application-layer firewalls examine ingoing and outgoing traffic more carefully than traditional packet-filtering firewalls, so why are some holding back on deployment? In this SearchSecurity.com Q&A, Michael Cobb reveals some cost and performance issues. Continue Reading
By -
Answer
24 Apr 2007
What is an Nmap Maimon scan?
Systems are often designed to hide out on a network. In this SearchSecurity.com Q&A, network security expert Mike Chapple explains how Nmap Maimon scans can get a response out of them. Continue Reading
By- Mike Chapple, University of Notre Dame
-
Answer
17 Jan 2007
Will two different operating systems cause administrative problems?
Using two different operating systems can often boost a company's security, but there are practical limitations to the enterprise practice. In this expert Q&A, Michael Cobb reveals how separate platforms can lead to deployment issues and higher development costs. Continue Reading
By - Quiz 19 Jan 2006
-
Tip
15 Nov 2004
How to patch vulnerabilities and keep them sealed
Learn how to simplify the patch deployment process and employ methods that will reduce vulnerabilities. Continue Reading
By- George Wrenn, CISSP, ISSEP