Application and platform security

Applications and platform security is the basis of preventing vulnerabilities and attacks. Learn the latest about applications attacks, secure software development, patch management, OS security, virtualization, open source security, API security, web app and server security and more.

Top Stories

News 12 Nov 2024
Microsoft halts 2 zero-days on November Patch Tuesday

The company addressed 88 vulnerabilities, including an Exchange Server spoofing flaw and a significant number of SQL Server bugs, this month. Continue Reading
By
- Tom Walat, Site Editor
News 07 Nov 2024
Google DORA issues platform engineering caveats

As with generative AI, the same techniques that can boost enterprise developer productivity can also slow and destabilize overall software delivery. Continue Reading
By
- Beth Pariseau, Senior News Writer

Answer 14 Oct 2008
What are the basics of a Web browser exploit?

John Strand explains how attackers target a flaw in either the browser or in an application that the browser calls to process a Web request. Continue Reading
By
- John Strand, Black Hills Information Security
Definition 13 Aug 2008
honey monkey

A honey monkey is a virtual computer system that is programmed to lure, detect, identify and neutralize malicious activity on the Internet. The expression, coined by Microsoft, is based on the term honey pot, which refers to a computer system expressly set up to attract and "trap" people who attempt to penetrate other people's computers... (Continued) Continue Reading
By
- TechTarget Contributor
Tip 19 May 2008
Ophcrack: Password cracking made easy

Scott Sidel examines the open source security tool Ophcrack, a password cracking tool aimed at ensuring the strength of corporate passwords. Continue Reading
By
- Scott Sidel
Definition 08 Apr 2008
Open Source Hardening Project

The Open Source Hardening Project is an initiative of the United States Department of Homeland Security, created to improve the security of open source code. Because the infrastructure of the Internet, financial institutions and many other critcal systems in the U.S. run on open source software, the security of these applications is crucial... (Continued) Continue Reading
By
- TechTarget Contributor
Answer 11 Feb 2008
What software development practices prevent input validation attacks?

Improper input validation leads to numerous kinds of attacks, including cross-site scripting, SQL injection and command injection. In this expert Q&A, Michael Cobb reviews the most important application development practices. Continue Reading
By
- Ed Skoudis, SANS Technology Institute
Tip 17 Jan 2008
Developing a patch management policy for third-party applications

Enterprises may push the latest critical Windows patches once a month, but here's a dirty little secret: Most organizations don't bother patching their third-party applications. The diversity of client-side software -- including everything from Acrobat Reader to iTunes -- complicates matters, but security professionals shouldn't lose hope. Effective patch management for third-party products is possible, and contributor Ed Skoudis has the tools to do it. Continue Reading
By
- Ed Skoudis, SANS Technology Institute
Tip 11 Oct 2007
Preparing for uniform resource identifier (URI) exploits

URIs have always been a user-friendly way to recognize and access Web resources. By crafting malicious URLs and manipulating protocol handlers, however, attackers have devised new attacks that take advantage of the URI's locator functionality. Web security expert Michael Cobb explains how the identifier exploits may start a fresh round of problems for developers and users alike. Continue Reading
By
- Michael Cobb
Answer 31 May 2007
What are the drawbacks to application firewalls?

Application-layer firewalls examine ingoing and outgoing traffic more carefully than traditional packet-filtering firewalls, so why are some holding back on deployment? In this SearchSecurity.com Q&A, Michael Cobb reveals some cost and performance issues. Continue Reading
By
- Michael Cobb
Answer 24 Apr 2007
What is an Nmap Maimon scan?

Systems are often designed to hide out on a network. In this SearchSecurity.com Q&A, network security expert Mike Chapple explains how Nmap Maimon scans can get a response out of them. Continue Reading
By
- Mike Chapple, University of Notre Dame
Answer 17 Jan 2007
Will two different operating systems cause administrative problems?

Using two different operating systems can often boost a company's security, but there are practical limitations to the enterprise practice. In this expert Q&A, Michael Cobb reveals how separate platforms can lead to deployment issues and higher development costs. Continue Reading
By
- Michael Cobb
Quiz 19 Jan 2006

Web application threats and vulnerabilities quiz answers

Continue Reading
Tip 15 Nov 2004
How to patch vulnerabilities and keep them sealed

Learn how to simplify the patch deployment process and employ methods that will reduce vulnerabilities. Continue Reading
By
- George Wrenn, CISSP, ISSEP