Application and platform security
Applications and platform security is the basis of preventing vulnerabilities and attacks. Learn the latest about applications attacks, secure software development, patch management, OS security, virtualization, open source security, API security, web app and server security and more.
Top Stories
-
News
20 Nov 2024
Apple warns 2 macOS zero-day vulnerabilities under attack
The macOS Sequoia vulnerabilities are the latest to be targeted and exploited by threat actors as cybersecurity vendors report a shift in the landscape. Continue Reading
By- Arielle Waldman, News Writer
-
Tip
20 Nov 2024
User provisioning and deprovisioning: Why it matters for IAM
Overprivileged and orphaned user identities pose risks. Cybersecurity teams should be sure user profiles grant only appropriate access -- and only for as long as necessary. Continue Reading
By- Dave Shackleford, Voodoo Security
-
Tip
18 Jun 2009
When BIOS updates become malware attacks
Most security pros don't give the system BIOS a second thought, or even a first one, but today's BIOS types are highly susceptible to malicious hackers. Information security threats expert Sherri Davidoff explains how attackers can plant BIOS malware and how security pros can thwart such attacks. Continue Reading
By- Sherri Davidoff, LMG Security
-
Tip
02 Mar 2009
How many firewalls do you need?
Whether your organizations needs multiple sets of firewalls depends on whether they will protect clients, servers or both and what kind of traffic they will monitor. Continue Reading
By- Joel Snyder, Opus One
-
Answer
11 Feb 2009
How does a Web server model differ from an application server model?
A Web server model and an application server model share many similarities but require different defense methods. Each model, for example, calls for distinct placement of application servers. Continue Reading
By -
Answer
14 Oct 2008
What are the basics of a Web browser exploit?
John Strand explains how attackers target a flaw in either the browser or in an application that the browser calls to process a Web request. Continue Reading
By- John Strand, Black Hills Information Security
-
Definition
13 Aug 2008
honey monkey
A honey monkey is a virtual computer system that is programmed to lure, detect, identify and neutralize malicious activity on the Internet. The expression, coined by Microsoft, is based on the term honey pot, which refers to a computer system expressly set up to attract and "trap" people who attempt to penetrate other people's computers... (Continued) Continue Reading
-
Tip
19 May 2008
Ophcrack: Password cracking made easy
Scott Sidel examines the open source security tool Ophcrack, a password cracking tool aimed at ensuring the strength of corporate passwords. Continue Reading
By- Scott Sidel
-
Definition
08 Apr 2008
Open Source Hardening Project
The Open Source Hardening Project is an initiative of the United States Department of Homeland Security, created to improve the security of open source code. Because the infrastructure of the Internet, financial institutions and many other critcal systems in the U.S. run on open source software, the security of these applications is crucial... (Continued) Continue Reading
-
Answer
11 Feb 2008
What software development practices prevent input validation attacks?
Improper input validation leads to numerous kinds of attacks, including cross-site scripting, SQL injection and command injection. In this expert Q&A, Michael Cobb reviews the most important application development practices. Continue Reading
By- Ed Skoudis, SANS Technology Institute
-
Tip
17 Jan 2008
Developing a patch management policy for third-party applications
Enterprises may push the latest critical Windows patches once a month, but here's a dirty little secret: Most organizations don't bother patching their third-party applications. The diversity of client-side software -- including everything from Acrobat Reader to iTunes -- complicates matters, but security professionals shouldn't lose hope. Effective patch management for third-party products is possible, and contributor Ed Skoudis has the tools to do it. Continue Reading
By- Ed Skoudis, SANS Technology Institute
-
Tip
11 Oct 2007
Preparing for uniform resource identifier (URI) exploits
URIs have always been a user-friendly way to recognize and access Web resources. By crafting malicious URLs and manipulating protocol handlers, however, attackers have devised new attacks that take advantage of the URI's locator functionality. Web security expert Michael Cobb explains how the identifier exploits may start a fresh round of problems for developers and users alike. Continue Reading
By -
Answer
31 May 2007
What are the drawbacks to application firewalls?
Application-layer firewalls examine ingoing and outgoing traffic more carefully than traditional packet-filtering firewalls, so why are some holding back on deployment? In this SearchSecurity.com Q&A, Michael Cobb reveals some cost and performance issues. Continue Reading
By -
Answer
24 Apr 2007
What is an Nmap Maimon scan?
Systems are often designed to hide out on a network. In this SearchSecurity.com Q&A, network security expert Mike Chapple explains how Nmap Maimon scans can get a response out of them. Continue Reading
By- Mike Chapple, University of Notre Dame
-
Answer
17 Jan 2007
Will two different operating systems cause administrative problems?
Using two different operating systems can often boost a company's security, but there are practical limitations to the enterprise practice. In this expert Q&A, Michael Cobb reveals how separate platforms can lead to deployment issues and higher development costs. Continue Reading
By - Quiz 19 Jan 2006
-
Tip
15 Nov 2004
How to patch vulnerabilities and keep them sealed
Learn how to simplify the patch deployment process and employ methods that will reduce vulnerabilities. Continue Reading
By- George Wrenn, CISSP, ISSEP