Application and platform security

Applications and platform security is the basis of preventing vulnerabilities and attacks. Learn the latest about applications attacks, secure software development, patch management, OS security, virtualization, open source security, API security, web app and server security and more.

Top Stories

Tip 16 Dec 2024
7 DevSecOps tools to secure each step of the SDLC

DevSecOps tools come in many shapes and sizes, helping organizations do everything from discovering software vulnerabilities to preventing software supply chain data breaches. Continue Reading
By
- Colin Domoney
News 12 Dec 2024
Aqua Security warns of significant risks in Prometheus stack

The cloud security vendor called on Prometheus to provide users with additional safeguards to protect against misconfigurations discovered in the open source monitoring tool. Continue Reading
By
- Arielle Waldman, News Writer

Opinion 09 Apr 2012
Gary McGraw on software security assurance: Build it in, build it right

If the field of computer security is to be fixed, the only hope we have is building security in, says software security expert Gary McGraw. Continue Reading
By
- Gary McGraw, Synopsys
Answer 31 Aug 2011
How to mitigate the risk of a TOCTTOU attack

Are TOCTTOU attacks, exploiting time-of-check-to-time-of-use race conditions, a threat to your enterprise file systems? Expert Michael Cobb discusses the dangers and how to mitigate them. Continue Reading
By
- Michael Cobb
Tip 11 Mar 2011
Securing a multi-tenant environment

Learn some of the key elements for secure multi-tenancy. Continue Reading
By
- Robbie Higgins
Definition 11 Feb 2011
BIOS rootkit attack

A BIOS-level rootkit attack, also known as a persistent BIOS attack, is an exploit in which the BIOS is flashed (updated) with malicious code. A BIOS rootkit is programming that enables remote administration. Continue Reading
By
- TechTarget Contributor
Definition 10 Feb 2011
BIOS rootkit

A BIOS-level rootkit is programming that exists in a system's memory hardware to enable remote administration. Because the rootkit lives in the computer’s BIOS (basic input/output system), it persists not only through attempts to reflash the BIOS but also through hard drive erasure or replacement. Continue Reading
By
- TechTarget Contributor
Tip 03 Feb 2011
The hypervisor security patch management process

Enterprises using virtualization must include hypervisor patching in their patch management process. Robbie Higgins explains why. Continue Reading
By
- Robbie Higgins
Definition 24 Sep 2010
alternate data stream (ADS)

An alternate data stream (ADS) is a feature of Windows New Technology File System (NTFS) that contains metadata for locating a specific file by author or title. Continue Reading
By
- TechTarget Contributor
Tip 30 Jul 2010
How to avoid attacks that exploit a Web browser vulnerability

Beyond patching, Tom Chmielarski explains what you'll need to do to avoid application exploits caused by Web browser vulnerabilities. Continue Reading
By
- Tom Chmielarski, Contributor
Answer 05 Jul 2010
Why it's important to turn on DEP and ASLR Windows security features

In the quest for application security, many developers are disabling or incorrectly implementing two important Windows security features. In this expert response, Michael Cobb explains why ASLR and DEP should always be turned on. Continue Reading
By
- Michael Cobb
Tip 30 Mar 2010
Using Windows software restriction policies to stop executable code

Software restriction policies are one way to prevent known malware and file-sharing applications from taking control of your network. Continue Reading
By
- Tom Chmielarski, Contributor
Quiz 19 Nov 2009

Quiz: How to build secure applications

Use this five-question quiz to test your knowledge of how to secure your enterprise apps. Continue Reading
Tip 03 Nov 2009
Security benefits of virtual desktop infrastructures

In a highly regulated industry where security is critical, financial-services firms are turning to virtual desktop infrastructures. In this tip, Eric Ogren explains the security benefits of virtualized desktops and virtual workspace projects, including malware-resistant software configurations and enhanced data loss prevention. Continue Reading
By
- Eric Ogren, The Ogren Group
Tip 23 Sep 2009
Determine your Microsoft Windows patch level

A handful of patch management tools from Microsoft and third -parties can help your organization determine your Windows patch level and identify missing security patches. Continue Reading
By
- Tony Bradley, Bradley Strategy Group
Answer 22 Sep 2009
How to prevent ActiveX security risks

Application expert Michael Cobb explains why ActiveX security relies entirely on human judgment. Continue Reading
By
- Michael Cobb
Tip 18 Jun 2009
When BIOS updates become malware attacks

Most security pros don't give the system BIOS a second thought, or even a first one, but today's BIOS types are highly susceptible to malicious hackers. Information security threats expert Sherri Davidoff explains how attackers can plant BIOS malware and how security pros can thwart such attacks. Continue Reading
By
- Sherri Davidoff, LMG Security
Tip 02 Mar 2009
How many firewalls do you need?

Whether your organizations needs multiple sets of firewalls depends on whether they will protect clients, servers or both and what kind of traffic they will monitor. Continue Reading
By
- Joel Snyder, Opus One
Answer 11 Feb 2009
How does a Web server model differ from an application server model?

A Web server model and an application server model share many similarities but require different defense methods. Each model, for example, calls for distinct placement of application servers. Continue Reading
By
- Michael Cobb
Answer 14 Oct 2008
What are the basics of a Web browser exploit?

John Strand explains how attackers target a flaw in either the browser or in an application that the browser calls to process a Web request. Continue Reading
By
- John Strand, Black Hills Information Security
Definition 13 Aug 2008
honey monkey

A honey monkey is a virtual computer system that is programmed to lure, detect, identify and neutralize malicious activity on the Internet. The expression, coined by Microsoft, is based on the term honey pot, which refers to a computer system expressly set up to attract and "trap" people who attempt to penetrate other people's computers... (Continued) Continue Reading
By
- TechTarget Contributor
Tip 19 May 2008
Ophcrack: Password cracking made easy

Scott Sidel examines the open source security tool Ophcrack, a password cracking tool aimed at ensuring the strength of corporate passwords. Continue Reading
By
- Scott Sidel
Definition 08 Apr 2008
Open Source Hardening Project

The Open Source Hardening Project is an initiative of the United States Department of Homeland Security, created to improve the security of open source code. Because the infrastructure of the Internet, financial institutions and many other critcal systems in the U.S. run on open source software, the security of these applications is crucial... (Continued) Continue Reading
By
- TechTarget Contributor
Answer 11 Feb 2008
What software development practices prevent input validation attacks?

Improper input validation leads to numerous kinds of attacks, including cross-site scripting, SQL injection and command injection. In this expert Q&A, Michael Cobb reviews the most important application development practices. Continue Reading
By
- Ed Skoudis, SANS Technology Institute
Tip 17 Jan 2008
Developing a patch management policy for third-party applications

Enterprises may push the latest critical Windows patches once a month, but here's a dirty little secret: Most organizations don't bother patching their third-party applications. The diversity of client-side software -- including everything from Acrobat Reader to iTunes -- complicates matters, but security professionals shouldn't lose hope. Effective patch management for third-party products is possible, and contributor Ed Skoudis has the tools to do it. Continue Reading
By
- Ed Skoudis, SANS Technology Institute
Tip 11 Oct 2007
Preparing for uniform resource identifier (URI) exploits

URIs have always been a user-friendly way to recognize and access Web resources. By crafting malicious URLs and manipulating protocol handlers, however, attackers have devised new attacks that take advantage of the URI's locator functionality. Web security expert Michael Cobb explains how the identifier exploits may start a fresh round of problems for developers and users alike. Continue Reading
By
- Michael Cobb
Answer 31 May 2007
What are the drawbacks to application firewalls?

Application-layer firewalls examine ingoing and outgoing traffic more carefully than traditional packet-filtering firewalls, so why are some holding back on deployment? In this SearchSecurity.com Q&A, Michael Cobb reveals some cost and performance issues. Continue Reading
By
- Michael Cobb
Answer 24 Apr 2007
What is an Nmap Maimon scan?

Systems are often designed to hide out on a network. In this SearchSecurity.com Q&A, network security expert Mike Chapple explains how Nmap Maimon scans can get a response out of them. Continue Reading
By
- Mike Chapple, University of Notre Dame
Answer 17 Jan 2007
Will two different operating systems cause administrative problems?

Using two different operating systems can often boost a company's security, but there are practical limitations to the enterprise practice. In this expert Q&A, Michael Cobb reveals how separate platforms can lead to deployment issues and higher development costs. Continue Reading
By
- Michael Cobb
Quiz 19 Jan 2006

Web application threats and vulnerabilities quiz answers

Continue Reading
Tip 15 Nov 2004
How to patch vulnerabilities and keep them sealed

Learn how to simplify the patch deployment process and employ methods that will reduce vulnerabilities. Continue Reading
By
- George Wrenn, CISSP, ISSEP