Zerosecurity
  • Home
  • Security
    • Exploits
    • Mobile Security
  • Malware
  • Data Breaches
  • Crypto
  • Privacy
  • Downloads
    • Malwarebytes
    • Exploits
    • Paper Downloads
    • Software & Service Reviews
No Result
View All Result
SUBSCRIBE
Zerosecurity
  • Home
  • Security
    • Exploits
    • Mobile Security
  • Malware
  • Data Breaches
  • Crypto
  • Privacy
  • Downloads
    • Malwarebytes
    • Exploits
    • Paper Downloads
    • Software & Service Reviews
No Result
View All Result
Zerosecurity
No Result
View All Result
Home Public

Application hardening tips

Paul Anderson by Paul Anderson
May 31, 2014
in Public, Security, Tutorials
0
application hardening
74
SHARES
1.2k
VIEWS
Share on FacebookShare on Twitter

When a exploit has been discovered in an operating system or program the vendor pushes a patch or upgrade that eliminates the vulnerability. “Hardening” is the act of proactively protecting your server and minimizing damage if or when a zero-day attack impacts your server.

You might also like

Silent OS 3.0 for Blackphone Completely revamped

Exploit Kit activity on a steep decline since April

EasyDoc malware infects Macs and routes through TOR

What you will need to focus on are the points listed below:

  • Assume all installed applications are flawed—don’t rely on the security programmed into them.
  • Physically remove from the system all applications not being used.
  • Use firewalls, content filters and OS user authentication features to restrict access to the application, and provide access only to those who absolutely must have it.
  • Update all applications to the latest patches when security bulletins are released.
  • Internally developed applications need to be code-reviewed for security weaknesses. Consider an external security review for critical applications.
  • Externally facing Web applications are high-risk applications because they are a bridge between the outside world and internal customer databases. Be sure to add code that can block or otherwise safely deal with all of the following hostile inputs: missing page parameters, parameters that are unusually long, parameters will nulls or hexadecimal encoding, parameters with Web browser script blocks (which are used to create server-side scripting attacks), and parameters with quotes and semicolons (likely attempts to send hostile SQL commands through to the database).
  • If possible, write applications in languages that run in virtual machines–such as Java, Visual Basic .Net or C#–because they provide an extra layer of security protection. Avoid C and C++ because they make it easy to write applications that allow buffer overflow attacks.
Tags: applicationHardeningpreventiontutorial
Share30Tweet19
Paul Anderson

Paul Anderson

Editor and chief at ZeroSecurity. Expertise includes programming, malware analysis, and penetration testing. If you would like to write for ZeroSecurity, please click "Contact us" at the top of the page.

Recommended For You

Silent OS 3.0 for Blackphone Completely revamped

by Paul Anderson
July 24, 2016 - Updated on May 17, 2022
1
Silent OS 3.0 for Blackphone Completely revamped

Version 3.0 migrates Silent OS to Android Marshmallow 6.0.1 and delivers the Android safety patch level to June 2016. Along with fixes for security vulnerabilities, Silent OS 3.0...

Read more

Exploit Kit activity on a steep decline since April

by Paul Anderson
July 12, 2016
0
Exploit Kit activity on a steep decline since April

As malware writers are moving to Neutrino and RIG exploit kits (EK) for dispersal needs, security experts are investigating how distribution is innovating, and they are generally signaling a huge...

Read more

EasyDoc malware infects Macs and routes through TOR

by Kyle
July 6, 2016
0
EasyDoc malware infects Macs and routes through TOR

Antivirus company, Bitdefender has released an alert regarding a harmful application that infects Macs and connects to the command-and-control servers via Tor. The program, called EasyDoc Converter.app, claims...

Read more

Hummer malware infecting androids earns $3.5 Million a week

by Paul Anderson
July 6, 2016 - Updated on May 17, 2022
0
Hummer malware infecting androids earns $3.5 Million a week

A new Trojan, named Hummer, has been discovered infecting Android phones. The malware creators are earning an estimated $3,500,000 a week or $500,000 a day say researchers at...

Read more

Healthcare sector hit by advanced worms, infects MRI and x-ray machines

by Kyle
July 1, 2016
0
Healthcare sector hit by advanced worms, infects MRI and x-ray machines

MRI, x-ray, and an oncology machines were all found containing malware with code to install backdoors on other connected systems for the purpose of lifting data off the...

Read more
Next Post
Malware on a steep Incline during first quarter

Malware on a steep Incline during first quarter

Related News

Netwire RAT seized by FBI and other worldwide police agencies

Netwire RAT seized by FBI and other worldwide police agencies

March 16, 2023
The Emotet botnet returns and is sending a slew of malicious emails

The Emotet botnet returns and is sending a slew of malicious emails

March 14, 2023
Update-resistant malware infects SonicWall security appliances

Update-resistant malware infects SonicWall security appliances

March 12, 2023
Zerosecurity

We cover the latest in Information Security & Blockchain news, as well as threat trends targeting both sectors.

Categories

  • Crypto
  • Data Breaches
  • DotNet Framework
  • Downloads
  • Exploits
  • Exploits
  • Information
  • Legal
  • Malware
  • Malware Analysis
  • Mobile Security
  • Paper Downloads
  • Piracy
  • Privacy
  • Programming
  • Public
  • Security
  • Security
  • Software & Service Reviews
  • Technology News
  • Tools
  • Tutorials
  • Video Tutorials
  • Whitepapers
  • Zero Security
  • Contact Us
  • List of our Writers

© 2022 ZeroSecurity, All Rights Reserved.

No Result
View All Result
  • Home
  • Security
  • Exploits
  • Data Breaches
  • Malware
  • Privacy
  • Mobile Security
  • Tools
  • Contact Us
  • Privacy Policy

© 2022 ZeroSecurity, All Rights Reserved.