7 Ways To Hack Oracle + Java Web Apps And How To Fix Them

Javalove it or hate it, it isn’t going anywhere. Despite being hailed as “the biggest vulnerability for US computers” by CSO magazine, it’s currently back in pole position as the most popular developer language on the market. Of course, this has mostly to do with the rise of Android, as traditional Java web apps have been steadily losing market share to newer languages and stacks over the years. However, Java is still popular with developers and cyber attackers alike: it’s well understood, extensively documented, and unfortunately highly exploitable.

Read More

10 Steps For Improving IIS 7 Security

Microsoft Internet Information Server (IIS) 7 is still widely used in the enterprise, despite a less-than-stellar track record for security. In fact, for many “IIS security” is a contradiction of terms—though in all fairness, Microsoft's web server solution has improved significantly over the years.

By following these 10 steps for improving IIS 7 security, you can achieve and maintain an even stronger level of security for your web apps.

Read More

10 Ways to Bolster Apache Web Server Security

According to Netcraft’s 2015 web server statistics, 47.7% of all websites are using Apachemaking it the most popular web server in the world. Ubiquity has its price, however: the open source project is under the constant scrutiny of both malicious actors and security professionals alike.

Read More

Top 20 OWASP Vulnerabilities And How To Fix Them

The Open Web Application Security Project (OWASP) is a well-established organization dedicated to improving web application security through the creation of tools, documentation, and informationthat latter of which includes a yearly top 10 of web application vulnerabilities. The following is a compilation of the most recent critical vulnerabilities to surface on its lists, as well as information on how to remediate each of them.

Read More

Top 10 Critical CVEs That Can Lead To A Data Breach And How To Fix Them

A typical organization’s environment consists of a myriad of applications and services, each with its own unique set of ongoing vulnerabilities and flaws that could ultimately lead to a data breach. This can make IT security and operations’ job difficult, as different departments and groups within a company may utilize specific software offerings to accomplish their job functions. Fortunately, a consolidated database of vendor-specific software vulnerabilities exists—the Common Vulnerabilities and Exposures (CVE) repository: a public information security resource developed and maintained by Mitre Corporation.

Read More

Top 10 Java Technology / Tooling Vulnerabilities And How To Fix Them

Java consistently gets a bad rap when it comes to security—but considering half of enterprise applications in the last 15 years were written with the language, its pervasiveness (and commonly-known attack vectors) may be more to blame than Java’s inherent security weaknesses alone. That said, new approaches are being developed (e.g., Rask, Waratek) to improve Java web application security at the Java Virtual Machine (JVM) level, but for most organizations—instituting traditional security defenses for Java applications can help protect against the majority of Java-related exploits.

Read More

Docker vs. VMWare: How Do They Stack Up?

This is a clash of virtualization titans: one virtual machine, the other a containerization technology. In reality, both are complementary technologies—as hardware virtualization and containerization each have their distinct qualities and can be used in tandem for combinatorial benefits. Let’s take a look at each to find out how they stack up against each other, as well as how the two can be used in tandem for achieving maximum agility.

Read More

11 Weird And Wonderful Uses For Docker

Docker may not be the solution to ending world hunger, but the recent myriad of strange and remarkable use cases for it might have you thinking otherwise. From managing Rasberry Pi clusters to facilitiating genome sequencing and cancer research, these top 10 weird and wonderful uses for Docker illustrate the technology's amazing versatility across a variety of innovative and irreverant applications.

Read More

Top 10 Windows 10 Vulnerabilities and How to Fix Them

Genuine Windows 7 or Windows 8/8.1 owners are in for a pre-holiday treat from Microsoft: a free upgrade to Windows 10, no strings attached. Security-conscious users will appreciate some new features that enable better security—namely Windows Device Guard, Hello, and Passport. Despite these nifty additions for bolstering one’s desktop security posture, Windows 10 certainly hasn’t been without its own critical security flaws.

Read More

[Infographic] Top 10 Ways to Secure Your Windows Environment

Windows 10 made its debut back in July and has since garnered some generally positive reviews, though the release hasn’t been without its share of vulnerabilities. For IT and operations, this means (begrudgingly) supporting/hardening another variant of the Windows OS on an ongoing basis. Even in homogeneous Windows-only environments, managing vulnerabilities and patches across different OS versions can be a daunting affair. The following can serve as a practical starting point for protecting today’s Windows-based infrastructures against cyber attacks.

Read More

Subscribe to ScriptRock's Articles Blog

About Us

We make a no-nonsense platform for managing complex environments. You can try it for free because we like you.