Java—love it or hate it, it isn’t going anywhere. Despite being hailed as “the biggest vulnerability for US computers” by CSO magazine, it’s currently back in pole position as the most popular developer language on the market. Of course, this has mostly to do with the rise of Android, as traditional Java web apps have been steadily losing market share to newer languages and stacks over the years. However, Java is still popular with developers and cyber attackers alike: it’s well understood, extensively documented, and unfortunately highly exploitable.
Microsoft Internet Information Server (IIS) 7 is still widely used in the enterprise, despite a less-than-stellar track record for security. In fact, for many “IIS security” is a contradiction of terms—though in all fairness, Microsoft's web server solution has improved significantly over the years.
By following these 10 steps for improving IIS 7 security, you can achieve and maintain an even stronger level of security for your web apps.
According to Netcraft’s 2015 web server statistics, 47.7% of all websites are using Apache—making it the most popular web server in the world. Ubiquity has its price, however: the open source project is under the constant scrutiny of both malicious actors and security professionals alike.
The Open Web Application Security Project (OWASP) is a well-established organization dedicated to improving web application security through the creation of tools, documentation, and information—that latter of which includes a yearly top 10 of web application vulnerabilities. The following is a compilation of the most recent critical vulnerabilities to surface on its lists, as well as information on how to remediate each of them.
A typical organization’s environment consists of a myriad of applications and services, each with its own unique set of ongoing vulnerabilities and flaws that could ultimately lead to a data breach. This can make IT security and operations’ job difficult, as different departments and groups within a company may utilize specific software offerings to accomplish their job functions. Fortunately, a consolidated database of vendor-specific software vulnerabilities exists—the Common Vulnerabilities and Exposures (CVE) repository: a public information security resource developed and maintained by Mitre Corporation.
Java consistently gets a bad rap when it comes to security—but considering half of enterprise applications in the last 15 years were written with the language, its pervasiveness (and commonly-known attack vectors) may be more to blame than Java’s inherent security weaknesses alone. That said, new approaches are being developed (e.g., Rask, Waratek) to improve Java web application security at the Java Virtual Machine (JVM) level, but for most organizations—instituting traditional security defenses for Java applications can help protect against the majority of Java-related exploits.
This is a clash of virtualization titans: one virtual machine, the other a containerization technology. In reality, both are complementary technologies—as hardware virtualization and containerization each have their distinct qualities and can be used in tandem for combinatorial benefits. Let’s take a look at each to find out how they stack up against each other, as well as how the two can be used in tandem for achieving maximum agility.
Docker may not be the solution to ending world hunger, but the recent myriad of strange and remarkable use cases for it might have you thinking otherwise. From managing Rasberry Pi clusters to facilitiating genome sequencing and cancer research, these top 10 weird and wonderful uses for Docker illustrate the technology's amazing versatility across a variety of innovative and irreverant applications.
Genuine Windows 7 or Windows 8/8.1 owners are in for a pre-holiday treat from Microsoft: a free upgrade to Windows 10, no strings attached. Security-conscious users will appreciate some new features that enable better security—namely Windows Device Guard, Hello, and Passport. Despite these nifty additions for bolstering one’s desktop security posture, Windows 10 certainly hasn’t been without its own critical security flaws.
Windows 10 made its debut back in July and has since garnered some generally positive reviews, though the release hasn’t been without its share of vulnerabilities. For IT and operations, this means (begrudgingly) supporting/hardening another variant of the Windows OS on an ongoing basis. Even in homogeneous Windows-only environments, managing vulnerabilities and patches across different OS versions can be a daunting affair. The following can serve as a practical starting point for protecting today’s Windows-based infrastructures against cyber attacks.