Damage Control for Network Applications

For all systems, one of the most important evaluation criteria is, or should be, security. With code complexity increasing by the minute, all are forced to accept that software contains bugs, flaws, some of which can be exploited for malicious purposes. To reduce, or eliminate the threat posed by these security holes, there are a lot of strategies. This paper presents some of the essential preparation methods which will help to withstand, and to prevent, as well as detect and recover from an attack. The presented techniques include privilege separation, application confinement through sandboxing and virtualization, intrusion detection and the incident handling aftermaths.