All of the above attacks focus on gaining access to the host machine. Once accomplished, an attacker has the ability to access all of the guest operating systems and applications being hosted.
So now let's look at application virtualization. Application virtualization focuses on virtualizing applications and the necessary operating system components for the app to function. While I think that the technology helpfully reduces the attack surface available to an attacker, many of the same attack and escape vectors will remain.
What we must be cautious of is falling into the same trap that many security professionals were caught in with virtual machines. Just because no exploits are currently available for virtualized applications, it does not mean one will not surface in the near future. Development of our architectures in such a fashion -- where our public and sensitive data is hosted on different host machines -- is necessary. The arrangement would prevent a compromise on a public system or the exposing of sensitive data from a virtualized application.
Dig Deeper on Virtualization Security Issues and Threats
Related Q&A from John Strand
Expert John Strand reviews how to spot input validation flaws on your websites.continue reading
In this expert response, John Strand explains what to do when your personal identity is impersonated online.continue reading
Expert John Strand reveals an interesting way of addressing man-in-the-middle attacks.continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.