Application whitelisting

Application whitelisting is a cybersecurity control that operates on a deny-by-default principle, permitting only explicitly approved applications to execute on a system. Unlike traditional blacklisting, which blocks known threats, whitelisting proactively prevents all unauthorized software—including malware, ransomware, advanced persistent threats, and unapproved utilities—from running, even if their signatures are previously unknown. Approved applications are typically validated through cryptographic hashes, digital signatures, or file path rules.

By maintaining a comprehensive inventory of trusted executables, scripts, and libraries, organizations create a highly controlled computing environment that significantly reduces the attack surface across endpoints and servers. Application whitelisting is considered one of the most effective strategies for hardening systems, enhancing overall cybersecurity resilience, maintaining system integrity, and supporting regulatory compliance by strictly enforcing which software is permitted to operate within an organization's infrastructure.