An active security control approach is developed in this article for cyber-physical systems (CPSs) under denial-of-service (DoS) attacks, where DoS attacks exist in both the sensor-to-controller (S-C) channel and the controller-to-actuator (C-A) channel. Due to the cost constraints of attacks, it is reasonable to consider that the number of maximum continuous DoS attacks in both the S-C and the C-A channels is bounded. Then, to defend the two-channel DoS attacks, an active security control strategy that makes full use of the unattacked intervals is designed to ensure that the control inputs are updated timely in each period. Meanwhile, a security controller that contains both the current and future control inputs is designed. Under the active security control strategy and the security controller, the addressed CPS under two-channel DoS attacks can be asymptotically stable without losing the control performance. Finally, both the simulations and experiments are given to demonstrate the effectiveness of the proposed active security control approach.