InfoQ Homepage Security Assessment Content on InfoQ
Articles
RSS Feed-
/articles/integrating-dast-ci-cd/en/smallimage/logo-1666174011486.jpg)
Successfully Integrating Dynamic Security Testing into Your CI/CD Pipeline
Dynamic security testing tools don’t require advanced cybersecurity knowledge to operate. Integrating DAST into your CI/CD pipeline should be done in stages by focusing on the riskiest areas first.
-
/articles/insider-security-threats-zero-trust/en/smallimage/logo-1641193907181.jpg)
Mitigating Inside and Outside Threats with Zero Trust Security
As ransomware and phishing attacks increase, it is evident that attack vectors can be found on the inside in abundance. Zero Trust Security can be thought of as a new security architecture approach where the main goals are: verifying endpoints before any network communications take place, giving least privilege to endpoints, and continuously evaluating the endpoints throughout the communication.
-
/articles/application-security-manager-role/en/smallimage/Application-Security-Manager-small-image-1634312284905.jpg)
Application Security Manager: Developer or Security Officer?
The role of the Application Security Manager (ASM) should be the driving force of the overall code review process. An ASM should know about development processes, information security principles, and have solid technical skills. To get a good ASM you can either use experts from a service provider or grow an in-house professional from developers or security specialists.
-
/articles/cybersecurity-pain-points/en/smallimage/three-major-cybersecurity-pain-posts-address-improved-threat-defense-l-1570618911328.jpg)
Three Major Cybersecurity Pain Points to Address for Improved Threat Defense
Three pain points every company must address when addressing cybersecurity include threat volume and complexity, a growing cybersecurity skills gap, and the need for threat prioritization. This article describes each of these in some detail, and includes recommendations for corporations to deal with them.
-
/articles/test-management-revisited/en/smallimage/LOGO.jpg)
Test Management Revisited
The concept of test management sits awkwardly in agile, mostly because it’s a construct derived from the time when testing was a post-development phase, performed by independent testing teams. Agile, with its focus on cross functional teams, has sounded the death knell for many test managers. While test management is largely irrelevant in agile, there is still a desperate need for test leadership.
-
/articles/resilient-security-architecture/en/smallimage/small image.jpg)
Resilient Security Architecture
In this IEEE article, author John Diamant talks about how to improve security quality of software applications using a proactive approach with techniques like Security requirements gap analysis and Architectural threat analysis in the early phases of software development life cycle.
-
/articles/chess-secureprog/en/smallimage/static-analysis-logo.jpg)
Brian Chess on Static Code Analysis
Building security into software applications from the initial phases of development process is critical. Static code analysis gives developers the ability to review their code without actually executing it to uncover potential security vulnerabilities. InfoQ spoke with Brian Chess about static analysis and how it compares with other security assessment techniques like penetration testing.