BT
rss
  • How Well Do You Know Your Personae Non Gratae?

    by Jane Cleland-Huang on  Nov 27, 2014

    In this article, author discusses three techniques to defend against malicious users in software systems. These techniques includes creating personas to think strategically about the mischief a malicious user might attempt, misuse cases used to determine how the software should respond to unintended use, and activity diagrams annotated with security concerns.

  • Keeping Your Secrets

    by Dennis Sosnoski on  Sep 30, 2013 2

    Dennis Sosnoski explains how supposedly-secure connections can be downgraded to the point where they are easily broken and how even at full strength most forms of encryption are vulnerable to data capture and later decryption if your private keys are exposed. In this article you'll learn some ways of making it more difficult for anyone to see or alter your data exchanges.

  • Application Security Testing: The Double-sided Black Box

    by Rohit Sethi on  Feb 26, 2013 1

    In this article, Rohit Sethi discusses one of the biggest risks with software security, the opaque nature of verification tools and processes, and the potential for false negatives not covered by the different verification techniques. He also talks about some examples of security requirements and examines how common verification methods apply to them.

Defending against Web Application Vulnerabilities

Posted by Nuno Antunes and Marco Vieira on  Jul 27, 2012

In this article, authors discuss the security in software development life cycle and how to defend against web application vulnerabilities using white-box analysis and black-box testing techniques. 1

Comparison of Intrusion Tolerant System Architectures

Posted by Quyen L. Nguyen and Arun Sood on  Nov 25, 2011

In this IEEE article, authors Quyen L. Nguyen and Arun Sood discuss three types of intrusion tolerant system architectures and their efficiency for intrusion tolerance and survivability. 3

Virtual Panel: Security Considerations in Accessing NoSQL Databases

Posted by Srini Penchikala on  Nov 15, 2011

NoSQL databases have been getting lot of attention lately but NoSQL data security is not given much emphasis. This article focuses on the security considerations in accessing NoSQL databases. 4

Resilient Security Architecture

Posted by John Diamant on  Sep 27, 2011

In this IEEE article, author John Diamant talks about improving security quality of software applications using techniques like security requirements gap analysis and architectural threat analysis.

Enhanced Detection of Malware

Posted by Carlos Rozas, Hormuzd Khosravi, Divya Kolar Sunder,and Yuriy Bulygin on  Sep 30, 2009

This article discusses significant new threats to host agents, outlines a generic architecture for malware detection, based on enhanced cloud computing, and outlines enhanced computing solutions.

The Dark Cloud: Understanding and Defending against Botnets and Stealthy Malware

Posted by Jaideep Chandrashekar, Carl Livadas, Steve Orrin, and Eve Schooler on  Aug 04, 2009

Botnets are the latest scourge to hit the Internet and this article provides and presents several promising anti-botnet defense strategies that specifically target current and emerging trends.

General Feedback
Bugs
Advertising
Editorial
InfoQ.com and all content copyright © 2006-2014 C4Media Inc. InfoQ.com hosted at Contegix, the best ISP we've ever worked with.
Privacy policy
BT