BT
  • PCI SSC 2013 Community Meeting Takeaways

    by Eric Sampson on  Oct 18, 2013

    Eric Sampson shares the industry trends and security state within the payment card industry as discussed during the PCI Security Standards Council community meeting recently held in Las Vegas.

  • Keeping Your Secrets

    by Dennis Sosnoski on  Sep 30, 2013 2

    Dennis Sosnoski explains how supposedly-secure connections can be downgraded to the point where they are easily broken and how even at full strength most forms of encryption are vulnerable to data capture and later decryption if your private keys are exposed. In this article you'll learn some ways of making it more difficult for anyone to see or alter your data exchanges.

  • Big Data Security: The Evolution of Hadoop’s Security Model

    by Kevin T. Smith on  Aug 14, 2013 1

    In his new article, Kevin T Smith focuses on the importance of Big Data Security and he discusses the evolution of Hadoop's security model. He addresses the current trends in Hadoop security implementations and provides an overview of the details of project Rhino aimed to improve the security capabilities of Hadoop and the Hadoop ecosystem.

Securely Managed API Technologies Key to Fostering Market Innovation

Posted by Atchison Frazer on  Jul 19, 2013

Web services offer distinct opportunities for real-time innovation, but requires new standards in the way APIs are secured and managed at the B2B enterprise gateway level.

The Virtual Tug of War

Posted by Michael Rothschild on  Jul 10, 2013

The battle over security and performance is fought by security professionals and network administrators. These factions have to barter an uneasy truce for the organization to survive.

Book Launch of “Commitment”, and an Interview with Olav Maassen, Chris Matts and Chris Geary

Posted by Ben Linders on  Jul 02, 2013

Commitment is a graphical business novel about managing project risks with “Real Options”, a way to improve decision making. InfoQ spoke with the authors about decisions, risks and technical debt. 1

Application Security Testing: The Double-sided Black Box

Posted by Rohit Sethi on  Feb 26, 2013

In this article, Rohit Sethi discusses the opaque nature of security verification tools and processes and the potential for false negatives not covered by techniques like automated dynamic testing. 1

Automating Data Protection Across the Enterprise

Posted by Arshad Noor on  Feb 07, 2013

This article defines a Data Encryption Infrastructure (DEI) which encompasses technology components and an application architecture that governs the protection of sensitive data within an enterprise.

Do we really need identity propagation in SOA and Clouds?

Posted by Michael Poulin on  Aug 20, 2012

While a majority of security specialists are managing identity through SSO nobody has answered the question if identity propagation in SOA and Clouds is feasible from a business perspective. 4

Don't SCIM over your Data Model

Posted by Ganesh Prasad on  Aug 08, 2012

This opinion piece discusses limitations in the SCIM data model specification as perceived by the author. He provides three specific suggestions which were also posted to the SCIM mailing list. 4

Defending against Web Application Vulnerabilities

Posted by Nuno Antunes and Marco Vieira on  Jul 27, 2012

In this article, authors discuss the security in software development life cycle and how to defend against web application vulnerabilities using white-box analysis and black-box testing techniques. 1

Standardizing the Cloud for Security

Posted by Orlando Scott-Cowley on  Jul 05, 2012

Orlando Scott-Cowley discusses security in the cloud and the need for industry standards to lower the barriers to entry while ensuring that customer data is safe.

General Feedback
Bugs
Advertising
Editorial
InfoQ.com and all content copyright © 2006-2014 C4Media Inc. InfoQ.com hosted at Contegix, the best ISP we've ever worked with.
Privacy policy
BT