InfoQ Homepage Security Content on InfoQ
-
/articles/api-security-zero-trust/en/smallimage/logo-1669651461014.jpg)
API Security: from Defense-in-Depth (DiD) to Zero Trust
Nearly all companies have experienced security incidents but few have an API security policy that includes dedicated API testing and protection. A defense-in-depth approach that includes boundary defense, observability, and authentication is recommended.
-
/articles/anatomy-code-obfuscation/en/smallimage/logo-1667849003893.jpg)
Who Moved My Code? An Anatomy of Code Obfuscation
In this article, we introduce the topic of code obfuscation, with emphasis on string obfuscation. Obfuscation is an important practice to protect source code by making it unintelligible. Obfuscation is often mistaken with encryption, but they are different concepts. In the article we will present a number of techniques and approaches used to obfuscate data in a program.
-
/articles/integrating-dast-ci-cd/en/smallimage/logo-1666174011486.jpg)
Successfully Integrating Dynamic Security Testing into Your CI/CD Pipeline
Dynamic security testing tools don’t require advanced cybersecurity knowledge to operate. Integrating DAST into your CI/CD pipeline should be done in stages by focusing on the riskiest areas first.
-
/articles/zero-trust-k8s/en/smallimage/logo-1661179332893.jpg)
What Does Zero Trust Mean for Kubernetes?
Zero trust is a powerful security model that’s at the forefront of modern security practices. It’s also a term that is prone to buzz and hype, making it hard to cut through the noise. So what is zero trust, exactly, and for Kubernetes, what does it mean in concrete terms? In this article, we’ll explore what zero trust is from an engineering perspective.
-
/articles/zero-trust-developer-guide/en/smallimage/logo-1659560035351.jpg)
What Developers Must Know about Zero Trust
Zero trust solves the problem of open network access by allowing access only to the resources a user should be allowed to access. This article covers how to start working with zero trust principles and ideas.
-
/articles/k8s-external-secrets-operator/en/smallimage/logo-1659173750849.jpg)
Managing Kubernetes Secrets with the External Secrets Operator
Kubernetes doesn’t yet have the capabilities to manage the lifecycle of secrets, so sometimes we need external systems to manage this sensitive information. Once the amount of secret information we need to manage increases, we may need additional tools to simplify and better manage the process. In this article, we’ll take a detailed look at one of these tools, the External Secrets Operator.
-
/articles/devops-automation-workforce-shortages/en/smallimage/logo-1657557657269.jpg)
Using DevOps Automation to Combat DevOps Workforce Shortages
A focus on automation can help to combat the current staffing struggles many organizations have with DevOps roles. Effective automation can reduce the toil experienced by developers. Automation efforts should focus on security operations, deployments, continuous delivery, QA testing, and continuous integration.
-
/articles/secure-mobile-apps-parity-problem/en/smallimage/logo-1657020856056.jpg)
The Parity Problem: Ensuring Mobile Apps are Secure across Platforms
The problem of security parity is a big one, but it’s part of a larger problem: a general lack of security in mobile apps. By embracing automation for security implementation to the same or greater degree than it has been adopted for feature development, developers can ensure that every app they release for every platform will be protected from hackers, fraudsters, and cybercriminals.
-
/articles/zero-trust-security/en/smallimage/logo-1655816786121.jpg)
Diving into Zero Trust Security
The Zero Trust approach involves a combination of more-secure authentication approaches, such as MFA with profiling and posturing of the client device, along with some stronger encryption checks. This article shares some insights on Zero Trust Security for your organization and your customers, and how you can get started with it.
-
/articles/devops-and-cloud-trends-2022/en/smallimage/InfoQ-Trend-Report-logo-small-1648721970880-1655385008093.jpeg)
DevOps and Cloud InfoQ Trends Report – June 2022
This article summarizes how we see the "cloud computing and DevOps" space in 2022, which focuses on fundamental infrastructure and operational patterns, the realization of patterns in technology frameworks, and the design processes and skills that a software architect or engineer must cultivate.
-
/articles/devsecops-policy-management/en/smallimage/evolving-devSecOps-to-include-policy-management-small-image-1653470095778.jpg)
Evolving DevSecOps to Include Policy Management
A thorough implementation of policy management tools is required for effective compliance and security management in a DevOps environment. Companies that accept policy management in DevSecOps as a way of development and have adopted some level of policy management best practices tend to operate more efficiently.
-
/articles/what-why-programmable-proxies/en/smallimage/logo-1652716879366.jpg)
The What and Why of Programmable Proxies
A question which gets often asked is “What is a programmable proxy, and why do I need one?” This article tries to answer this question from different perspectives. We will start with a brief definition of what a proxy is, then discuss how proxies evolved, explaining what needs they responded to and what benefits they offered at each stage. Finally, we discuss several aspects of programmability.