BT
  • Don't SCIM over your Data Model

    by Ganesh Prasad on  Aug 08, 2012 4

    This opinion piece discusses three specific suggestions for improving the SCIM data model: 1. Both the enterprise client and cloud provider should map their internal IDs to a shared External ID, which is the only ID exposed through the API. 2. Multi-valued attributes of a resource must be converted from an array into a dictionary with unique keys. 3. 3 ways to improve the PATCH command

  • Defending against Web Application Vulnerabilities

    by Nuno Antunes and Marco Vieira on  Jul 27, 2012 1

    In this article, authors discuss the security in software development life cycle and how to defend against web application vulnerabilities using techniques like white-box analysis and black-box testing. They also talk about secure coding practices based on the defense-in-depth approach using three lines of defense: input validation, hotspot protection, and output validation.

  • Standardizing the Cloud for Security

    by Orlando Scott-Cowley on  Jul 05, 2012

    Orlando Scott-Cowley discusses security in the cloud and the need for industry standards to lower the barriers to entry while ensuring that customer data is safe.

A Distributed Access Control Architecture for Cloud Computing

Posted by Abdulrahman A. Almutairi, Muhammad I. Sarfraz, Saleh Basalamah, Walid G. Aref, Arif Ghafoor on  Jun 12, 2012

In this article, authors discuss a distributed architecture based on principles from security management and software engineering to address cloud computing’s security challenges.

Managing Security Requirements in Agile Projects

Posted by Rohit Sethi on  Jun 04, 2012

Managing security requirements from early phases of software development is critical. In this article, author Rohit Sethi discusses how to map security requirements to user stories in Agile projects. 2

The Future of Authentication

Posted by Dirk Balfanz, Richard Chow, Ori Eisen, Markus Jakobsson, Steve Kirsch, Scott Matsumoto, Jesus Molina, Paul van Oorschot on  May 04, 2012

In this IEEE roundtable discussion article, the panelists discuss current authentication approaches, how to authenticate users on mobile devices and the future direction of authentication. 1

Commitment – Writing a Graphic Novel explaining Real Options

Posted by Shane Hastie on  Apr 05, 2012

Building on their work on Real Options, Chris Matts and Olav Maassen are writing a graphic novel to explain the concepts and share their knowledge. They discussed the novel and the process with InfoQ.

Interview and Book Review: The CERT Oracle Secure Coding Standard for Java

Posted by Srini Penchikala on  Feb 15, 2012

"The CERT Oracle Secure Coding Standard for Java" book covers the rules for secure coding using Java programming language. InfoQ spoke with book authors on how these rules can help Java developers.

10 tips on how to prevent business value risk

Posted by Chris Matts and Olav Maassen on  Feb 07, 2012

One category of risk that project teams need to ensure they address is business value failure – delivering a product that fails to provide value for the business investor. 3

Software Engineering Meets Services and Cloud Computing

Posted by Stephen S. Yau and Ho G. An on  Jan 04, 2012

In this IEEE article, authors Stephen Yau and Ho An talk about the advantages and challenges in application development using service-oriented architecture and cloud computing technologies. 2

Regulatory Compliant Cloud Computing: Rethinking web application architectures for the cloud

Posted by Arshad Noor on  Dec 16, 2011

This article presents a web application architecture that leverages cloud resources and an enterprise key-management infrastructure to lower costs while proving compliance to data-security regulations 8

Introduction to Cloud Security Architecture from a Cloud Consumer's Perspective

Posted by Subra Kumaraswamy on  Dec 07, 2011

Security concerns plague cloud consumers so how should these concerns be addressed? This article introduces the basic principles and patterns that should guide a cloud security architecture.

General Feedback
Bugs
Advertising
Editorial
InfoQ.com and all content copyright © 2006-2014 C4Media Inc. InfoQ.com hosted at Contegix, the best ISP we've ever worked with.
Privacy policy
BT