Most applications these days require user management, authentication, and authorization from the beginning and even a minor mistake can be disastrous. To help developers focus more on what the application actually does, Stormpath is offering turnkey user management and authentication services. Using these services, applications can authenticate users via a single API call.
Frank Breedijk, security officer at Schuberg Philis, talks about the friction points between security and DevOps and how to collaborate to avoid them. Examples include automating security tests and environments, reducing scope of security audits to relevant system components only or allowing security fixes to jump the queue of changes to production.
Microsoft recently announced preview of Multi-Factor Authentication in Windows Azure. This can be enabled for Windows Azure Management portal, Microsoft Online Services such as Office 365, as well as custom applications.
The recently released Twitter API V1.1 ships with support for JSON and provides an ability to authenticate apps via OAuth1.0a.
The first day of DevOps Days Amsterdam had its focus split between continuous delivery and promoting a DevOps culture. Talks focused on how to automate the deployment pipeline but also system recovery in case of failure. On the culture side leveraging distinct personality types to successfully introduce changes and the positive impact of strong company culture on hiring were some of the takeaways.
Amazon's free, one-day cloud community event took place in Berlin this month. Aimed at developers, technical and business leaders, the topics of the series increasingly focus on cost effectiveness, high availability, big data and security. The summit was complemented with presentations from successful local AWS adopters.
A months old Ruby on Rails security flaw is now being exploited on systems where tardy patch deployment has left them vulnerable to malicious attackers.
Part 2 of Infoq’s exclusive virtual interview with Anypresence cofounder Richard Mendis. The CMO weighs in on Facebook’s acquisition of competitor Parse and provides intel on the pricing structure of Anypresence.
"To avoid the confusion caused by renumbering releases", Oracle has announced that it is adopting a new numbering scheme for JDK 5.0, JDK 6 and JDK 7. "The next Limited Update for JDK 7 will be numbered 7u40, and the next 3 CPUs after that will be numbered 7u45, 7u51, and 7u55.”
Just days after the latest fix, security researcher Adam Gowdiak has found another Java vulnerability. In addition, in the past few days, attack code targeting one of the many remote-code-execution vulnerabilities fixed in Java 7 Update 21 have also begun circulating in the wild.
The excitement over DevOps is continuing to increase in major corporations. Today it was announced that two DevOps tool vendors were acquired. UrbanCode was picked up by IBM while Nolio went to CA Technologies.
Layer 7 Technologies has just been acquired by CA Technologies for the purpose of augmenting CA SiteMinder with Layer 7’s API Management & Security Suite. Layer 7 specializes in adding “access, security, SLA and management features” to existing service APIs.
Google+ Sign-In extends the Google+ social network into third-party websites, desktop applications and mobile apps. This service, announced on February 26th, provides features for authentication, authorization and activity sharing. There is also support for user engagement, hangouts and automatic Android app downloads.
Smaller releases, automated testing, and a culture that embraces security are the reasons why panelists at the RSA 2013 conference say that Devops can be a huge boon for application security.
MongoDB 2.4 was recently released with new features such as Text Search, hash-based sharding, better geo-spatial capabilities with GeoJSON support and several performance and tooling improvements. We also discussed with 10gen about what’s next on the roadmap.