BT

Continuous Security Testing With Gauntlt

by Manuel Pais on  Nov 30, 2013 1

James Wickett, from Gauntlt core team, gave a tutorial at Velocity Conf London about integrating security testing in the continuous integration cycle for early feedback on application security level. James stressed the importance of regularly checking for security as release delivery rates increase with continuous delivery.

Microsoft to Stop Honoring SHA1 Certificates for SSL and Code Signing

by Jonathan Allen on  Nov 20, 2013

Following recommendations by the US National Institute of Standards and Technology, Microsoft intends to stop honoring SHA1 for SSL and Code Signing certificates. This policy will begin in 2017 and applies to Windows Vista, Windows Server 2008, and later operating systems.

Practices for Scaling Agile in Enterprises

by Ben Linders on  Nov 19, 2013 2

Enterprises that are adopting agile organizational-wide will at some time have to scale their agile practices. In a session at the Agile Methods in the Finance Sector and Complex Environment conference, attendees shared their experiences with scaling agile in enterprises.

Applying Security by Design with the CMMI for Development

by Ben Linders on  Nov 15, 2013

To enable development of secure products, processes covering the software development life cycle have to include security activities. Winfried Russwurm from Siemens and Peter Panholzer from Limes Security facilitated a workshop at the SEPG Europe 2013 conference where they explored security activities and presented the Application Guide for Improving Processes for Secure Products.

Apigee Now Supports Node.js and Open Sources Volos

by Abel Avram on  Nov 12, 2013

Apigee Edge now supports Node.js and has open sourced Volos, a project containing a set of API management modules.

Oracle Releases 51 Security Fixes for Java

by Dan Woods on  Oct 24, 2013

Last week, Oracle released a Critical Patch Update, which included 127 new security fixes for the Oracle ecosystem of products, including Java SE, amongst others. There were 51 critical security fixes for Java, which affects both client and server deployments.

Visual Studio 2013 Adds New Project Templates with Improvements and Social Accounts Authentication

by Anand Narayanaswamy on  Oct 23, 2013

The recently released Visual Studio 2013 includes new project templates with several improvements which enables developers to build projects and applications faster.

A Look Back at the Linux Kernel Backdoor

by Jonathan Allen on  Oct 14, 2013 2

With all of the recent concern over the US government’s National Security Agency (NSA) some of the attention has turn to the possibility of backdoors. Back in 2003 someone attempted to insert a backdoor into the Linux kernel. Though caught, it illustrates how seemingly innocuous changes can introduce vulnerabilities and the importance of tractability in source control.

Securing Docker and Containers

by Aslan Brooke on  Sep 27, 2013 2

Jérôme Petazzoni, senior engineer at dotCloud, examined the progress of security concerning Docker compared with other virtualization and container like technology in his recent blog post "CONTAINERS & DOCKER: HOW SECURE ARE THEY?". Jérôme makes a case for the techniques that secure Docker, in spite of the acknowledgement that improvements are needed.

Stories of Using Real Options to Take Decisions

by Ben Linders on  Sep 27, 2013 2

Projects and product development is one long series of difficult decisions, says Pascal Van Cauwenberghe. Real Options can help you to take the right decision at the right time, even under difficult circumstances. At the Agile Tour Brussels conference, Pascal presented stories of his experiences with using real options in decision taking.

Improved Authentication with Filters in ASP.NET MVC 5

by Anand Narayanaswamy on  Sep 06, 2013

Visual Studio 2013 Developer Preview ships with ASP.NET MVC 5 which enables developers to apply authentication filters that provides an ability to authenticate users using various third party vendors or a custom authentication provider. Eric Vogel recently demonstrated its usage with an example using source codes.

Simplified Multiple Provider Authorization with OAuth.io

by Abel Avram on  Aug 20, 2013

OAuth.io is an API and a service interfacing with more than 80 OAuth providers. This article contains an interview with Mehdi Medjaoui, Co-founder of OAuth.io, providing details on security, licensing and future developments.

Crypto Obfuscator for .Net v2013 R2 Adds Support for Code Masking and Constant Field Removal

by Anand Narayanaswamy on  Jul 27, 2013

Crypto Obfuscator for .Net v2013 R2 includes support for code masking, constant field removal, Visual Studio 2012. It also includes Linux and Mono support for automatic exception reporting service including several new additions, improvements, changes and bug fixes.

Tune Up Your Online Privacy with Clef

by Martin Monroe on  Jun 29, 2013

Clef is like a retina scan for your smart phone, which gives a whole new meaning to Retina Display. You can use Clef as an Open ID to log in from your smart phone only once to access many different web sites when online. Rather than typing in your user ID and password for each web site.

Outsource User Management and Authentication with Stormpath

by Jonathan Allen on  Jun 27, 2013

Most applications these days require user management, authentication, and authorization from the beginning and even a minor mistake can be disastrous. To help developers focus more on what the application actually does, Stormpath is offering turnkey user management and authentication services. Using these services, applications can authenticate users via a single API call.

General Feedback
Bugs
Advertising
Editorial
InfoQ.com and all content copyright © 2006-2014 C4Media Inc. InfoQ.com hosted at Contegix, the best ISP we've ever worked with.
Privacy policy
BT