InfoQ Homepage Security Content on InfoQ
-
"Trust Me, I'm an Insider" - Diving into Zero Trust Security
Sindhuja Rao and Deepank Dixit discuss how Zero Trust does a better security job, how scalable it is and why trust the “Zero Trust”.
-
Building Trust & Confidence with Security Chaos Engineering
Aaron Rinehart shares his experience on Security focused Chaos Engineering used to build trust and confidence, proactively identifying and navigating security unknowns.
-
Protecting User Data via Extensions on Metadata Management Tooling
Alyssa Ransbury overviews the current state of metadata management tooling, and details how Square implemented security on its data.
-
DevSecOps Best Practices for Identity & Access Management
The panelists discuss how to integrate security into DevOps, where their concerns are and how each is addressed.
-
Authorization at Netflix Scale
Travis Nelson discusses Netflix’s approach to scaling and shares techniques for distributed caching and isolating failure domains.
-
Making Sense of Application Security
Adib Saikali provides a roadmap for application developers and architects to master application security, identifying the security skills needed as an application developer.
-
Cloud-Native Application Security: Your Attack Surface Just Got Bigger
Brian Vermeer shows common threats, vulnerabilities, and misconfiguration including the recently disclosed issues in Log4j, including actionable remediation and best practices.
-
Panel: Secure Systems
The panelists discuss the security for the software supply chain and software security risk measurement.
-
One Ring -3 to Secure Them All: Computing with Hardware Enclaves
Aaron Bedra explores the most widely available options and their usage in IoT and cloud, discussing design trade-offs, security, and performance.
-
Application-Layer Encryption Basics for Developers
Isaac Potoczny-Jones covers the basics of encryption, what are application-layer and infrastructure-layer encryption, when to use asymmetric and symmetric keys, and how to do key management.
-
Cloud DevSecOps in Practice: People, Processes and Tools
The panelists discuss how to get the right security, DevOps, and cloud engineering stakeholders together to build a realistic DevSecOps strategy.
-
Pivoting and Exploitation in a Docker Environment
Filipi Pires discusses different ways that exist in working with a single form of pivot and how to overcome different obstacles in different networks within this “new” environment called Docker.