In this IEEE roundtable discussion hosted by guest editors Richard Chow, Markus Jakobsson, and Jesus Molina, the panelists discuss current authentication approaches, how to authenticate users on mobile devices and the future direction of authentication.
Microsoft has registered security assessments for Office 365, Windows Azure and Dynamics CRM for public consumption on the cloud security alliance's security registry, STAR. Microsoft is the first major service provider to register their assessments at a time when security concerns in the public cloud space continue to grow.
Lori Macvittie recently raised concerns about WebSockets vulnerabilities to viruses and malware due to the removal of HTTP headers and MIME types. Given other reported security issues with the protocol and implementations, is it time to step back and consider what a world based on WebSockets should look like?
Agile teams are known to produce reliable and high quality code quickly. However, it is also a fact that pressure to deliver quickly might result in short cut reviews, curtailed testing and lack of attention to secure code. Is secure development as good as wishful thinking with Agile?
"The CERT Oracle Secure Coding Standard for Java" book covers the rules for secure coding using Java programming language and its libraries with the goal to help Java developers eliminate insecure coding practices that can lead to vulnerable code. InfoQ spoke with book authors about how the security rules discussed in the book compare to other security coding frameworks.
In this IEEE article, authors Stephen Yau and Ho An talk about application development using service-oriented architecture and cloud computing technologies. They also discuss application development challenges like security in a multi-tenant environment, quality-of-service monitoring, and mobile computing.
Not all data is sensitive and hence an equal and balanced investment in securing all data categories is not justified. This article presents an architecture that leverages cloud-computing, cloud-storage and enterprise key-management Infrastructure(EKMI) to lower costs while complying to data-security regulations.
Martin Thompson and Michael Barker explain how Intel x86_64 processors and their memory model work along with low-level techniques that help creating lock-free software.
Paul Downey talks on the current status of identity management on the web covering cross-site challenges, REST, HTTPS, Open ID, all in the context of enterprise architecture.
As web applications have evolved away from the old client-server model, so have the security threads. In this interview Tyler Close talks about common security challenges and how these are affected by the new HTML5 APIs and Ecmascript 5.
Mark S. Miller talks about the security considerations of JavaScript and how they are dealt with in ECMAScript 5 and the Caja project. He also mentions issues that have to do with HTML5 and compares the security characteristics of other languages like Java and Scheme.
The authors of this book share their experience and lessons learned while building an enterprise-wide Identity and Access Management system using an architectural approach called LIMA.
