"The CERT Oracle Secure Coding Standard for Java" book covers the rules for secure coding using Java programming language and its libraries with the goal to help Java developers eliminate insecure coding practices that can lead to vulnerable code. InfoQ spoke with book authors about how the security rules discussed in the book compare to other security coding frameworks.
According to CGN (Government Computer News) the U.S. Army’s Architecture Services Division within the Software Engineering Center (SEC) has deployed a platform for the quick development and migration of applications to the private cloud. The engineers are using OutSystems’ Agile Platform for this purpose.
Silverlight was originally seen as a Flash killer, but Flash itself is being replaced by HTML5. It was also seen as a way of delivering cross-platform applications, but iOS made that a non-starter as well. Surprisingly it is thriving in areas that were supposed to be the domain of WPF such as internal business applications and Silverlight 5’s updated security model reflects this.
In this IEEE article, authors Stephen Yau and Ho An talk about application development using service-oriented architecture and cloud computing technologies. They also discuss application development challenges like security in a multi-tenant environment, quality-of-service monitoring, and mobile computing.
Not all data is sensitive and hence an equal and balanced investment in securing all data categories is not justified. This article presents an architecture that leverages cloud-computing, cloud-storage and enterprise key-management Infrastructure(EKMI) to lower costs while complying to data-security regulations.
David Syer discusses identity management, SSO, security standards –SAML, OpenID, OAuth, SCIM, JWT-, how Spring Security can fit in, and demoing IdM as a service.
John Davies examines Visa’s architecture and shows how major enterprises have architected very complex integrations incorporating Hadoop, memcached, Ruby on Rails, and many others to deliver innovative technology solutions. John explains how the platform architecture and technologies -- integrated and invented -- must be reliable and able to massively scale.
As web applications have evolved away from the old client-server model, so have the security threads. In this interview Tyler Close talks about common security challenges and how these are affected by the new HTML5 APIs and Ecmascript 5.
Mark S. Miller talks about the security considerations of JavaScript and how they are dealt with in ECMAScript 5 and the Caja project. He also mentions issues that have to do with HTML5 and compares the security characteristics of other languages like Java and Scheme.
