Security Content on InfoQ
Latest featured content about Security

- Topics
- Secure Coding,
- CERT,
- Security,
- Book Review
"The CERT Oracle Secure Coding Standard for Java" book covers the rules for secure coding using Java programming language and its libraries with the goal to help Java developers eliminate insecure coding practices that can lead to vulnerable code. InfoQ spoke with book authors about how the security rules discussed in the book compare to other security coding frameworks.
News about Security
- Topics
- Private Cloud,
- Platforms,
- Tools,
- Cloud Adoption,
- Cloud Security,
- Deployment,
- Agile,
- Cloud Computing,
- Programming,
- migration,
- Software Engineering,
- Security
According to CGN (Government Computer News) the U.S. Army’s Architecture Services Division within the Software Engineering Center (SEC) has deployed a platform for the quick development and migration of applications to the private cloud. The engineers are using OutSystems’ Agile Platform for this purpose.
- Topics
- Silverlight,
- .NET,
- Rich Internet Apps,
- Languages,
- Security,
- Programming
Silverlight was originally seen as a Flash killer, but Flash itself is being replaced by HTML5. It was also seen as a way of delivering cross-platform applications, but iOS made that a non-starter as well. Surprisingly it is thriving in areas that were supposed to be the domain of WPF such as internal business applications and Silverlight 5’s updated security model reflects this.
Articles about Security

- Topics
- SOA,
- Cloud Security,
- Cloud Adoption,
- Enterprise Architecture,
- Architecture,
- Cloud Computing,
- Security,
- SOA Adoption
In this IEEE article, authors Stephen Yau and Ho An talk about application development using service-oriented architecture and cloud computing technologies. They also discuss application development challenges like security in a multi-tenant environment, quality-of-service monitoring, and mobile computing.

- Topics
- Cloud Security,
- Cloud Computing,
- Security,
- Web Applications
Not all data is sensitive and hence an equal and balanced investment in securing all data categories is not justified. This article presents an architecture that leverages cloud-computing, cloud-storage and enterprise key-management Infrastructure(EKMI) to lower costs while complying to data-security regulations.
Presentations about Security

- Topics
- Spring,
- Java,
- Dependency Injection,
- SpringSource,
- Languages,
- Websphere,
- Design Pattern,
- VMWare,
- Application Servers,
- Programming,
- IBM,
- Patterns,
- Design,
- Object Oriented Design,
- SpringOne 2GX 2011,
- SpringOne,
- Agile in the Enterprise,
- Companies,
- Identity Management,
- Conferences,
- Agile,
- Security,
- Spring Security
David Syer discusses identity management, SSO, security standards –SAML, OpenID, OAuth, SCIM, JWT-, how Spring Security can fit in, and demoing IdM as a service.

- Topics
- Spring Batch,
- Spring Integration,
- Spring,
- Java,
- Dependency Injection,
- SpringSource,
- Ruby on Rails,
- Ruby,
- Languages,
- Design Pattern,
- Websphere,
- VMWare,
- Programming,
- IBM,
- Application Servers,
- QCon San Francisco 2011,
- Dynamic Languages,
- Design,
- Object Oriented Design,
- Patterns,
- QCon,
- Companies,
- TDD,
- Agile in the Enterprise,
- Agile,
- Security,
- Conferences,
- Spring Security,
- Architecture Analysis,
- BDD,
- Testing
John Davies examines Visa’s architecture and shows how major enterprises have architected very complex integrations incorporating Hadoop, memcached, Ruby on Rails, and many others to deliver innovative technology solutions. John explains how the platform architecture and technologies -- integrated and invented -- must be reliable and able to massively scale.
Interviews about Security

- Topics
- HTML 5,
- HTML5,
- Javascript,
- HTML,
- Rich Internet Apps,
- Dynamic Languages,
- Markup Languages,
- QCon San Francisco 2010,
- Web 2.0,
- Languages,
- QCon,
- Architecture,
- Enterprise Architecture,
- Security,
- Programming,
- EcmaScript 5,
- Conferences,
- Caja
As web applications have evolved away from the old client-server model, so have the security threads. In this interview Tyler Close talks about common security challenges and how these are affected by the new HTML5 APIs and Ecmascript 5.

- Topics
- HTML 5,
- HTML5,
- Rich Internet Apps,
- Javascript,
- HTML,
- QCon San Francisco 2010,
- Markup Languages,
- Dynamic Languages,
- Languages,
- QCon,
- Security,
- Architecture,
- Conferences,
- Programming,
- EcmaScript 5,
- CORBA,
- Scheme,
- Distributed Programming,
- Caja
Mark S. Miller talks about the security considerations of JavaScript and how they are dealt with in ECMAScript 5 and the Caja project. He also mentions issues that have to do with HTML5 and compares the security characteristics of other languages like Java and Scheme.