BT

Facilitating the Spread of Knowledge and Innovation in Professional Software Development

Contribute

Topics

Choose your language

InfoQ Homepage Security Assessment Content on InfoQ

Articles

RSS Feed
  • Mitigating Inside and Outside Threats with Zero Trust Security

    As ransomware and phishing attacks increase, it is evident that attack vectors can be found on the inside in abundance. Zero Trust Security can be thought of as a new security architecture approach where the main goals are: verifying endpoints before any network communications take place, giving least privilege to endpoints, and continuously evaluating the endpoints throughout the communication.

  • Application Security Manager: Developer or Security Officer?

    The role of the Application Security Manager (ASM) should be the driving force of the overall code review process. An ASM should know about development processes, information security principles, and have solid technical skills. To get a good ASM you can either use experts from a service provider or grow an in-house professional from developers or security specialists.

  • Three Major Cybersecurity Pain Points to Address for Improved Threat Defense

    Three pain points every company must address when addressing cybersecurity include threat volume and complexity, a growing cybersecurity skills gap, and the need for threat prioritization. This article describes each of these in some detail, and includes recommendations for corporations to deal with them.

  • Test Management Revisited

    The concept of test management sits awkwardly in agile, mostly because it’s a construct derived from the time when testing was a post-development phase, performed by independent testing teams. Agile, with its focus on cross functional teams, has sounded the death knell for many test managers. While test management is largely irrelevant in agile, there is still a desperate need for test leadership.

  • Resilient Security Architecture

    In this IEEE article, author John Diamant talks about how to improve security quality of software applications using a proactive approach with techniques like Security requirements gap analysis and Architectural threat analysis in the early phases of software development life cycle.

  • Brian Chess on Static Code Analysis

    Building security into software applications from the initial phases of development process is critical. Static code analysis gives developers the ability to review their code without actually executing it to uncover potential security vulnerabilities. InfoQ spoke with Brian Chess about static analysis and how it compares with other security assessment techniques like penetration testing.

BT