InfoQ Homepage Security Development Lifecycle Content on InfoQ
Articles
RSS Feed-
A 4-Step Guide to Building Continuous Security into Container Deployment
Containers face security risks at every stage, from building to shipping to the run-time production phases. Securing them requires a layered strategy throughout the stack and the deployment process.
-
Securing the Modern Software Delivery Lifecycle
Information security practice has evolved to be pretty good at granting and managing access to confidential information - by people. But automation is taking over, requiring a shift in how we think about securing our infrastructure and applications.
-
How Well Do You Know Your Personae Non Gratae?
In this article, author discusses three techniques to defend against malicious users in software systems. These techniques includes creating personas to think strategically about the mischief a malicious user might attempt, misuse cases used to determine how the software should respond to unintended use, and activity diagrams annotated with security concerns.
-
Defending against Web Application Vulnerabilities
In this article, authors discuss the security in software development life cycle and how to defend against web application vulnerabilities using techniques like white-box analysis and black-box testing. They also talk about secure coding practices based on the defense-in-depth approach using three lines of defense: input validation, hotspot protection, and output validation.
-
Bryan Sullivan on Security Development Lifecycle
Security Development Lifecycle (SDL), developed at Microsoft, is a security assurance process with a focus on software development. It introduces security and privacy aspects in all phases of the software development process. InfoQ spoke with Bryan Sullivan from SDL team about the current state and future road map of the framework.