Facilitating the Spread of Knowledge and Innovation in Professional Software Development

Write for InfoQ


Choose your language

InfoQ Homepage Security Development Lifecycle Content on InfoQ


RSS Feed
  • A 4-Step Guide to Building Continuous Security into Container Deployment

    Containers face security risks at every stage, from building to shipping to the run-time production phases. Securing them requires a layered strategy throughout the stack and the deployment process.

  • Securing the Modern Software Delivery Lifecycle

    Information security practice has evolved to be pretty good at granting and managing access to confidential information - by people. But automation is taking over, requiring a shift in how we think about securing our infrastructure and applications.

  • How Well Do You Know Your Personae Non Gratae?

    In this article, author discusses three techniques to defend against malicious users in software systems. These techniques includes creating personas to think strategically about the mischief a malicious user might attempt, misuse cases used to determine how the software should respond to unintended use, and activity diagrams annotated with security concerns.

  • Defending against Web Application Vulnerabilities

    In this article, authors discuss the security in software development life cycle and how to defend against web application vulnerabilities using techniques like white-box analysis and black-box testing. They also talk about secure coding practices based on the defense-in-depth approach using three lines of defense: input validation, hotspot protection, and output validation.

  • Bryan Sullivan on Security Development Lifecycle

    Security Development Lifecycle (SDL), developed at Microsoft, is a security assurance process with a focus on software development. It introduces security and privacy aspects in all phases of the software development process. InfoQ spoke with Bryan Sullivan from SDL team about the current state and future road map of the framework.