Ready for InfoQ 3.0? Try the new design and let us know what you think!

Older rss
  • Development Follow 783 Followers

    How to Deal with Open Source Vulnerabilities

    by Rami Sass Follow 0 Followers on  May 30, 2018

    Despite the shockwaves following the Equifax hack in September 2017, the industry still has a long way to go in protecting their products. A key area to focus on is the open source components that comprise 60-80% of the code base in modern applications. Learn how to detect vulnerable open source components and keep your products secure.

  • DevOps Follow 1055 Followers

    A 4-Step Guide to Building Continuous Security into Container Deployment

    by Fei Huang Follow 2 Followers on  Sep 30, 2017

    Containers face security risks at every stage, from building to shipping to the run-time production phases. Securing them requires a layered strategy throughout the stack and the deployment process.

  • Followers

    Beyond Blacklisting: Cyberdefense in the Era of Advanced Persistent Threats

    by Aaron Beuhring Follow 0 Followers , Kyle Salous Follow 0 Followers on  Mar 17, 2015 1

    In this article, authors discuss the security vulnerabilities in software applications and how whitelisting approach has advantages over blacklisting. They also talk about how to implement the whitelisting security policies and cost involved with it.


Employing Enterprise Architecture for Applications Assurance

Posted by Walter Houser Follow 0 Followers on  Feb 26, 2015

In this article, authors discuss how enterprise, software, and security architects can improve software assurance by using the enterprise architecture to promulgate the software security controls.


How Well Do You Know Your Personae Non Gratae?

Posted by Jane Cleland-Huang Follow 0 Followers on  Nov 27, 2014

In this article, author discusses three techniques to defend against malicious users in software systems. The techniques includes creating personas, misuse cases and annotated activity diagrams.


Keeping Your Secrets

Posted by Dennis Sosnoski Follow 0 Followers on  Sep 30, 2013

Dennis Sosnoski explains how supposedly-secure connections can be downgraded to the point where they are easily broken and how to make it more difficult for anyone to see or alter your data exchanges. 2


Application Security Testing: The Double-sided Black Box

Posted by Rohit Sethi Follow 0 Followers on  Feb 26, 2013

In this article, Rohit Sethi discusses the opaque nature of security verification tools and processes and the potential for false negatives not covered by techniques like automated dynamic testing. 1


Defending against Web Application Vulnerabilities

Posted by Marco Vieira Follow 0 Followers , Nuno Antunes Follow 0 Followers on  Jul 27, 2012

In this article, authors discuss the security in software development life cycle and how to defend against web application vulnerabilities using white-box analysis and black-box testing techniques. 1


Comparison of Intrusion Tolerant System Architectures

Posted by Quyen L. Nguyen Follow 0 Followers , Arun Sood Follow 0 Followers on  Nov 25, 2011

In this IEEE article, authors Quyen L. Nguyen and Arun Sood discuss three types of intrusion tolerant system architectures and their efficiency for intrusion tolerance and survivability. 1


Virtual Panel: Security Considerations in Accessing NoSQL Databases

Posted by Srini Penchikala Follow 41 Followers on  Nov 15, 2011

NoSQL databases have been getting lot of attention lately but NoSQL data security is not given much emphasis. This article focuses on the security considerations in accessing NoSQL databases. 2


Resilient Security Architecture

Posted by John Diamant Follow 0 Followers on  Sep 27, 2011

In this IEEE article, author John Diamant talks about improving security quality of software applications using techniques like security requirements gap analysis and architectural threat analysis.


Enhanced Detection of Malware

Posted by Hormuzd Khosravi Follow 0 Followers , and Yuriy Bulygin Follow 0 Followers , Carlos Rozas Follow 0 Followers , Divya Kolar Sunder Follow 0 Followers on  Sep 30, 2009

This article discusses significant new threats to host agents, outlines a generic architecture for malware detection, based on enhanced cloud computing, and outlines enhanced computing solutions.