• DevOps Follow 403 Followers

    A 4-Step Guide to Building Continuous Security into Container Deployment

    by Fei Huang Follow 0 Followers on  Sep 30, 2017

    Containers face security risks at every stage, from building to shipping to the run-time production phases. Securing them requires a layered strategy throughout the stack and the deployment process.

  • Followers

    Beyond Blacklisting: Cyberdefense in the Era of Advanced Persistent Threats

    by Aaron Beuhring Follow 0 Followers , Kyle Salous Follow 0 Followers on  Mar 17, 2015 1

    In this article, authors discuss the security vulnerabilities in software applications and how whitelisting approach has advantages over blacklisting. They also talk about how to implement the whitelisting security policies and cost involved with it.

  • Followers

    Employing Enterprise Architecture for Applications Assurance

    by Walter Houser Follow 0 Followers on  Feb 26, 2015

    In this article, authors discuss how enterprise, software, and security architects can improve software assurance by using the enterprise architecture to promulgate the software security controls. They also talk about other security model components like threat modeling, attack trees, secure design patterns, and misuse cases.


How Well Do You Know Your Personae Non Gratae?

Posted by Jane Cleland-Huang Follow 0 Followers on  Nov 27, 2014

In this article, author discusses three techniques to defend against malicious users in software systems. The techniques includes creating personas, misuse cases and annotated activity diagrams.


Keeping Your Secrets

Posted by Dennis Sosnoski Follow 0 Followers on  Sep 30, 2013

Dennis Sosnoski explains how supposedly-secure connections can be downgraded to the point where they are easily broken and how to make it more difficult for anyone to see or alter your data exchanges. 2


Application Security Testing: The Double-sided Black Box

Posted by Rohit Sethi Follow 0 Followers on  Feb 26, 2013

In this article, Rohit Sethi discusses the opaque nature of security verification tools and processes and the potential for false negatives not covered by techniques like automated dynamic testing. 1


Defending against Web Application Vulnerabilities

Posted by Nuno Antunes Follow 0 Followers , Marco Vieira Follow 0 Followers on  Jul 27, 2012

In this article, authors discuss the security in software development life cycle and how to defend against web application vulnerabilities using white-box analysis and black-box testing techniques. 1


Comparison of Intrusion Tolerant System Architectures

Posted by Quyen L. Nguyen Follow 0 Followers , Arun Sood Follow 0 Followers on  Nov 25, 2011

In this IEEE article, authors Quyen L. Nguyen and Arun Sood discuss three types of intrusion tolerant system architectures and their efficiency for intrusion tolerance and survivability. 1


Virtual Panel: Security Considerations in Accessing NoSQL Databases

Posted by Srini Penchikala Follow 17 Followers on  Nov 15, 2011

NoSQL databases have been getting lot of attention lately but NoSQL data security is not given much emphasis. This article focuses on the security considerations in accessing NoSQL databases. 2


Resilient Security Architecture

Posted by John Diamant Follow 0 Followers on  Sep 27, 2011

In this IEEE article, author John Diamant talks about improving security quality of software applications using techniques like security requirements gap analysis and architectural threat analysis.


Enhanced Detection of Malware

Posted by Carlos Rozas Follow 0 Followers , Hormuzd Khosravi Follow 0 Followers , Divya Kolar Sunder Follow 0 Followers , and Yuriy Bulygin Follow 0 Followers on  Sep 30, 2009

This article discusses significant new threats to host agents, outlines a generic architecture for malware detection, based on enhanced cloud computing, and outlines enhanced computing solutions.


The Dark Cloud: Understanding and Defending against Botnets and Stealthy Malware

Posted by Jaideep Chandrashekar Follow 0 Followers , Carl Livadas Follow 0 Followers , Steve Orrin Follow 0 Followers , Eve Schooler Follow 0 Followers on  Aug 04, 2009

Botnets are the latest scourge to hit the Internet and this article provides and presents several promising anti-botnet defense strategies that specifically target current and emerging trends.

Login to InfoQ to interact with what matters most to you.

Recover your password...


Follow your favorite topics and editors

Quick overview of most important highlights in the industry and on the site.


More signal, less noise

Build your own feed by choosing topics you want to read about and editors you want to hear from.


Stay up-to-date

Set up your notifications and don't miss out on content that matters to you