Facilitating the spread of knowledge and innovation in professional software development



Choose your language

InfoQ Homepage Security Vulnerabilities Content on InfoQ

  • Q&A on the Book Cybersecurity Threats, Malware Trends and Strategies

    The book Cybersecurity Threats, Malware Trends and Strategies by Tim Rains provides an overview of the threat landscape over a twenty year period. It provides insights and solutions that can be used to develop an effective cybersecurity strategy and improve vulnerability management.

  • Three Major Cybersecurity Pain Points to Address for Improved Threat Defense

    Three pain points every company must address when addressing cybersecurity include threat volume and complexity, a growing cybersecurity skills gap, and the need for threat prioritization. This article describes each of these in some detail, and includes recommendations for corporations to deal with them.

  • Q&A on the Book Real-World Bug Hunting

    The book Real-World Bug Hunting by Peter Yaworski is a field guide to finding software vulnerabilities. It explains what ethical hacking is, explores common vulnerability types, explains how to find them, and provides suggestions for reporting bugs while getting paid for doing so.

  • How to Deal with Open Source Vulnerabilities

    Despite the shockwaves following the Equifax hack in September 2017, the industry still has a long way to go in protecting their products. A key area to focus on is the open source components that comprise 60-80% of the code base in modern applications. Learn how to detect vulnerable open source components and keep your products secure.

  • A 4-Step Guide to Building Continuous Security into Container Deployment

    Containers face security risks at every stage, from building to shipping to the run-time production phases. Securing them requires a layered strategy throughout the stack and the deployment process.

  • Beyond Blacklisting: Cyberdefense in the Era of Advanced Persistent Threats

    In this article, authors discuss the security vulnerabilities in software applications and how whitelisting approach has advantages over blacklisting. They also talk about how to implement the whitelisting security policies and cost involved with it.

  • Employing Enterprise Architecture for Applications Assurance

    In this article, authors discuss how enterprise, software, and security architects can improve software assurance by using the enterprise architecture to promulgate the software security controls. They also talk about other security model components like threat modeling, attack trees, secure design patterns, and misuse cases.

  • How Well Do You Know Your Personae Non Gratae?

    In this article, author discusses three techniques to defend against malicious users in software systems. These techniques includes creating personas to think strategically about the mischief a malicious user might attempt, misuse cases used to determine how the software should respond to unintended use, and activity diagrams annotated with security concerns.

  • Keeping Your Secrets

    Dennis Sosnoski explains how supposedly-secure connections can be downgraded to the point where they are easily broken and how even at full strength most forms of encryption are vulnerable to data capture and later decryption if your private keys are exposed. In this article you'll learn some ways of making it more difficult for anyone to see or alter your data exchanges.

  • Application Security Testing: The Double-sided Black Box

    In this article, Rohit Sethi discusses one of the biggest risks with software security, the opaque nature of verification tools and processes, and the potential for false negatives not covered by the different verification techniques. He also talks about some examples of security requirements and examines how common verification methods apply to them.

  • Defending against Web Application Vulnerabilities

    In this article, authors discuss the security in software development life cycle and how to defend against web application vulnerabilities using techniques like white-box analysis and black-box testing. They also talk about secure coding practices based on the defense-in-depth approach using three lines of defense: input validation, hotspot protection, and output validation.

  • Comparison of Intrusion Tolerant System Architectures

    In this IEEE article, authors Quyen L. Nguyen and Arun Sood discuss three types of intrusion tolerant system (ITS) architectures and their efficiency for intrusion tolerance and survivability. For the ITS architectures, they propose a taxonomy with four categories: detection triggered, algorithm driven, recovery based, and hybrid.


Is your profile up-to-date? Please take a moment to review and update.

Note: If updating/changing your email, a validation request will be sent

Company name:
Company role:
Company size:
You will be sent an email to validate the new email address. This pop-up will close itself in a few moments.