BT

Facilitating the Spread of Knowledge and Innovation in Professional Software Development

Write for InfoQ
Register Sign in

Unlock the full InfoQ experience

Unlock the full InfoQ experience by logging in! Stay updated with your favorite authors and topics, engage with content, and download exclusive resources.

Log In
or

Don't have an InfoQ account?

Register
News Articles Presentations Podcasts Guides

Topics

Choose your language

QCon AI New York - image
QCon AI New York 2025

Go from AI demos to real engineering impact. Learn to embed LLMs, govern & scale securely.

SOLD OUT!

 InfoQ Architect Certification - image
InfoQ Architect Certification

Join Luca Mezzalira for this 5-week online cohort. Master socio-technical architecture leadership.

Save your spot.

 QCon London - image
QCon London 2026

Learn what works in AI, architecture, data, security & FinTech.

Early Bird ends Jan 13.

 QCon AI Boston - image
QCon AI Boston

Learn how leading engineering teams run AI in production—reliably, securely, and at scale.

Early Bird ends Jan 13.

InfoQ Homepage Security Content on InfoQ

Articles

RSS Feed
Newer Older

  • Book Launch of “Commitment”, and an Interview with Olav Maassen, Chris Matts and Chris Geary

    Commitment is a graphical business novel about managing project risks with “Real Options”, a way of thinking to improve your decision making. InfoQ attended the book launch on May 14 in Amersfoort, The Netherlands and spoke with the authors about decision making, risks and technical debt.

    Ben Linders
    on Jul 02, 2013

  • Application Security Testing: The Double-sided Black Box

    In this article, Rohit Sethi discusses one of the biggest risks with software security, the opaque nature of verification tools and processes, and the potential for false negatives not covered by the different verification techniques. He also talks about some examples of security requirements and examines how common verification methods apply to them.

    Rohit Sethi
    on Feb 26, 2013

  • Automating Data Protection Across the Enterprise

    This article builds on the foundational Regulatory Compliant Cloud Computing (RC3) architecture for application security in the cloud by defining a Data Encryption Infrastructure(DEI) which is not application specific. DEI encompasses technology components and an application architecture that governs the protection of sensitive data within an enterprise.

    Arshad Noor
    on Feb 07, 2013

  • Do we really need identity propagation in SOA and Clouds?

    Identity Propagation through Single Sign-On(SSO) has been assumed to be a panacea for all identity issues in SOA and Clouds. In this article, Michael Poulin raises questions around the business feasibility of propagation and proposes a delegate model of representation instead.

    Michael Poulin
    on Aug 20, 2012

  • Don't SCIM over your Data Model

    This opinion piece discusses three specific suggestions for improving the SCIM data model: 1. Both the enterprise client and cloud provider should map their internal IDs to a shared External ID, which is the only ID exposed through the API. 2. Multi-valued attributes of a resource must be converted from an array into a dictionary with unique keys. 3. 3 ways to improve the PATCH command

    Ganesh Prasad
    on Aug 08, 2012

  • Defending against Web Application Vulnerabilities

    In this article, authors discuss the security in software development life cycle and how to defend against web application vulnerabilities using techniques like white-box analysis and black-box testing. They also talk about secure coding practices based on the defense-in-depth approach using three lines of defense: input validation, hotspot protection, and output validation.

    Nuno Antunes Marco Vieira
    on Jul 27, 2012

  • Standardizing the Cloud for Security

    Orlando Scott-Cowley discusses security in the cloud and the need for industry standards to lower the barriers to entry while ensuring that customer data is safe.

    Orlando Scott-Cowley
    on Jul 05, 2012

  • A Distributed Access Control Architecture for Cloud Computing

    Cloud computing’s multitenancy and virtualization features pose unique security and access control challenges. In this article, authors discuss a distributed architecture based on the principles from security management and software engineering to address cloud computing’s security challenges.

    Arif Ghafoor Walid G. Aref Abdulrahman A. Almutairi Saleh Basalamah Muhammad I. Sarfraz
    on Jun 12, 2012

  • Managing Security Requirements in Agile Projects

    Managing security requirements from early phases of software development is critical. Most security requirements fall under the scope of Non-Functional Requirements (NFRs). In this article, author Rohit Sethi discusses how to map NFRs to feature-driven user stories and also how to make security requirements more visible to the stakeholders.

    Rohit Sethi
    on Jun 04, 2012

  • The Future of Authentication

    In this IEEE roundtable discussion hosted by guest editors Richard Chow, Markus Jakobsson, and Jesus Molina, the panelists discuss current authentication approaches, how to authenticate users on mobile devices and the future direction of authentication.

    Steve Kirsch Scott Matsumoto Jesus Molina Ori Eisen Richard Chow Paul van Oorschot Markus Jakobsson Dirk Balfanz
    on May 04, 2012

  • Commitment – Writing a Graphic Novel explaining Real Options

    Building on their work on Real Options, Chris Matts and Olav Maassen are writing a graphic novel to explain the concepts and share their knowledge in the area. They discussed the novel, the process of producing it and the crowdsourcing model of funding with Shane Hastie from InfoQ. A sample chapter is available for InfoQ readers to download.

    Shane Hastie
    on Apr 05, 2012

  • Interview and Book Review: The CERT Oracle Secure Coding Standard for Java

    "The CERT Oracle Secure Coding Standard for Java" book covers the rules for secure coding using Java programming language and its libraries with the goal to help Java developers eliminate insecure coding practices that can lead to vulnerable code. InfoQ spoke with book authors about how the security rules discussed in the book compare to other security coding frameworks.

    Srini Penchikala
    on Feb 15, 2012
Newer Articles
Older Articles
BT