InfoQ Homepage Security Content on InfoQ
-
/articles/tesauro-owasp-wte/en/smallimage/owasp2 jpg.jpg)
Matt Tesauro on OWASP Web Testing Environment (WTE) Project
Web Testing Environment (WTE) project, a part of The Open Web Application Security Project (OWASP) organization, makes application security tools available to application developers and QA testers. InfoQ caught up with WTE project lead Matt Tesauro to learn more about the background, current state, various tools it supports and the future road map of the project.
-
/articles/kalali-glassfish/en/smallimage/GlassFishSecurityCoverImage.jpg)
Interview and Book Excerpt: Masoud Kalali’s GlassFish Security
GlassFish Security book, by author Masoud Kalali, covers Java EE security model and how to design and develop secure Web and EJB modules in Java EE applications and deploy them to GlassFish server environment. InfoQ spoke with Masoud about the book and the new security features in Java EE 6 release.
-
/articles/sullivan-sdl/en/smallimage/SDL 2.jpg)
Bryan Sullivan on Security Development Lifecycle
Security Development Lifecycle (SDL), developed at Microsoft, is a security assurance process with a focus on software development. It introduces security and privacy aspects in all phases of the software development process. InfoQ spoke with Bryan Sullivan from SDL team about the current state and future road map of the framework.
-
/articles/authorizing_process_access/en/smallimage/no_entry_sign.jpg)
Authorizing Process Access and Execution with JBoss jBPM
Centralized BPM deployments can greatly benefit from the ability to control access to process definitions and instances ensuring that users can use and monitor only a set of processes that they are authorized for. In this article Boris Lublinsky shows how to extend JBoss jBPM to define and support process access authorization.
-
/articles/poulin-wonderland-soa-governance/en/smallimage/image_alice-rabbit.jpg)
Wonderland Of SOA Governance
Michael Poulin elaborates on the differences between of governance and management and tries to explore the 'wonderland' of governance in a service-oriented environment. He defines SOA Governance, explores the relationship between governance and enterprise architecture, and discusses accountability and ownership of governance efforts, and how practitioners can instrument SOA governance.
-
/articles/malware-detection-intel/en/smallimage/imagesmall.jpg)
Enhanced Detection of Malware
This article, from Intel, discusses significant new threats to host agents, outlines a generic architecture for malware detection, based on enhanced cloud computing, describes how Intel platform technologies can be used to enhance computing solutions, and ends with a threat analysis of the approaches presented. Malware that masks its presence from traditional security agents is the article focus.
-
/articles/encrypt-internet-intel/en/smallimage/images.jpg)
Encrypting the Internet
The authors, from Intel, offer a three pronged approach to providing secure transmission of high volume HTML traffic: new CPU instructions to accelerate cryptographic operations; a novel implementation of the RSA algorithm to accelerate public key encryption; and using SMT to balance web server and cryptographic operations. Their approach, they claim, leads to significant cost savings.
-
/articles/intel-botnets-malware-security/en/smallimage/imagesmall.gif)
The Dark Cloud: Understanding and Defending against Botnets and Stealthy Malware
Botnets are the latest scourge to hit the Internet and this article defines a botnet (a collection of distributed computers or systems that has been taken over by rogue software), examines the botnet life cycle, and presents several promising anti-botnet defense strategies including canary detectors, white lists, and malware traces.
-
The First Few Milliseconds of an HTTPS Connection
What exactly happens when an HTTPS connection is established? This article analyzes the data exchanged between the browser and the server, down to the byte, in order to set up a secured connection.
-
/articles/Virtual-Panel-Cloud-Computing/en/smallimage/image_cloud.jpg)
Virtual Panel on Cloud Computing
In this virtual panel, InfoQ wants to find out from leading cloud experts what are the benefits brought by cloud computing as well as the constraints in using them, what is better to use, a public or a private cloud, is the cloud interoperability needed, what is the difference between providing infrastructure or a platform, and how can a client enforce regulatory compliance.
-
/articles/intel-services-economics/en/smallimage/imagesmall.gif)
The Economics of Service Orientation
This article explores the structural economic changes brought up by service orientation. Most IT organizations today are under enormous financial pressure trying to keep rising costs and flat budgets in synch. The restructuring brought about by the concept of services and reuse at the service level promises long lasting relief from the cost treadmill.
-
/articles/intro-virtual-service-grids/en/smallimage/smallimage.gif)
Introduction to Virtual Service Oriented Grids
This article discusses the combination of three ideas, virtualization, service-orientation, and grid computing into a single concept and computing platform concept, "virtual service-oriented grids." In addition to history and definitions, the article addresses an approach, with an example, to analyzing and implementing this technology.