Aaron Bedra talks about property-based testing, BDD-inspired security framework, and how security teams should include developers and be part of the development lifecycle.
Gil Tene speaks to Alex Blewitt at QCon London 2016 on the upcoming support for hardware transactional memory in server-class Intel chips, and what it will mean for the JVM. Tene discusses what kinds of applications will benefit from speculative lock elision and increasing concurrency in the near future on multi-core server platforms.
Adam Wick talks about software security, research into formal methods and randomisation as well as documentation and types to help write secure software, HalVM and other Unikernels, DRM.
The Internet of Things is becoming a part of our lives right now - we are measuring health, we are connecting to our cars, we can open our front door while being half-way around the globe. And while we can benefit from all the sensors and actors around us, there is also a big risk of losing control and data. Paul Fremantle shares some knowledge on potential threads and what we can do about them.
The Internet of Things is just around the corner and it will massively impact our lives. Most of the devices in our homes will become connected and collect data or react to certain events. Currently it is still uncertain, how personal data can be protected and leveraged for crowd sourcing and swarm intelligence at the same time. Jacob is sharing the ideas that his company Yetu has to clarify this
Todd Montgomery explains protocol design, the advantages of binary over text protocols, formal verification tools and methods, and much more.
Laurie and Catherine share a Planning Poker-type practice called Protection Poker that leverages a diversity of ideas, experience, and knowledge related to software security. Protection Poker provides a collaborative, interactive, and informal structure for abuse case development and threat modeling leading to a software security risk estimate and security risk reduction.
Tim Lister co-author of Peopleware and Waltzing with Bears, among other books, talks about his experiences arbitrating disputes in systems development, the importance of risk management and how the IT industry is changing with distributed teams.
Robert Benefield explains the importance of business and operations understanding each other better and how they can kickstart that understanding through collaboration. He talks about the need to find meaningful metrics for business. He discusses how methodologies for operations (ITIL, COBIT) and development (Scrum, Kanban) differ and what can be learned from both.
Aaron Bedra talks about web security and issues that affect e-commerce and online payments services.
Tim Lister talks about his keynote at the Agile 2013 conference, reflecting on his 40 years in the software industry, the new release of the book Peopleware, risk management in software projects and how teams form.
The Content Security Policy specification is a mechanism web applications can use to mitigate a broad class of content injection vulnerabilities, such as cross-site scripting (XSS). Content Security Policy is a declarative policy that lets web developers inform the client about the sources from which the application expects to load resources.
CONTENT IN THIS BOX
PROVIDED BY OUR SPONSOR
Introducing Intel® SGX - Hardware Assisted Security for the Application Layer.
Numecent, Bromium, and wolfSSL employ Intel® Software Guard Extensions (Intel® SGX) to create more secure, next-generation solutions.
Intel Software Guard Extensions (SGX) for Dummies.
At its root, Intel® SGX is a set of new CPU instructions that can be used by applications to set aside private regions of code and data.
Protect Application Code, Data, & Secrets from Attack.
CPU-enhanced Application Security Product Brief.
Learn more about the Intel SGX SDK, a collection of APIs, libraries, documentation, sample source code, and tools that allows software developers to create and debug Intel SGX enabled applications in C/C++.