InfoQ Homepage Security Content on InfoQ
-
Adding Security to Testing to Enable Continuous Security Testing
Teams can be trained by security experts to become able to identify areas to add security testing in the test process and add security checks as part of functional test automation. This can lead to continuous security testing where security defects can be spotted at an early stage with higher security testing coverage in every release.
-
Airbnb Builds Himeji - a Scalable Centralized Authorization System
Airbnb recently described how it built Himeji, a scalable centralized authorization system. Himeji stores permissions data and performs permission checks as a central source of truth. It uses a sharded and replicated in-memory cache to improve performance and lower latencies and has served checks in production for about a year.
-
New Exploit Breaks Current Spectre Defenses; Fixes Hard without Performance Impact
Researchers from the University of Virginia School of Engineering recently disclosed a new Spectre hardware exploit that can steal secrets via Intel/AMD micro-op caches and circumvents current Spectre defenses. Intel and AMD say no new guidance is needed. Researchers say suggested fixes are inconvenient to deploy or have performance drawbacks.
-
.NET News Roundup - Week of May 3rd, 2021
This past week was marked by a new Visual Studio Code release and Pure Virtual C++, a virtual event hosted by Microsoft. InfoQ examined this and a number of smaller stories in the .NET ecosystem from the week of May 3rd, 2021.
-
GitHub Reacts to Growing Cryptocurrency Mining Attacks Using GitHub Actions
In response to the recent surge in cryptocurrency mining attacks, GitHub has changed how pull requests from public forks are handled in GitHub Actions to prevent abuse.
-
CNCF Publishes Latest Technology Radar Focused on Secrets Management
CNCF published the fourth edition of the end-user Technology Radar. This time the theme was secrets management: the set of tools and technologies to manage digital authentication. The purpose of this edition is to share what tools are used by end-users, the tools they recommend, and any patterns that emerged.
-
HashiCorp Boundary: Remote Access Management Service Adds OIDC Support
HashiCorp has announced the release of version 0.2 of Boundary, their open-source identity-based access management service designed for dynamic infrastructure. This release includes support for OIDC authentication methods. The Boundary Desktop application is now at version 1.0 for macOS.
-
Post-Quantum Cryptography: Q&A with Jean-Philippe Aumasson
While quantum computing is still in its infancy, post-quantum cryptography is a field of growing interest for companies and research institutions. InfoQ has spoken with cryptography researcher Jean-Philippe Aumasson to understand where post-quantum crypto is headed.
-
Infosec Teams Expand Use of Security Tools to Address Cloud Complexity, Survey Finds
The Cloud Security Alliance (CSA), a non-profit organization, recently published its findings on the state of cloud security practices which shows accelerating cloud adoption, but a need for more sophisticated security approaches.
-
OpenJDK Proposes SecurityManager Deprecation
The OpenJDK project has proposed JEP-411 as a means of deprecating the SecurityManager. If accepted, this would be the first step in a multi-year process in which the OpenJDK Quality Outreach Campaign can guide affected projects towards alternatives before anything is removed.
-
Infrastructure Vulnerability Scanner Checkov Adds Context Aware Assessments
Bridgecrew has announced the first 2.x version of Checkov. Checkov is an open-source scanner for infrastructure as code (IaC). The 2.0 release includes a re-architected backend that is now graph-based allowing for better processing of multi-resource queries. There has also been an increase in coverage with the addition of nearly 250 new policies.
-
Netflix Open Sources ConsoleMe to Manage Permissions and Access on AWS
Netflix has recently open-sourced ConsoleMe, a AWS multi-account management service, and its CLI utility, Weep. The tools provide a central control plane for permissions management across all of AWS accounts of an organization and help to implement the principle of least privilege.
-
GitHub Changes Token Format to Improve Identifiability, Secret Scanning, and Entropy
GitHub has recently moved to a new format for all of its tokens, including personal access, OAuth access, user-to-server and server-to-server, and refresh tokens. As GitHub engineer Heather Harvey explains, the new format aims to make tokens more easily identifiable, including when scanning repos for secrets, and to increase their entropy.
-
HashiCorp Announces the General Availability of HCP Vault on AWS
Recently, HashiCorp announced the general availability of their fully-managed Vault service for AWS environments on the HashiCorp Cloud Platform (HCP). With Vault, customers can leverage a SaaS service with secret management and encryption capabilities.
-
AWS and Cloudflare Add Bot Management Features to Their Firewalls
Both AWS and Cloudflare have released new bot mitigation features into their respective firewall products. Both releases provide additional features for filtering out unwanted bot traffic from reaching the application.
CONTENT IN THIS BOX PROVIDED BY OUR SPONSOR
File Download with Servlets, JSF, and JAX-RX
How to Develop Applications with Minimal Security Risks
How to Secure JAX-RS Endpoints of a Stateless Application
Why Migrate to the Payara Platform?
Fix GlassFish Problems
Detailed Review of JDK Implementations
Develop Resilient Applications with Event-Driven Microservices
Beginners Overview Guide to Java Runtimes
