InfoQ Homepage Security Content on InfoQ
-
Box Introduces Four New Security and Governance APIs
The content management company Box recently announced the arrival of four security and governance APIs. These APIs are aimed at helping companies handle legal, security, and compliance needs better.
-
Ethereum Security Alert Issued, Ethereum Foundation Responds with “From Shanghai, With Love”
On September 18th, hours before the Ethereum Foundation devcon 2 conference was about to start, a DOS security alert was posted on the Ethereum blog. The alert was related to a vulnerability discovered on the Ethereum blockchain, in block 2283416, and was considered to have a high likelihood and severity.
-
Stormpath's Java SDK 1.0 Released
This week Stormpath released version 1.0 of their user management and authentication Java SDK. Stormpath generally provides APIs for implementing authentication, authorization and user management in web and mobile applications, including open source implementations, targeting a range of languages and frameworks.
-
Mozilla's Observatory Website Security Analysis Tool Available
Mozilla has launched their website security analysis tool. Dubbed Observatory, the tool helps to spread information on best security practices to developers and sys admins in need of guidance.
-
Docker and High Security Microservices: A Summary of Aaron Grattafiori's DockerCon 2016 Talk
At DockerCon 2016, held in Seattle, USA, Aaron Grattafiori presented “The Golden Ticket: Docker and High Security Microservices”. Core recommendations for running secure container-based microservices included enabling User Namespaces, configuring application-specific AppArmor or SELinux and seccomp whitelist, hardening the host system, restricting host access and considering network security.
-
Modern iOS Application Security
At QCon New York 2016, Trail of Bits CEO and security expert Dan Guido explained how to keep iOS apps secure. This includes correctly using all iOS security provisions, without forgetting that your app might be running on a jailbroken phone.
-
DevOps Survival in the Highly Regulated Financial Industry
Robert Scherrer, head of application engineering at SIX, on how the company leveraged DevOps principles and benefits in the highly regulated Swiss financial industry. Engaging with compliance auditors to collaboratively agree on solutions early before it's too costly to change and avoiding legacy internal directives (not actually required by external regulations) are the main takeaways.
-
Microsoft Launches Azure Information Protection for Documents
Microsoft launched Azure Information Protection (AIP) in early June 2016. The service aims to enable easy classification of documents both for security and taxonomy.
-
Applying Supply Chain Management to Deliver Faster with Higher Quality
Supply chain management can raise the bar with continuous development, argues Joshua Corman, Director of the Cyber Statecraft Initiative and co-founder of Rugged Software. Our dependence on IT and software is growing faster than our ability to secure it, and applying supply chain approaches to software development helps to address complexity which reduces risks and increases quality.
-
Dan Guido: Modern iOS Application Security
As mobile applications increase in popularity and as more transactions are carried out via mobile devices, security is a topic of growing concern. In his talk "Modern iOS Application Security" at QCon New York 2016, Dan Guido takes a closer look at iOS security. While Apple already provides the means to create highly secured applications, there are still threads that may render them useless.
-
Java Champions Receive Free IntelliJ IDEA Licenses
Being a Java Champion has its perks, and thanks to the generosity of JetBrains, a free license for IntelliJ IDEA is now one of them. The Champions are the latest in the list of groups earning this special JetBrains premium, which also includes approved open source projects, students, and teachers.
-
Docker Security Scanning
Docker Inc have announced general availability of Docker Security Scanning, which was previously known as Project Nautilus. The release comes alongside an update to the CIS Docker Security Benchmark to bring it in line with Docker 1.11.0, and an updated Docker Bench tool for checking that host and daemon configuration match security benchmark recommendations.
-
DevOps Days for the Enterprise
Last week saw the first DevOps Days conference catering specifically to the enterprise world, in London. Talks ranged from re-thinking (traditional) management processes in a technology-disrupted world to facts and drivers of DevOps adoption by early adopters. The idea of bi-modal IT was also discussed throughout the conference, as well as need for better security and opinionated platforms.
-
Lessons Learned at the O’Reilly Software Architecture Conference: Day One
This article presents a review of the first day at the O'Reilly Software Architecture conference, held in New York City 12-13th April. Sessions summarised include, ‘blah, blah... microservices...blah, blah’, ‘the evolution of evolutionary architecture’, ‘Death Star Security’, ‘Twelve Patterns for Hypermedia Architecture’, ‘Architecture Without an End State’ and 'Leading Simplicity'.
-
.NET 4.6.2 Preview Brings Security and WPF Features
While most of the attention is on .NET Core, work continues on the original .NET Framework. Recently released as a preview, version 4.6.2 is primarily focused on security and WinForms/WPF related features.