InfoQ Homepage Security Content on InfoQ
-
Continuous Security Testing With Gauntlt
James Wickett, from Gauntlt core team, gave a tutorial at Velocity Conf London about integrating security testing in the continuous integration cycle for early feedback on application security level. James stressed the importance of regularly checking for security as release delivery rates increase with continuous delivery.
-
Microsoft to Stop Honoring SHA1 Certificates for SSL and Code Signing
Following recommendations by the US National Institute of Standards and Technology, Microsoft intends to stop honoring SHA1 for SSL and Code Signing certificates. This policy will begin in 2017 and applies to Windows Vista, Windows Server 2008, and later operating systems.
-
Applying Security by Design with the CMMI for Development
To enable development of secure products, processes covering the software development life cycle have to include security activities. Winfried Russwurm from Siemens and Peter Panholzer from Limes Security facilitated a workshop at the SEPG Europe 2013 conference where they explored security activities and presented the Application Guide for Improving Processes for Secure Products.
-
Apigee Now Supports Node.js and Open Sources Volos
Apigee Edge now supports Node.js and has open sourced Volos, a project containing a set of API management modules.
-
Oracle Releases 51 Security Fixes for Java
Last week, Oracle released a Critical Patch Update, which included 127 new security fixes for the Oracle ecosystem of products, including Java SE, amongst others. There were 51 critical security fixes for Java, which affects both client and server deployments.
-
A Look Back at the Linux Kernel Backdoor
With all of the recent concern over the US government’s National Security Agency (NSA) some of the attention has turn to the possibility of backdoors. Back in 2003 someone attempted to insert a backdoor into the Linux kernel. Though caught, it illustrates how seemingly innocuous changes can introduce vulnerabilities and the importance of tractability in source control.
-
Securing Docker and Containers
Jérôme Petazzoni, senior engineer at dotCloud, examined the progress of security concerning Docker compared with other virtualization and container like technology in his recent blog post "CONTAINERS & DOCKER: HOW SECURE ARE THEY?". Jérôme makes a case for the techniques that secure Docker, in spite of the acknowledgement that improvements are needed.
-
Improved Authentication with Filters in ASP.NET MVC 5
Visual Studio 2013 Developer Preview ships with ASP.NET MVC 5 which enables developers to apply authentication filters that provides an ability to authenticate users using various third party vendors or a custom authentication provider. Eric Vogel recently demonstrated its usage with an example using source codes.
-
Tune Up Your Online Privacy with Clef
Clef is like a retina scan for your smart phone, which gives a whole new meaning to Retina Display. You can use Clef as an Open ID to log in from your smart phone only once to access many different web sites when online. Rather than typing in your user ID and password for each web site.
-
S is for Security
Frank Breedijk, security officer at Schuberg Philis, talks about the friction points between security and DevOps and how to collaborate to avoid them. Examples include automating security tests and environments, reducing scope of security audits to relevant system components only or allowing security fixes to jump the queue of changes to production.
-
Oracle to Change the Release Numbering for Java SE
"To avoid the confusion caused by renumbering releases", Oracle has announced that it is adopting a new numbering scheme for JDK 5.0, JDK 6 and JDK 7. "The next Limited Update for JDK 7 will be numbered 7u40, and the next 3 CPUs after that will be numbered 7u45, 7u51, and 7u55.”
-
Java Still Vulnerable, Despite Latest Patches
Just days after the latest fix, security researcher Adam Gowdiak has found another Java vulnerability. In addition, in the past few days, attack code targeting one of the many remote-code-execution vulnerabilities fixed in Java 7 Update 21 have also begun circulating in the wild.
-
Layer 7 to be Merged with SiteMinder
Layer 7 Technologies has just been acquired by CA Technologies for the purpose of augmenting CA SiteMinder with Layer 7’s API Management & Security Suite. Layer 7 specializes in adding “access, security, SLA and management features” to existing service APIs.
-
MongoDB Gets Better Security, Text Search, Performance Improvements – What’s Next?
MongoDB 2.4 was recently released with new features such as Text Search, hash-based sharding, better geo-spatial capabilities with GeoJSON support and several performance and tooling improvements. We also discussed with 10gen about what’s next on the roadmap.
-
Security Enhancements in Android 4.2.2
Android 4.2.2 includes security enhancements such as application verification, Always-on VPN, certificate pinning, installd hardening including few other security fixes.