InfoQ Homepage Security Content on InfoQ
-
Mobile Malware: New Threat Requires New Response
Smart phones and mobile computers must deal with a new breed of security threat. Software countermeasures are available, but user awareness and user education are key elements of any protection scheme.
-
The Rugged Software Manifesto
Security, is often either an oversight or an afterthought for most software projects. Most development teams would rather focus on getting more functionality on the table than spend time to evade a possible security breach. In order to help developers realize the importance of rugged software Joshua Corman, David Rice and Jeff Williams founded the Rugged Software Manifesto.
-
Learning About Security Vulnerabilities by Hacking Google’s Jarlsberg
For those who have wondered what it is like to hack into another system, Google has created a special lab named Jarlsberg containing a web application full of security holes ready to be exploited by developers who want to learn hands-on what are some of the possible vulnerabilities, how malicious users use them and what can be done to prevent such exploits.
-
CWE/SANS Top 25 Programming Errors
Common Weakness Enumeration (CWE), a strategic initiative sponsored by the U.S. Department of Homeland Security, has published the document 2010 CWE/SANS Top 25 Most Dangerous Programming Errors, a list of 25 code errors that lead, in authors’ opinion, to the worst software vulnerabilities.
-
Dealing with REST Services Security
With REST gaining popularity for SOA implementations, the issue of REST services security becomes more and more important each day. In their article, Why REST security doesn't exist, Chris Comerford and Pete Soderling discuss approaches to securing REST services.
-
U-Prove Offers Security while Protecting Privacy
Microsoft has open sourced U-Prove CTP, a cryptographic solution technology used for performing authentication without disclosing personal information about the user. The CTP contains U-Prove Cryptographic Specification V1.0, a C# and a Java reference implementation of the specification, extensions for WIF, AD FS 2 and CardSpace 2, plus a number of whitepapers explaining the technology.
-
Top 10 Web Software Application Security Risks
OWASP, an open and free organization focused on evaluating and improving software application security, has released the OWASP Top 10 Application Security Risks – 2010 RC1, a whitepaper documenting the top 10 web application security risks along with details on how threat agents can exploit these possible vulnerabilities, accompanied with examples and advice on what can be done to avoid them.
-
First Rails 3 Beta Released
The first beta of Rails 3 is available. Rails 3 is a major rewrite of the codebase bringing with it stable APIs and design decisions inspired by Merb, cleaner internals, performance improvements and much more. InfoQ takes a look at the changes in Rails 3, and on which Ruby implementations it runs.
-
Google Will Stop Supporting Older Browsers
Google has announced they will stop supporting older and less secure browsers like IE6, Firefox 2.x, Chrome 3 or Safari 2 starting with Google Docs and Google Sites editor from March 1st, 2010.
-
Silverlight 4’s COM+ Automation Raises Security and Portability Concerns
Silverlight 4 supports COM+ Automation when running as an Out-Of-Browser (OOB) application with elevated privileges. Microsoft indicated that this support is a result of enterprise customers requesting such a feature, offering as an example Office automation from Silverlight.
-
Adobe Apologizes for Long Lasting Flash Crash Bug
Emmy Huang Product Manager for Adobe Flash Player has apologized publicly about a Flash bug that resulted in browser crash, that although has been reported 17 months ago, no patch has been released for the production version of Flash player yet.
-
5 Security Enhancements in Chrome
Google has added five security enhancements to Chrome in order to make browsing more secure: cross-documents message posting, Strict Transport Security, Origin and X-Frame-Options header fields, and Reflective XSS Filter. Some of these features have already been or are to be implemented by other browsers.
-
The HTML 5 sandbox Attribute Improves iFrame Security
The Web Hypertext Application Technology Working Group (WHATWG) is working jointly with W3C on developing the HTML 5 standard, which has been at "Last Call" at WHATWG for the last 3 months. During this time one feature which has changed more significantly is the sandbox attribute of the iframe element. sandbox can be used to isolate untrusted web page content from performing certain operations.
-
Code Access Security Is No Longer Used in .NET 4 Beta 2
Starting with .NET Framework 1.0 Microsoft introduced Code Access Security (CAS), an instrument for assigning and controlling managed code's capabilities. .NET Framework 4.0 Beta 2 deprecates CAS, turning it off by default, and introduces Security Transparency Level 2.
-
Windows Domain to Amazon EC2 Single Sign-On Access Solutions
David Chappell, the Principal of Chappell & Associates, US, has written a whitepaper proposing several solutions for Single Sign-on (SSO) access to applications deployed on Amazon EC2 from a Windows domain. InfoQ explored these solutions to understand what the benefits and tradeoffs each one presented.