BT

Facilitating the Spread of Knowledge and Innovation in Professional Software Development

Write for InfoQ
Register Sign in

Unlock the full InfoQ experience

Unlock the full InfoQ experience by logging in! Stay updated with your favorite authors and topics, engage with content, and download exclusive resources.

Log In
or

Don't have an InfoQ account?

Register
News Articles Presentations Podcasts Guides

Topics

Choose your language

QCon AI New York - image
QCon AI New York 2025

Go from AI demos to real engineering impact. Learn to embed LLMs, govern & scale securely.

SOLD OUT!

 InfoQ Architect Certification - image
InfoQ Architect Certification

Join Luca Mezzalira for this 5-week online cohort. Master socio-technical architecture leadership.

Save your spot.

 QCon London - image
QCon London 2026

Learn what works in AI, architecture, data, security & FinTech.

Early Bird ends Jan 13.

 QCon AI Boston - image
QCon AI Boston

Learn how leading engineering teams run AI in production—reliably, securely, and at scale.

Early Bird ends Jan 13.

InfoQ Homepage Security Content on InfoQ

News

RSS Feed
Newer Older

  • Critical REXML DoS Found - Monkey Patch Available as Fix

    REXML was found to be vulnerable to XML entity explosion attacks. As frameworks like Rails parse incoming XML with REXML, these apps are in danger on all current 1.8.6, 1.8.7 and Ruby 1.9 versions, and other Ruby versions using standard REXML. The fix at the moment is a monkey patch for the REXML library.

    Werner Schuster
    on Aug 25, 2008

  • .NET 3.5 SP1 Runs Managed Applications From Network Shares

    Microsoft has released .NET Framework 3.5 SP1 which includes a security change from previous versions allowing to run managed applications from network shares.

    Abel Avram
    on Aug 19, 2008

  • Security Vulnerabilities in Safe Level, WEBrick, Dl, DNS lookup

    A few security vulnerabilities were discovered in Ruby 1.8.5 to 1.8.7 and 1.9.x. The vulnerabilities are found with safe levels, WEBrick has a DoS vulnerability in a particular regular expression, shared library API dl doesn't check taintedness and resolv.rb has a problem with DNS spoofing.

    Werner Schuster
    on Aug 10, 2008

  • Improving Web Service Security: Guidance for WCF

    Microsoft patterns and practices group has released a WCF Security Guide. The 689 pages compendium offers a general introduction to Web Service security fundamentals as well as in-depth knowledge about several security threads and appropriate counter-measures.

    Hartmut Wilms
    on Aug 08, 2008

  • Presentation: Secure Programming with Static Analysis

    Creating secure code requires more than just good intentions. Programmers need to know how to make their code safe in an almost infinite number of scenarios and configurations. Static source code analysis can uncover the kinds of errors that lead directly to vulnerabilities and in this talk, Brian Chess frames the software security problem and shows how static analysis is part of the solution.

    Niclas Nilsson
    on Aug 06, 2008

  • Presentation: Operational Scalability in the Next Generation Web World

    In this presentation filmed during JAOO 2007, Wayne Fenton, Director of Architecture at eBay Inc., talks about the ways in which software architects can design systems for much-improved efficiency and reliability from an operational perspective.

    Abel Avram
    on Jul 24, 2008

  • Microsoft announces release of “Zermatt” Identity Framework

    Microsoft released a beta of “Zermatt”, an identity framework for developers using the .Net framework. The framework helps developers build claims-aware applications to address application security requirements using a simplified application access model.

    Dilip Krishnan
    on Jul 23, 2008

  • Security Advisory Issued for Spring MVC

    A security advisory was issued today regarding two potential Spring MVC issues which may affect applications that have been implemented using Spring MVC, both of which deal with the server-side processing of client-side parameters. InfoQ analyzed this issue in detail and spoke with Ounce Labs, which identified these issues.

    Ryan Slobojan
    on Jul 16, 2008

  • Google Releases Open Source Web Application Security Assessment Tool

    Google has announced the open source release of "ratproxy" - a passive web application security assessment tool.

    Gavin Terrill
    on Jul 02, 2008

  • Presentation: Security (CAS and OpenID) with Ruby

    In this presentation from QCon SF 2007, Justin Gehtland explains two open solutions to distributed identity and their Rails integration components: the OpenID system (using ruby-openid) and CAS (using rubycas-client).

    Werner Schuster
    on Jul 01, 2008

  • Excelsior JET 6.4: Smaller, Faster, More Secure Java

    Since the beginning of time Java applications have been battered with complaints about startup time, memory footprint, performance and security. Recently Sun started to address some of the issues by introducing the Consumer JRE. However, Excelsior JET is a product which provides their own spin on solving these problems.

    Craig Wickesser
    on Jun 24, 2008

  • Ruby interpreter vulnerabilities

    A few vulnerabilities were found Ruby 1.8.x and 1.9.x and could potentially allow for DoS attacks or allow attackers to execute arbitrary code. Patched versions of Ruby are already available.

    Werner Schuster
    on Jun 22, 2008

  • OAuth Gaining Momentum

    OAuth, an open standard for access delegation, is gaining momentum with a number of implementations including one for Spring Security.

    Charles Humble
    on Jun 10, 2008

  • SpringSource's Ben Alex Details Emerging Standards in Application Security

    At JavaOne 2008 conference, Ben Alex from SpringSource talked about emerging security requirements in enterprise applications. He discussed the standards like Servlet Security, JAAS, CAPTCHA, Single Sign-On and Federated Identity using OpenID technology. The presentation also included the standards on securing web services (WS-Security), JMS messaging and ESB.

    Srini Penchikala
    on Jun 05, 2008

  • Architecture of a $7 Billion Loss: Causes and Remedies

    PWC just released a report detailing the mechanisms that enabled a trader to mask a $75 B position. He was able to manipulate the state of a system by entering fake "technical" transactions used for simulations even though their amount was unusual, his role was not authorized to do so, and they were not later compensated. PWC also provided their recommendations to fix the systems and processes.

    Jean-Jacques Dubray
    on May 26, 2008
Newer News
Older News
BT