InfoQ Homepage Security Content on InfoQ
-
Article: Service Firewall Pattern
InfoQ publishes a sample pattern from Arnon Rotem-Gal-Oz' in-progress book SOA Patterns. Arnon explains how to use a Service Firewall to intercept messages to provide better security.
-
Not-Yet-Commons-SSL Provides Powerful (and Free) SSL Capabilities
Not-Yet-Commons-SSL is an Apache licensed Java library designed to simplify the use of SSL by providing an easy-to-use API along with robust support for a variety of certificate formats and configuration options.
-
HDIV Struts Security Extension Addresses OWASP's Top Security Vulnerabilities
The HDIV project recently released version 1.1 of their Apache-licensed Struts' Security extension. Among HDIV's features is that it guarantees integrity (no data modification) of non editable page data when transmitted from the browser to the server.
-
Deny Execute on Assembly Doesn't
According to Microsoft's SQL Programmability & API Development Team Blog, the Execute permission for CLR assemblies actually has no effect. To reduce confusion over this, the ability to grant execute permissions to assemblies has be removed from SQL Server 2005 SP 2.
-
WCF Security Analysis Available from the German Federal Office for Information Security
The German Federal Office for Information Security (BSI) has released their security analysis for Windows Communication Foundation along with a reference implementation.
-
How .NET Handles Standards Compliance that Result in Breaking Changes
Two security classes in .NET, HMACSHA512 and HMACSHA384, have a bug. It isn't an earth-shattering bug, but it does produce results that are inconsistent with the standard. The .NET Security team shows how this will be handed so that current applications won't break when the code gets fixed.
-
SOA: Beyond the Hype and SDL
InfoQ sits down with Mohammad Akif, a Microsoft Architect Evangelist, to discuss the myths of SOA, common pitfalls in designing for SOA, J2EE and .NET interoperability and injecting the Security Development Lifecycle into enterprise development lifecycles.
-
Presentation: Security Assertion Markup Language
SAML has emerged as the gold standard for building Cross-Domain SSO solutions and is a key technology in the domain of federated identity management. This presentation from Javapolis presents the basic concepts of SAML including assertions, attributes, artifacts, bindings and profiles, the problems SAML solves, how it works in real life.
-
RubySSPI is Big News for Ruby Developers on Windows
Are you behind an ISA proxy that authenticates all traffic? This library enables your ruby scripts to authenticate with the proxy as the current user seamlessly. After a few simple steps, you should be able to successfully install things like Ruby on Rails by simply typying gem install rails, exactly how non-Windows users get to do.
-
Using Native Platform Security in Java 6
Java 6 will enhance the ability to leverage the native security features of the underlying deployment platform. Included in Java 6 is the ability to access the Microsoft CryptoAPI, PKCS#11 services, use the native GSS-API implementation, and import and export PKCS#12 Keystores.
-
Study Shows That 11% of Sites Are Vulnerable to SQL Injection Attacks
In an informal study, Michael Sutton of SPI Dynamics was able to demonstrate that 80 out of 708 tested web sites were susceptible to SQL injection attacks.
-
IBM Buys Internet Security Systems
Continuing the acquisition rampage, IBM acquires Internet Security Systems for 1.3 Billion in cash. In the past weeks, IBM has acquired Webify, Filenet and MRO systems. What does this acquisiton rampage suggest?
-
Collaboration Tools Free - But Vulnerable
For the classic XP team, developers and their customer all work daily in the same room. But other methodologies are less stringent, and even XP teams sometimes need to find compromises. Enter collaborative technologies - where they are allowed. But take note: Bit9, Inc. has compiled a list of the top applications with known security vulnerabilities, including Skype and 4 messenger programs.
-
Security and Reliability Techniques Revealed for Agile Teams
Agile methods such as Extreme Programming (XP) and Agile Unified Process (AUP) do not explicitly address security and reliability, yet these are issues which are often critical to your success. It is possible to address these issues, and more, on software development teams while still remaining agile.
-
Are XML Gateways Really the Answer?
Andrew S. Townley explains the concepts behind XML gateways and takes a look at how they might be applied to address security issues in a large-scale SOA environment.