BT

Microservices and Security

by Jan Stenberg on  Nov 15, 2016

When it comes to application security, we often include it as an afterthought. We have learnt how to add test into the development workflows, but with security we often assume someone else will come and fix it later on, Sam Newman claimed in his keynote at this year’s Microservices Conference in London.

Major Windows Vulnerability Disclosed by Google before Patch Available

by Sergio De Simone on  Nov 02, 2016

A major, currently exploited vulnerability in the Microsoft Windows kernel has recently been disclosed by Google’s Threat Analysis Group, before Microsoft made public a patch or any mitigation advice. Microsoft has stated a fully tested patch will be available in a week.

All Android Versions May Be Affected by Dirty COW Linux Vulnerability

by Sergio De Simone on  Oct 26, 2016

Recently disclosed Dirty COW Linux privilege escalation vulnerability is likely to affect all Android versions, say security researchers.

Angular 1.X Usage Banned in Firefox Extensions

by David Iffland on  Oct 24, 2016

A developer found out the hard way that they had built their Firefox browser extension on banned technology. Angular 1.X has been banned for use in Firefox extensions as long as a security vulnerability exists in the way Angular interacts with the extension and the displayed web page.

Box Introduces Four New Security and Governance APIs

by Margot Krouwer on  Oct 02, 2016

The content management company Box recently announced the arrival of four security and governance APIs. These APIs are aimed at helping companies handle legal, security, and compliance needs better.

Ethereum Security Alert Issued, Ethereum Foundation Responds with “From Shanghai, With Love”

by Kent Weare on  Sep 19, 2016

On September 18th, hours before the Ethereum Foundation devcon 2 conference was about to start, a DOS security alert was posted on the Ethereum blog. The alert was related to a vulnerability discovered on the Ethereum blockchain, in block 2283416, and was considered to have a high likelihood and severity.

Stormpath's Java SDK 1.0 Released

by Matt Raible on  Aug 31, 2016

This week Stormpath released version 1.0 of their user management and authentication Java SDK. Stormpath generally provides APIs for implementing authentication, authorization and user management in web and mobile applications, including open source implementations, targeting a range of languages and frameworks.

Mozilla's Observatory Website Security Analysis Tool Available

by David Iffland on  Aug 31, 2016

Mozilla has launched their website security analysis tool. Dubbed Observatory, the tool helps to spread information on best security practices to developers and sys admins in need of guidance.

Docker and High Security Microservices: A Summary of Aaron Grattafiori's DockerCon 2016 Talk

by Daniel Bryant on  Aug 14, 2016

At DockerCon 2016, held in Seattle, USA, Aaron Grattafiori presented “The Golden Ticket: Docker and High Security Microservices”. Core recommendations for running secure container-based microservices included enabling User Namespaces, configuring application-specific AppArmor or SELinux and seccomp whitelist, hardening the host system, restricting host access and considering network security.

.NET Framework 4.6.2 Delivers WPF and Security Improvements

by Jeff Martin on  Aug 05, 2016

The latest release of the .NET Framework provides several new features centered around WPF and security- including some long-awaited improvements to ClickOnce deployed applications. Microsoft released a preview of .NET Framework 4.6.2 back in late March and now developers can take advantage of the release’s new features in their own projects.

Modern iOS Application Security

by Sergio De Simone on  Aug 03, 2016

At QCon New York 2016, Trail of Bits CEO and security expert Dan Guido explained how to keep iOS apps secure. This includes correctly using all iOS security provisions, without forgetting that your app might be running on a jailbroken phone.

DevOps Survival in the Highly Regulated Financial Industry

by Manuel Pais on  Jul 31, 2016

Robert Scherrer, head of application engineering at SIX, on how the company leveraged DevOps principles and benefits in the highly regulated Swiss financial industry. Engaging with compliance auditors to collaboratively agree on solutions early before it's too costly to change and avoiding legacy internal directives (not actually required by external regulations) are the main takeaways.

Microsoft Launches Azure Information Protection for Documents

by Irwin Williams on  Jul 11, 2016

Microsoft launched Azure Information Protection (AIP) in early June 2016. The service aims to enable easy classification of documents both for security and taxonomy.

Applying Supply Chain Management to Deliver Faster with Higher Quality

by Ben Linders on  Jun 30, 2016 1

Supply chain management can raise the bar with continuous development, argues Joshua Corman, Director of the Cyber Statecraft Initiative and co-founder of Rugged Software. Our dependence on IT and software is growing faster than our ability to secure it, and applying supply chain approaches to software development helps to address complexity which reduces risks and increases quality.

GitLab 8.9 Adds File Locking, Hardware U2F Support

by David Iffland on  Jun 24, 2016

The release of GitLab 8.9 brings a file locking, a refreshed UI, and hardware-based two-factor authentication. Teaming up with Yubico, developers can now use a hardware YubiKey to automatically authenticate a GitLab session without having to type in a 6-digit TOTP code. In addition, file locking will keep binary assets from getting destroyed during a merge.

General Feedback
Bugs
Advertising
Editorial
Marketing
InfoQ.com and all content copyright © 2006-2016 C4Media Inc. InfoQ.com hosted at Contegix, the best ISP we've ever worked with.
Privacy policy
BT

We notice you're using an ad blocker

We understand why you use ad blockers. However to keep InfoQ free we need your support. InfoQ will not provide your data to third parties without individual opt-in consent. We only work with advertisers relevant to our readers. Please consider whitelisting us.