InfoQ Homepage Security Content on InfoQ
-
Developer Secure Containers for the Cyberspace Battlefield
Chris Saunders, Jason Scanga discuss issues with container security in a multi-tenant setting, the need to encrypt communications with containers, avoiding vulnerabilities introduced by developers.
/presentations/container-security-multi-tenant/en/mediumimage/Chrisbig-1552610680085.JPG)
-
OWASP Top 10 Vulnerabilities & ASP.NET
Bill Dinger goes over the 2017 OWASP Top 10 vulnerabilities and how they apply to ASP.NET, including a demo of each vulnerability, the risk it poses, how to detect the attack, and how to mitigate it.
/presentations/owasp-top-10-vulnerabilities-2017/en/mediumimage/Bilbig-1552273978530.JPG)
-
The Most Secure Program Is One That Doesn’t Exist
Diane Hosfelt gives an overview of how Rust’s design gives security guarantees and discusses goals and visions for the future.
/presentations/rust-security-guarantees/en/mediumimage/Diane-Hosfelt-m-1554371419895.jpg)
-
DevSecOps: Security at the Speed of DevOps
Larry Maccherone introduces the DevSecOps manifesto and provides a process model to accomplish the necessary mindset shift and achieve effective DevSecOps culture transformation.
/presentations/devsecops/en/mediumimage/Larbig-1551051566887.JPG)
-
Using CredHub for Kubernetes Deployments
Peter Blum, Eugene Kiselev discuss using CredHub to store sensitive data in Kubernetes clusters on PCF.
/presentations/credhub-kubernetes-pcf/en/mediumimage/Petbig-1550891601589.JPG)
-
Securing OAuth 2.0 Resources in Spring Security 5
Josh Cummings and Joe Grandja take a look at two insecure applications--one a web application and the other a REST API--and integrate them both with an OAuth 2.0 Authorization Server.
/presentations/oauth-2-spring-security-5/en/mediumimage/Jobig-1550020383807.jpg)
-
Securing Pivotal Cloud Foundry by Regularly Rebuilding
Lance Rochelle discusses how rebuilding regularly affects the partnership between the PCF team and other teams within a highly regulated organization, real cost savings, and reducing risk.
/presentations/pcf-rebuilding/en/mediumimage/Lanbig-1549732919804.JPG)
-
Microservices Security Patterns & Protocols with Spring & PCF
Adib Saikali introduces the patterns and protocols used to secure microservices, covering JWT, JWA, JWS, JWE, JWK, OAuth2, OpenId Connect, and demoing an application build using Spring & PCF.
/presentations/microservices-security-spring-pcf/en/mediumimage/Adib-Saikali-M-1549531960618.jpeg)
-
Intel's Cloud-Native Transformation
Liel Chayoun and Roi Ezra discuss Intel’s transition to cloud-native and microservices.
/presentations/intel-cloud-native-microservices/en/mediumimage/Doibig-1548441855150.JPG)
-
Implementing PII Encryption with PDX Serialization
Gideon Low and Niranjan Sarvi describe an implementation of PII encryption for Geode applications via use of custom PDX Serialization.
/presentations/p2-encryption-pdx-geode/en/mediumimage/Gidbig-1547081995678.JPG)
-
Securing Microservices in Hybrid Cloud
Komes Subramaniam introduces T-Mobile’s Authentication and Authorization Process (TAAP), presenting how it works and what are the benefits.
/presentations/taap/en/mediumimage/Doibig-1546031984272.JPG)
-
Risk Profiling
Jaume Jornet talks about why eDreams ODIGEO does Risk Profiling for product teams, how to introduce Risk Profiling in the organizations, and how it helps to move the company to highest maturity levels
/presentations/risk-profiling/en/mediumimage/Jaume-Jornet-m-1544124420224.jpg)