InfoQ Homepage Security Content on InfoQ
-
Introduction to Compliance Driven Development (CDD) and Security Centric System Design
Dmitry Didovicher introduces CDD and discusses how they used Pivotal and Compliance Automation technologies to receive a certification to run PostgreSQL-As-A-Service.
/presentations/compliance-driven-development/en/mediumimage/Dmibig-1523848191467.JPG)
-
How Performance Optimizations Shatter Security Boundaries
Moritz Lipp explains how the Meltdown and Spectre vulnerabilities exploit hardware optimizations to read otherwise inaccessible data processed on the computer.
/presentations/spectre-meltdown-security/en/mediumimage/Morbig-1523844336106.JPG)
-
Abstractions to Help Developers Write Good Crypto
Isaac Potoczny-Jones discusses the impact of programming abstractions on the correctness of cryptographic code, and shows why some cryptographic libraries succeed while others fail.
/presentations/abstractions-cryptography/en/mediumimage/Isabig-1523063877669.JPG)
-
Guardians of the Galaxy: Architecting a Culture of Secure Software
Laura Bell talks about the challenges in the emerging space of security and how to work together to fix them.
/presentations/security-architecture-culture/en/mediumimage/Labig-1522591216379.JPG)
-
Enable Authentication and Authorization with Azure Active Directory and Spring Security
Yawei Wang shows through a live coding session how to use Spring Security to enable Azure Active Directory authentication and authorization.
/presentations/authentication-azure-directory-spring-security/en/mediumimage/Yabig-1521853662146.JPG)
-
Spring Security 5: The Reactive Parts
Rob Winch demonstrates using the reactive support in Spring Security 5, starting with a simple application and incrementally securing it, showing how to architect security in a reactive application.
/presentations/spring-security-3-reactive/en/mediumimage/Robig-1521423263937.JPG)
-
Securing Serverless by Breaking in
Guy Podjarny breaks into a vulnerable serverless application and exploits multiple weaknesses, helping better understand some of the mistakes people make, their implications, and how to avoid them.
/presentations/serverless-security-2017/en/mediumimage/Gubig-1520498809285.jpg)
-
Next Generation OAuth Support with Spring Security 5.0
Joe Grandja overviews OAuth 2.0 Login and walks through the necessary steps in setting up OAuth 2.0 Login using Google as the authentication provider.
/presentations/oauth-2-spring-security-google/en/mediumimage/Jobig-1517708690974.JPG)
-
You Build It, You Secure It
John Willis talks about how developers and operators can include security in all parts of the delivery pipeline, and implement security gates in the same way as they implement code test gates.
/presentations/code-security/en/mediumimage/Jobig-1516931389084.JPG)
-
CredHub and Secure Credential Management
Peter Blum and Scott Frederick discuss using Pivotal’s CredHum to enhance security within Cloud Foundry and applications through secret management.
/presentations/credhub/en/mediumimage/Petbig-1516580253607.JPG)
-
Towards Memory Safety in Intel SGX Enclave
Yu Ding discusses Rust SGX SDK which combines Intel SGX together with Rust. Developers could write memory-safe SGX enclave easily, eliminating the possibility of being pwned intrinsically.
/presentations/intel-sgx-enclave/en/mediumimage/Yubig-1514950355202.JPG)
-
Control Flow Integrity Using Hardware Counters
J. Butler and C. Pierce present a system for early detection and prevention of unknown exploits. Their system uses Performance Monitoring Unit hardware to enforce coarse-grained Control Flow Integrity
/presentations/control-flow-integrity-counters/en/mediumimage/Doibig-1513384172140.JPG)