InfoQ Homepage Security Content on InfoQ
-
Abstractions to Help Developers Write Good Crypto
Isaac Potoczny-Jones discusses the impact of programming abstractions on the correctness of cryptographic code, and shows why some cryptographic libraries succeed while others fail.
/presentations/abstractions-cryptography/en/mediumimage/Isabig-1523063877669.JPG)
-
Guardians of the Galaxy: Architecting a Culture of Secure Software
Laura Bell talks about the challenges in the emerging space of security and how to work together to fix them.
/presentations/security-architecture-culture/en/mediumimage/Labig-1522591216379.JPG)
-
Enable Authentication and Authorization with Azure Active Directory and Spring Security
Yawei Wang shows through a live coding session how to use Spring Security to enable Azure Active Directory authentication and authorization.
/presentations/authentication-azure-directory-spring-security/en/mediumimage/Yabig-1521853662146.JPG)
-
Spring Security 5: The Reactive Parts
Rob Winch demonstrates using the reactive support in Spring Security 5, starting with a simple application and incrementally securing it, showing how to architect security in a reactive application.
/presentations/spring-security-3-reactive/en/mediumimage/Robig-1521423263937.JPG)
-
Securing Serverless by Breaking in
Guy Podjarny breaks into a vulnerable serverless application and exploits multiple weaknesses, helping better understand some of the mistakes people make, their implications, and how to avoid them.
/presentations/serverless-security-2017/en/mediumimage/Gubig-1520498809285.jpg)
-
Next Generation OAuth Support with Spring Security 5.0
Joe Grandja overviews OAuth 2.0 Login and walks through the necessary steps in setting up OAuth 2.0 Login using Google as the authentication provider.
/presentations/oauth-2-spring-security-google/en/mediumimage/Jobig-1517708690974.JPG)
-
You Build It, You Secure It
John Willis talks about how developers and operators can include security in all parts of the delivery pipeline, and implement security gates in the same way as they implement code test gates.
/presentations/code-security/en/mediumimage/Jobig-1516931389084.JPG)
-
CredHub and Secure Credential Management
Peter Blum and Scott Frederick discuss using Pivotal’s CredHum to enhance security within Cloud Foundry and applications through secret management.
/presentations/credhub/en/mediumimage/Petbig-1516580253607.JPG)
-
Towards Memory Safety in Intel SGX Enclave
Yu Ding discusses Rust SGX SDK which combines Intel SGX together with Rust. Developers could write memory-safe SGX enclave easily, eliminating the possibility of being pwned intrinsically.
/presentations/intel-sgx-enclave/en/mediumimage/Yubig-1514950355202.JPG)
-
Control Flow Integrity Using Hardware Counters
J. Butler and C. Pierce present a system for early detection and prevention of unknown exploits. Their system uses Performance Monitoring Unit hardware to enforce coarse-grained Control Flow Integrity
/presentations/control-flow-integrity-counters/en/mediumimage/Doibig-1513384172140.JPG)
-
Architecting a Modern Financial Institution
Edward Wible and Rafael Ferreira discuss the key elements that make Nubank tick for millions of customers every day, and some key security decisions they made along the way.
/presentations/nubank-architecture/en/mediumimage/ArchitectingAModernFinancialInstitution-1517498409618.jpg)
-
From Threat Hunting to Crowd Defense
Richard Zhao talks about TI and AI in real practices, and crowd defense - a way to integrate defense measures against both targeted and untargeted attacks.
/presentations/ti-ai-crowd-defense/en/mediumimage/Ricbig-1513131782597.JPG)