InfoQ Homepage Security Content on InfoQ
-
Securing Serverless by Breaking in
Guy Podjarny breaks into a vulnerable serverless application and exploits multiple weaknesses, helping better understand some of the mistakes people make, their implications, and how to avoid them.
/presentations/serverless-security-2017/en/mediumimage/Gubig-1520498809285.jpg)
-
Next Generation OAuth Support with Spring Security 5.0
Joe Grandja overviews OAuth 2.0 Login and walks through the necessary steps in setting up OAuth 2.0 Login using Google as the authentication provider.
/presentations/oauth-2-spring-security-google/en/mediumimage/Jobig-1517708690974.JPG)
-
You Build It, You Secure It
John Willis talks about how developers and operators can include security in all parts of the delivery pipeline, and implement security gates in the same way as they implement code test gates.
/presentations/code-security/en/mediumimage/Jobig-1516931389084.JPG)
-
CredHub and Secure Credential Management
Peter Blum and Scott Frederick discuss using Pivotal’s CredHum to enhance security within Cloud Foundry and applications through secret management.
/presentations/credhub/en/mediumimage/Petbig-1516580253607.JPG)
-
Towards Memory Safety in Intel SGX Enclave
Yu Ding discusses Rust SGX SDK which combines Intel SGX together with Rust. Developers could write memory-safe SGX enclave easily, eliminating the possibility of being pwned intrinsically.
/presentations/intel-sgx-enclave/en/mediumimage/Yubig-1514950355202.JPG)
-
Control Flow Integrity Using Hardware Counters
J. Butler and C. Pierce present a system for early detection and prevention of unknown exploits. Their system uses Performance Monitoring Unit hardware to enforce coarse-grained Control Flow Integrity
/presentations/control-flow-integrity-counters/en/mediumimage/Doibig-1513384172140.JPG)
-
Architecting a Modern Financial Institution
Edward Wible and Rafael Ferreira discuss the key elements that make Nubank tick for millions of customers every day, and some key security decisions they made along the way.
/presentations/nubank-architecture/en/mediumimage/ArchitectingAModernFinancialInstitution-1517498409618.jpg)
-
From Threat Hunting to Crowd Defense
Richard Zhao talks about TI and AI in real practices, and crowd defense - a way to integrate defense measures against both targeted and untargeted attacks.
/presentations/ti-ai-crowd-defense/en/mediumimage/Ricbig-1513131782597.JPG)
-
Confusion in the Land of the Serverless
Sam Newman introduces serverless computing, discussing how security, resilience, patterns (circuit breaker), vendor lock-in, and microservices are addressed with this technology.
/presentations/serverless-issues/en/mediumimage/Sambig-1510513624219.JPG)
-
Cybercrime and the Developer: How to Start Defending against the Darker Side
Steve Poole discusses actions one can take (and some behaviors one must change) to create a more secure Java application for the cloud.
/presentations/java-security/en/mediumimage/Stebig-1510368672412.JPG)
-
Fighting Online Fraud and Abuse with Large-Scale Machine Learning at Sift Science
Jacob Burnim discusses Sift’s approach to building a ML system to detect fraud and abuse, including training models, handling imbalanced classes, sharing learning, measuring performance, etc..
/presentations/machine-learning-fraud-abuse/en/mediumimage/Jacbig-1509988681410.JPG)
-
Beyond OAuth2: End to End Microservice Security
Will Tran discusses enforcing microservices’ security policies with OAuth2.
/presentations/oauth2-microservices-security/en/mediumimage/Wilbig-1509331357437.JPG)