InfoQ Homepage Security Content on InfoQ
-
BLESS: Better Security and Ops for SSH Access
Bryan Payne talks about BLESS in general: what it is, how it works, and how we can start using it. He explores the Netflix BLESS production architecture and how other companies have used BLESS.
/presentations/bless-security-ops-ssh/en/mediumimage/Brybig.JPG)
-
Practical mTLS: Security without the Headaches
Ying Li discusses in detail the implementation challenges of Swarm, how her team at Docker greatly reduced the overhead necessary to manage an infrastructure that makes use of TLS certificates.
/presentations/tls-swarm-pki/en/mediumimage/Yinbig.JPG)
-
This Will Cut You: Go's Sharper Edges
Thomas Shadwell talks about how distinct, exploitable misuse patterns arise in software languages, and through examples in Go hopes to show the language's distinct security characteristics.
/presentations/go-security/en/mediumimage/Thobig.JPG)
-
Building Secure Player Experiences at Riot Games
David Rook talks about the Riot Games Application Security program. He focusses on the tech and social aspects of the program and why he feels both are important when it comes to writing secure code.
/presentations/security-riot-games/en/mediumimage/Davbig.JPG)
-
How to Backdoor Invulnerable Code
Josh Schwartz takes a look at the real tactics, with examples, used to compromise and backdoor seemingly secure products by exploiting the humans and systems that create them.
/presentations/backdoor-code/en/mediumimage/Joshbig.JPG)
-
Blockchain: The Oracle Problems
Paul Sztorc talks about why the oracle problem is so hard (the historical evolution of failures, why they fail), and the basics of blockchain ("blockchain as immortal software", ledger "rents").
/presentations/blockchain-oracle-problems/en/mediumimage/Paulbig.JPG)
-
Case Study: Alternate Blockchains
Jeremy Rand talks about Namecoin and Monero, the advantages to alternate blockchains, and risks of using chains that are not as secured or are merge mined.
/presentations/namecoin-monero/en/mediumimage/Jerbig.JPG)
-
Practical Blockchains: Building on Bitcoin
Peter Todd answers the questions: why use Bitcoin over other blockchains, what is safe, future proof ways to peg data to Bitcoin's blockchain and what is Bitcoin script, and how it can be used.
/presentations/blockchain-bitcoin/en/mediumimage/Petbig.JPG)
-
IoT, DDoS, and the DNS: Development Models for a Hostile Internet
Chris Baker overviews the IoT DDoS landscape, providing both a comprehensive mental model for IoT botnets, as well as sharing some insight into recent adaptations to network threat models.
/presentations/iot-ddos/en/mediumimage/Chrisbig.JPG)
-
Practical Cryptography & Blockchain Panel
The panel discusses the most important trends involving the blockchain today and fields questions from the audience. Topics covered: smart contracts, oracles, sidechains, and blockchains.
/presentations/cryptography-blockchain/en/mediumimage/Panelbig.jpg)
-
Building Reliability in an Unreliable World
Greg Murphy describes how GameSparks has designed their platform to be tolerant of many things: unreliable and slow internet connectivity, cloud resources that can fail without warning, and more.
/presentations/gamespark-reliability/en/mediumimage/Gregbig.JPG)
-
Assuring Crypto-code with Automated Reasoning
A.Tomb describes the capabilities of some open source tools that allow us to automatically determine whether a low-level cryptographic implementation matches a higher-level mathematical specification
/presentations/cryptography-reasoning/en/mediumimage/Aabig.JPG)