InfoQ Homepage Security Content on InfoQ
-
Authorization at Netflix Scale
Travis Nelson discusses Netflix’s approach to scaling and shares techniques for distributed caching and isolating failure domains.
-
Making Sense of Application Security
Adib Saikali provides a roadmap for application developers and architects to master application security, identifying the security skills needed as an application developer.
-
Cloud-Native Application Security: Your Attack Surface Just Got Bigger
Brian Vermeer shows common threats, vulnerabilities, and misconfiguration including the recently disclosed issues in Log4j, including actionable remediation and best practices.
-
Panel: Secure Systems
The panelists discuss the security for the software supply chain and software security risk measurement.
-
One Ring -3 to Secure Them All: Computing with Hardware Enclaves
Aaron Bedra explores the most widely available options and their usage in IoT and cloud, discussing design trade-offs, security, and performance.
-
Application-Layer Encryption Basics for Developers
Isaac Potoczny-Jones covers the basics of encryption, what are application-layer and infrastructure-layer encryption, when to use asymmetric and symmetric keys, and how to do key management.
-
Cloud DevSecOps in Practice: People, Processes and Tools
The panelists discuss how to get the right security, DevOps, and cloud engineering stakeholders together to build a realistic DevSecOps strategy.
-
Pivoting and Exploitation in a Docker Environment
Filipi Pires discusses different ways that exist in working with a single form of pivot and how to overcome different obstacles in different networks within this “new” environment called Docker.
-
Depending on Whether I Had Coffee or Not, Your Application May Be High Risk
Shannon Morrison and Scott Behrens discuss how to perform application risk analysis at scale.
-
Container Security and Observability in Kubernetes Environments
The panelists discuss how to take care of the security and monitoring of Kubernetes.
-
Securing the Development & Supply Chain of Open Source Software (OSS)
David Wheeler discusses how OSS is developed & distributed as a supply chain (SC) model, how OSS developers can develop & distribute secure OSS today, and how potential users can select secure OSS.
-
Resilience in Supply Chain Security
Dan Lorenc goes over real-world threats facing open source supply-chains today, and what can be done to architect resilient build and delivery pipelines.