InfoQ Homepage Security Content on InfoQ
-
Cloud Security or: How I Learned to Stop Worrying and Love the Cloud
Cloud security, according to IDC (2010), is the main worry for companies. Alon Hazy and Jakob Illeborg Pagter look at the threat landscape, and examine secure cloud solutions today and in the future.
/presentations/cloud-security-Alon-Hazay/en/smallimage/Jakob.JPG)
-
Getting Started With Spring Security 3.1
Rob Winch demoes some of the new features in Spring Security 3.1: multiple http elements, stateless authentication mode for RESTful services, Debug Filter, CAS support for proxy tickets, JAAS, etc.
/presentations/Spring-Security-3-1/en/smallimage/Rob.JPG)
-
SpringOne 2GX Keynote: Next Generation Applications
Ben Alex along with a SpringSource team present the future of mobile applications, authorization, data, and application architecture as seen by VMware.
/presentations/SpringOne-2GX-Keynote-Next-Generation-Applications/en/smallimage/ben.png)
-
Secure Distributed Programming on ECMAScript 5 + HTML5 Platforms
Mark S. Miller explains how to create secure applications in ECMAScript 5 and HTML5 by turning JavaScript into a distributed secure programming language.
/presentations/Secure-Distributed-Programming/en/smallimage/Mark.JPG)
-
Mobile App Privacy — You’re Doing It Wrong (and So Am I)
Graham Lee advices on how to create an user experience that properly deals with privacy and, in some respect, security issues in mobile applications.
/presentations/Mobile-App-Privacy/en/smallimage/graham.png)
-
Security vs. Security Architecture
Marc Stiegler presents popular but faulty security architectures used - Independence Day Evil Alien Architecture, the Gilded Cage, and Gone Phishin' – along with effective architectures emerging today
/presentations/Security-vs-Security-Architecture/en/smallimage/Marc.JPG)
-
Securing the Social Web by Moving Beyond Client-Server Security
Tyler Close considers that the old client-server security model is no longer viable and a new security web model is needed, presenting tools and techniques to secure the social web apps of today.
/presentations/Securing-the-Social-Web/en/smallimage/Tyler.JPG)
-
From E to EcmaScript and Back Again
Mark Miller on how E and Caja influenced the EcmaScript 5 standard so it can be a secure language, enabling the creation of safe mashups, and how Dr. SES enables secure distributed computing.
/presentations/From-E-to-EcmaScript/en/smallimage/Mark.JPG)
-
SOA Security in Practice
Nicolai M. Josuttis discusses various issues encountered when implementing SOA security: heterogeneity and debugging are problematic, ESB plays an important role, and costs involved.
/presentations/SOA-Security-in-Practice/en/smallimage/Nicolai.JPG)
-
The Problem(s) with the Browser
Collin Jackson discusses ways to enforce browser session security against threats such as Cross-Site Request Forgery and various network attacks by using Local Storage and Strict Transport Security.
/presentations/Problems-with-the-Browser/en/smallimage/CollinJackson.JPG)
-
SOA Threat Modeling: Attacking and Defending REST, XML and SOAP-based Services
Jason Macy details the basic requirements for security testing and SOA gateway, attack examples and countermeasures to protect against SQL Injection, DoS, XSD Mutation, and Identity type of attacks.
/presentations/Attacking-Defending-Web-Services/en/smallimage/SOASymposium-Jason Macy.JPG)
-
Enterprise SOA Security
Dirk Krafzig presents general aspects of implementing SOA security using a token and role-based approach rather than session and application-based access to resources, including organizational issues.
/presentations/Enterprise-SOA-Security/en/smallimage/Dirk Krafzig.JPG)