InfoQ Homepage Security Content on InfoQ
-
Securing the Social Web by Moving Beyond Client-Server Security
Tyler Close considers that the old client-server security model is no longer viable and a new security web model is needed, presenting tools and techniques to secure the social web apps of today.
/presentations/Securing-the-Social-Web/en/smallimage/Tyler.JPG)
-
From E to EcmaScript and Back Again
Mark Miller on how E and Caja influenced the EcmaScript 5 standard so it can be a secure language, enabling the creation of safe mashups, and how Dr. SES enables secure distributed computing.
/presentations/From-E-to-EcmaScript/en/smallimage/Mark.JPG)
-
SOA Security in Practice
Nicolai M. Josuttis discusses various issues encountered when implementing SOA security: heterogeneity and debugging are problematic, ESB plays an important role, and costs involved.
/presentations/SOA-Security-in-Practice/en/smallimage/Nicolai.JPG)
-
The Problem(s) with the Browser
Collin Jackson discusses ways to enforce browser session security against threats such as Cross-Site Request Forgery and various network attacks by using Local Storage and Strict Transport Security.
/presentations/Problems-with-the-Browser/en/smallimage/CollinJackson.JPG)
-
SOA Threat Modeling: Attacking and Defending REST, XML and SOAP-based Services
Jason Macy details the basic requirements for security testing and SOA gateway, attack examples and countermeasures to protect against SQL Injection, DoS, XSD Mutation, and Identity type of attacks.
/presentations/Attacking-Defending-Web-Services/en/smallimage/SOASymposium-Jason Macy.JPG)
-
Enterprise SOA Security
Dirk Krafzig presents general aspects of implementing SOA security using a token and role-based approach rather than session and application-based access to resources, including organizational issues.
/presentations/Enterprise-SOA-Security/en/smallimage/Dirk Krafzig.JPG)
-
Introduction to Spring Security 3/3.1
Mike Wiesner demoes using Spring Security 3 with its new features, such as expression language-based authorization and extensions, to implement authentication and authorization in Java applications.
/presentations/Spring-Security-3/en/smallimage/Mike Wiesner.JPG)
-
Architecting the Ultimate Control-Point-Advanced Cyber-Threat Mitigation
Blake Dournaee presents Intel’s Service Gateway, a security control point meant to secure on-premise and in the cloud .NET/Java-based web services from various security threats.
/presentations/Securing-Web-Services/en/smallimage/blake.JPG)
-
Does REST Need Middleware?
Bill Burke shows how to use REST to create interfaces to middleware services – messaging, transactions, workflow, security – in order to have RESTful enterprise SOA implementations.
/presentations/Does-REST-Need-Middleware/en/smallimage/burke.JPG)
-
Understanding SOA Security Patterns
Jason Hogg discusses web services security obtained through threat modeling based on security design patterns, and explaining a number of such patterns related to processes, services and SOA security.
/presentations/Understanding-SOA-Security-Patterns/en/smallimage/soa.JPG)
-
Risk, Lean Development & Profit: Getting Back to Basics
Robert N. Charette talks about challenging assumptions which leads to discovery and innovation, the relationship between risk and profit in Lean, and about the need to master risk management.
/presentations/Risk-Lean-Development-Profit/en/smallimage/charette.JPG)
-
SOA Governance: Where the Rubber Meets the Runtime
Harold van Aalst addresses SOA governance at runtime by having a tool capable of discovering when rules or policies are broken in order to be able to act on time to limit the potential damage.
/presentations/SOA-Governance-Development-Deployment-Runtime/en/smallimage/Harold van Aalst.jpg)