InfoQ Homepage Security Content on InfoQ
-
Security for Managers
Mario Areias presents a different way of engaging security, and, in doing so, he’ll make the case that security can deliver value without necessarily being a blocker.
/presentations/security-agile/en/mediumimage/Mario-Areias-m-1572005945764.jpg)
-
How Much Does It Cost to Attack You?
Jarrod Overson describes the cost vs value justification of an attack, how it shifts over time, and why it means that silver bullets just don’t exist.
/presentations/cost-attacks/en/mediumimage/Jarrod-Overson-m-1571763773332.jpg)
-
Beyond Entitlements for Cloud-native
Chandra Guntur and Hong Liu show how they use Open Policy Agent with Spring Boot and HOCON to produce a responsibility management solution that scales to volume and performance needs.
/presentations/opa-spring-boot-hocon/en/mediumimage/opa-spring-boot-hocon-m-1570032482345.jpg)
-
Software Supply Chain Management with Grafeas and Kritis
Aysylu Greenberg discusses the goals for Grafeas and Kritis used to secure a company's software supply chain, and concludes with the details of current and future development.
/presentations/supply-grafeas-kritis/en/mediumimage/Aysbig-1569539986802.jpg)
-
Modern WAF Bypass Scripting Techniques for Autonomous Attacks
Johnny Xmas talks about some of the techniques people are using in automated attacks and what are some of the ways people use to circumvent website protection.
/presentations/waf-scripting-techniques-autonomous-attacks/en/mediumimage/Johnny-Xmas-m-1569243508174.jpg)
-
Making 'npm install' Safe
Kate Sills talks about some of the security issues using NPM packages, and Realms and SES (Secure ECMAScript) as possible solutions to NPM package security vulnerabilities.
/presentations/npm-security-realms-ses/en/mediumimage/Kate-Sills-m-1564414609430.jpg)
-
A Continuation of Devops: Policy as Code
Gareth Rushgrove looks at examples of tools that move security controls into code and explores how policy as code can work at the team level.
/presentations/policy-as-code/en/mediumimage/Garbig-1563151806713.JPG)
-
Securing Services Using SSO
Shraya Ramani talks about BuzzFeed’s transition to microservices and their open-source, homegrown, centralized solution - SSO.
/presentations/security-services-sso/en/mediumimage/Shraya-Ramani-m-1559210996745.jpg)
-
Speed the Right Way: Design and Security in Agile
Kevin Gilpin discusses the renewed focus of the software design process and code complexity in software security, describing how design review can be modernized to help improve application security.
/presentations/security-design-review/en/mediumimage/Kevin-Gilpin-m-1559148384335.jpeg)
-
What Lies between: the Challenges of Operationalizing Microservices
Colin Breck presents practical approaches to take microservices into production or increase the value provided by existing systems and also explores how to integrate microservices at scale.
/presentations/challenges-operationalizing-microservices/en/mediumimage/Colbig-1560702713861.JPG)
-
A Journey into Intel’s SGX
Jessie Frazelle discusses Intel's SGX technology. Frazelle also covers an overview of computer architecture, detailing one hardware version, its flaws and changes to come in a future version.
/presentations/intel-sgx/en/mediumimage/Jessie-Frazelle-m-1558595441584.jpeg)
-
Panel: Secure Isolation of Applications
Applications have been isolated by lots of different means and new methods are appearing. What is secure? Have Spectre and Meltdown changed the landscape? What should be used?
/presentations/secure-isolation-applications/en/mediumimage/secure-isolation-applications-m-1558601541901.jpeg)