InfoQ Homepage Application Security Content on InfoQ
-
/articles/application-security-manager-role/en/smallimage/Application-Security-Manager-small-image-1634312284905.jpg)
Application Security Manager: Developer or Security Officer?
The role of the Application Security Manager (ASM) should be the driving force of the overall code review process. An ASM should know about development processes, information security principles, and have solid technical skills. To get a good ASM you can either use experts from a service provider or grow an in-house professional from developers or security specialists.
-
/articles/devsecops-supply-chain/en/smallimage/devsecops-key-to-securing-your-supply-chain-small-image-1626439698918.jpg)
DevSecOps: the Key to Securing Your Supply Chain in a Multi-Cloud Threatscape
Recent supply chain attacks require businesses to re-evaluate their approach to DevOps, specifically as it relates to security. The DevSecOps focus CI/CD platforms, testing and scanning across the SDLC, and a focus on minimizing manual efforts can not only improve security postures but also improve delivery of business value.
-
/articles/security-agile-web-development/en/smallimage/logo-1610616163064.jpg)
How Teams Can Overcome the Security Challenges of Agile Web App Development
Is the rapid pace of continuous rollouts making it too easy for your organization to cut corners when it comes to ensuring product source code is secure? You may need to reorient your team culture to adopt agile-friendly security processes. True collaboration between security and dev teams is the key to avoiding product vulnerabilities without compromising on your sprint cadence.
-
/articles/ale-software-architects/en/smallimage/Y9BOHmSU-s-1608133859357.jpeg)
Application Level Encryption for Software Architects
Challenges of building application-level encryption for software architects.
-
/articles/book-review-cyber-securities/en/smallimage/cybersecurity-logo-small-1607015545941.jpg)
Q&A on the Book Cybersecurity Threats, Malware Trends and Strategies
The book Cybersecurity Threats, Malware Trends and Strategies by Tim Rains provides an overview of the threat landscape over a twenty year period. It provides insights and solutions that can be used to develop an effective cybersecurity strategy and improve vulnerability management.
-
/articles/identity-management-cloud-security/en/smallimage/cloud-s-1597621295998.jpeg)
Identity Mismanagement: Why the #1 Cloud Security Problem Is about to Get Worse
In this article, we'll look at why IAM is becoming such a huge challenge, explain why identity is the new currency, and then reveal some principles that can help you meet this challenge.
-
/articles/devs-working-in-cloud/en/smallimage/devs-working-in-cloud-s-1592488653539.jpg)
Five Reasons to Start Working in the Cloud
Whether self-hosted or managed, this article is going to cover five reasons why a cloud IDE may be precisely what you or your company needs to boost productivity to the next level.
-
/articles/detect-prevent-account-fraud/en/smallimage/What-Is-Account-Creation-Fraud-Complete-Guide-to-Detection-and-Prevention-l-1576744432390.jpg)
What Is Account Creation Fraud? Complete Guide to Detection and Prevention
In this article, we'll take a look at the re-emergence of account creation fraud, and how this type of attack works. Then we'll turn our attention to the impact that this is already having on the way that companies secure their identity management systems, the effects of security measures like virtual private networks (VPN) and password managers, along with what the future will bring.
-
/articles/leaders-guide-cybersecurity/en/smallimage/a-leaders-guide-to-cybersecurity-logo-small-1573485864187.jpg)
Book Review: A Leader's Guide to Cybersecurity
A Leader's Guide to Cybersecurity educates readers about how to prevent a crisis and/or take leadership when one occurs. With a focus on clear communication, the book provides details, examples, and guidance of mapping security against what a business actually does. The book describes ways to align security with the motivation of others who may be security-agnostic against their own goals.
-
/articles/cloud-security-practices-gerg/en/smallimage/Improving-Security-Practices-Cloud-Age-QA-Christopher-Gerg-logo-1569415957274.jpg)
Improving Security Practices in the Cloud Age: Q&A With Christopher Gerg
IT leaders say that security is a top priority. Surveys show that it’s easy to say, and hard to do. InfoQ spoke with Christopher Gerg, CISO at Gillware, about security practices in the cloud age.
-
/articles/notpetya-retrospective/en/smallimage/icon-1560945161288.jpg)
NotPetya Retrospective
As we hit the second anniversary of NotPetya, this retrospective is based on the author’s personal involvement in the post-incident activities. In the immediate aftermath, it seemed like NotPetya could be the incident that would change the whole IT industry, but it wasn’t—pretty much all the lessons learned have been ignored.
-
/articles/improving-cloud-security/en/smallimage/improving-cloud-security-s-1553193784100.jpeg)
Seven Steps for Improving Cloud Security with Business Integration
For business owners and information technology professionals, cloud computing has represented a significant advancement in terms of efficiency and supportability. But like with any major shift in the IT industry, the cloud brings a host of new security risks. Let’s take a look at the most common risks associated with integrating cloud-based business systems and how to manage them appropriately.