BT
Development Follow 547 Followers

PGP and S/MIME Encrypted Email Vulnerable to Efail Attack

by Sergio De Simone Follow 12 Followers on  May 18, 2018

A group of German and Belgian researchers found that PGP and S/MIME are vulnerable to an attack that leaks the plaintext of encrypted emails. The Electronic Frontier Foundation confirmed the vulnerability and suggested to use alternative means to exchange secure messages. Yet, the vulnerability is not in PGP itself, according to GnuPG creator Werner Koch, who also said EFF comments were overblown.

Culture & Methods Follow 577 Followers

Q&A with Laura Bell on Continuous Security at QCon London

by Laura Bell Follow 1 Followers , Rafiq Gemmail Follow 6 Followers on  Mar 07, 2018

Q&A with Laura Bell at QCon London. We discuss her keynote, continuous security and her own professional security journey.

DevOps Follow 707 Followers

Chef Enhances Cloud Security Automation in InSpec 2.0

by Helen Beal Follow 4 Followers on  Feb 27, 2018

Continuous automation vendor, Chef, has announced the availability of InSpec 2.0, a new version of Chef’s free open source tool that enables DevOps and cross-functional application, infrastructure and security teams to express security and compliance rules as code and assess and remediate compliance issues through the entire software delivery life cycle.

DevOps Follow 707 Followers

NIST Publishes Guidelines on Application Container Security

by Hrishikesh Barua Follow 12 Followers on  Dec 04, 2017

The National Institute of Standards and Technology (NIST) published a bulletin on application container technology and its most notable security challenges. The report is a summary of two previous bulletins outlining vulnerability areas including image, registry, orchestrator, container, host OS, and hardware, and their countermeasures.

DevOps Follow 707 Followers

Serverless Challenges in Hybrid Environments

by Manuel Pais Follow 9 Followers on  Nov 30, 2017

Sam Newman, independent consultant and author of the book "Building Microservices", talked at the Velocity conference in London on the challenges faced when hybrid systems rely on both serverless architectures and traditional infrastructure. In particular, Newman discussed how serverless changes our notion of resiliency and how the two paradigms clash at times of high load in the system.

Java Follow 835 Followers

Java EE Security API (JSR-375) Approved

by Matt Raible Follow 11 Followers on  Sep 07, 2017

The Java EE Security API, JSR 375, was approved in early August. All members of the JCP Executive Committee voted “Yes”, with zero “No” votes. Intel Corp. did not vote on the JSR.

DevOps Follow 707 Followers

Active Management of Open Source Components Delivers Measurable Improvements Claims Sonatype Report

by Helen Beal Follow 4 Followers on  Jul 31, 2017

When organisations actively manage the quality of open source components in software applications they see a 28% improvement in developer productivity (through reduction in manual governance), a 30% reduction in overall development costs, and a 48% increase in application quality (as application vulnerabilities are removed early reducing their incidence in production).

Cloud Follow 251 Followers

AWS Web Application Firewall: Bolt-on Security for Insecure Websites

by Elton Stoneman Follow 2 Followers on  Jul 28, 2017

AWS Web Application Firewall inspects traffic coming into your web application, looking for suspicious activity. It can pass good requests onto your application and block requests that match common attack vectors - like SQL injection. WAF can add a layer of security onto an existing application without changing the app.

.NET Follow 326 Followers

Microsoft Previews Bug and Security Risk Detection on Windows and Linux

by Abel Avram Follow 7 Followers on  Jul 22, 2017

Microsoft has made available Project Springfield as an Azure service preview called Microsoft Security Risk Detection (MSRD) for detecting code bugs and security vulnerabilities in Windows and Linux applications.

DevOps Follow 707 Followers

Sonatype Acquires Vor Security to Expand Nexus Open-Source Component Support

by Helen Beal Follow 4 Followers on  Jun 30, 2017

Sonatype announced the acquisition of Vor Security to extend their open-source component intelligence solutions’ coverage to include Ruby, PHP, CocoaPods, Swift, Golang, C, and C++.

AI, ML & Data Engineering Follow 763 Followers

Apache Metron Graduates to Top-Level Project

by Dylan Raithel Follow 9 Followers on  May 18, 2017

Hortonworks and Apache announce graduation of Metron, a realtime big data security platform to top-level project at the ASF.

Architecture & Design Follow 1880 Followers

Authentication Strategies in Microservices Systems

by Jan Stenberg Follow 29 Followers on  Dec 08, 2016 3

Software security is a complex problem, and is becoming even more complex using Microservices where each service has to deal with security, David Borsos explained at the recent Microservices Conference in London, during his presentation evaluating four end-user authentication options within a microservice based systems.

Architecture & Design Follow 1880 Followers

Microservices and Security

by Jan Stenberg Follow 29 Followers on  Nov 15, 2016

When it comes to application security, we often include it as an afterthought. We have learnt how to add test into the development workflows, but with security we often assume someone else will come and fix it later on, Sam Newman claimed in his keynote at this year’s Microservices Conference in London.

Java Follow 835 Followers

Stormpath's Java SDK 1.0 Released

by Matt Raible Follow 11 Followers on  Aug 31, 2016

This week Stormpath released version 1.0 of their user management and authentication Java SDK. Stormpath generally provides APIs for implementing authentication, authorization and user management in web and mobile applications, including open source implementations, targeting a range of languages and frameworks.

JavaScript Follow 345 Followers

Mozilla's Observatory Website Security Analysis Tool Available

by David Iffland Follow 4 Followers on  Aug 31, 2016

Mozilla has launched their website security analysis tool. Dubbed Observatory, the tool helps to spread information on best security practices to developers and sys admins in need of guidance.

Login to InfoQ to interact with what matters most to you.


Recover your password...

Follow

Follow your favorite topics and editors

Quick overview of most important highlights in the industry and on the site.

Like

More signal, less noise

Build your own feed by choosing topics you want to read about and editors you want to hear from.

Notifications

Stay up-to-date

Set up your notifications and don't miss out on content that matters to you

BT