InfoQ Homepage Security Vulnerabilities Content on InfoQ
-
/articles/dealing-with-java-cves/en/smallimage/dealing-with-Java-CVEs-discovery-detection-analysis-and-resolution-small-1694161273156.jpg)
Dealing with Java CVEs: Discovery, Detection, Analysis, and Resolution
This article delves into the importance of integrating Software Composition Analysis (SCA) in CI/CD pipelines for security. It highlights the need for human oversight to accurately assess vulnerability impact and cautions against "alert fatigue." The article also recommends specialized tools for effective vulnerability management.
-
/articles/assessing-security-risks/en/smallimage/logo-1648281937034.jpg)
Strategies for Assessing and Prioritizing Security Risks Such as Log4j
The evolving threat landscape requires a comprehensive approach to mitigation. An effective strategy is built on visibility, assessing vulnerabilities in context, effective use of filtering technologies, and monitoring for evidence of intrusion.
-
/articles/hardening-iiot-best-practices/en/smallimage/how-to-harden-applications-against-IIoT-security-threats-small-1635778643071.jpg)
How to Harden Applications against IIoT Security Threats
This article will explore two sides of the IIoT security equation: understanding how and why IIoT systems can become vulnerable to hacking attempts, and which solutions and strategies are available to harden them. It will provide also a set of best practices to address IoT security concerns.
-
/articles/DevSecOps-shiftleft-cybersecurity/en/smallimage/logo-1632922735916.jpg)
Virtual Panel: DevSecOps and Shifting Security Left
Recent attacks, that targeted SolarWinds, Colonial Pipeline, and others, have shown that development environments come ever more frequently on the radar of malicious actors. A virtual panel on the value of shifting left security, how to take responsibility for it, and the time-to-market pitfalls.
-
/articles/book-review-cyber-securities/en/smallimage/cybersecurity-logo-small-1607015545941.jpg)
Q&A on the Book Cybersecurity Threats, Malware Trends and Strategies
The book Cybersecurity Threats, Malware Trends and Strategies by Tim Rains provides an overview of the threat landscape over a twenty year period. It provides insights and solutions that can be used to develop an effective cybersecurity strategy and improve vulnerability management.
-
/articles/cybersecurity-pain-points/en/smallimage/three-major-cybersecurity-pain-posts-address-improved-threat-defense-l-1570618911328.jpg)
Three Major Cybersecurity Pain Points to Address for Improved Threat Defense
Three pain points every company must address when addressing cybersecurity include threat volume and complexity, a growing cybersecurity skills gap, and the need for threat prioritization. This article describes each of these in some detail, and includes recommendations for corporations to deal with them.
-
/articles/book-review-bug-hunting/en/smallimage/real-world-bug-hunting-qa-1570538890072.jpg)
Q&A on the Book Real-World Bug Hunting
The book Real-World Bug Hunting by Peter Yaworski is a field guide to finding software vulnerabilities. It explains what ethical hacking is, explores common vulnerability types, explains how to find them, and provides suggestions for reporting bugs while getting paid for doing so.
-
/articles/vulnerability-open-source/en/smallimage/logo-1527429788430.jpeg)
How to Deal with Open Source Vulnerabilities
Despite the shockwaves following the Equifax hack in September 2017, the industry still has a long way to go in protecting their products. A key area to focus on is the open source components that comprise 60-80% of the code base in modern applications. Learn how to detect vulnerable open source components and keep your products secure.
-
/articles/building-continuous-security-containers-deployment/en/smallimage/logo-small-1506666541458.jpg)
A 4-Step Guide to Building Continuous Security into Container Deployment
Containers face security risks at every stage, from building to shipping to the run-time production phases. Securing them requires a layered strategy throughout the stack and the deployment process.
-
/articles/beyond-blacklisting-cyberdefense-advanced-persistent-threats/en/smallimage/logo.jpg)
Beyond Blacklisting: Cyberdefense in the Era of Advanced Persistent Threats
In this article, authors discuss the security vulnerabilities in software applications and how whitelisting approach has advantages over blacklisting. They also talk about how to implement the whitelisting security policies and cost involved with it.
-
/articles/employing-enterprise-architecture-for-applications-assurance/en/smallimage/logo.jpg)
Employing Enterprise Architecture for Applications Assurance
In this article, authors discuss how enterprise, software, and security architects can improve software assurance by using the enterprise architecture to promulgate the software security controls. They also talk about other security model components like threat modeling, attack trees, secure design patterns, and misuse cases.
-
/articles/personae-non-gratae/en/smallimage/logo.png)
How Well Do You Know Your Personae Non Gratae?
In this article, author discusses three techniques to defend against malicious users in software systems. These techniques includes creating personas to think strategically about the mischief a malicious user might attempt, misuse cases used to determine how the software should respond to unintended use, and activity diagrams annotated with security concerns.