InfoQ Homepage Security Vulnerabilities Content on InfoQ
-
Keeping Your Secrets
Dennis Sosnoski explains how supposedly-secure connections can be downgraded to the point where they are easily broken and how even at full strength most forms of encryption are vulnerable to data capture and later decryption if your private keys are exposed. In this article you'll learn some ways of making it more difficult for anyone to see or alter your data exchanges.
-
Application Security Testing: The Double-sided Black Box
In this article, Rohit Sethi discusses one of the biggest risks with software security, the opaque nature of verification tools and processes, and the potential for false negatives not covered by the different verification techniques. He also talks about some examples of security requirements and examines how common verification methods apply to them.
-
Defending against Web Application Vulnerabilities
In this article, authors discuss the security in software development life cycle and how to defend against web application vulnerabilities using techniques like white-box analysis and black-box testing. They also talk about secure coding practices based on the defense-in-depth approach using three lines of defense: input validation, hotspot protection, and output validation.
-
Comparison of Intrusion Tolerant System Architectures
In this IEEE article, authors Quyen L. Nguyen and Arun Sood discuss three types of intrusion tolerant system (ITS) architectures and their efficiency for intrusion tolerance and survivability. For the ITS architectures, they propose a taxonomy with four categories: detection triggered, algorithm driven, recovery based, and hybrid.
-
Virtual Panel: Security Considerations in Accessing NoSQL Databases
NoSQL databases offer alternative data storage options for storing unstructured data compared to traditional relational databases. Though the NoSQL databases have been getting a lot of attention lately, the security aspects of storing and accessing NoSQL data haven't been given much emphasis. This article focuses on the security considerations and best practices in accessing the NoSQL databases.
-
Resilient Security Architecture
In this IEEE article, author John Diamant talks about how to improve security quality of software applications using a proactive approach with techniques like Security requirements gap analysis and Architectural threat analysis in the early phases of software development life cycle.
-
Enhanced Detection of Malware
This article, from Intel, discusses significant new threats to host agents, outlines a generic architecture for malware detection, based on enhanced cloud computing, describes how Intel platform technologies can be used to enhance computing solutions, and ends with a threat analysis of the approaches presented. Malware that masks its presence from traditional security agents is the article focus.
-
The Dark Cloud: Understanding and Defending against Botnets and Stealthy Malware
Botnets are the latest scourge to hit the Internet and this article defines a botnet (a collection of distributed computers or systems that has been taken over by rogue software), examines the botnet life cycle, and presents several promising anti-botnet defense strategies including canary detectors, white lists, and malware traces.