InfoQ Homepage Security Content on InfoQ
-
/articles/work-with-auditors-influence-experience/en/smallimage/how-to-work-with-your-auditors-to-influence-a-better-audit-experience-small-1700211878723.jpg)
How to work with Your Auditors to Influence a Better Audit Experience
It is possible to influence a better audit experience, transforming it from a check-the-box exercise with little perceived value to one of true value that helps set you up for success, and with way less pain. This article explores how to experiment with adding agility into audit work while auditing a client, which can lead to better outcomes for you and your auditors.
-
/articles/dealing-with-java-cves/en/smallimage/dealing-with-Java-CVEs-discovery-detection-analysis-and-resolution-small-1694161273156.jpg)
Dealing with Java CVEs: Discovery, Detection, Analysis, and Resolution
This article delves into the importance of integrating Software Composition Analysis (SCA) in CI/CD pipelines for security. It highlights the need for human oversight to accurately assess vulnerability impact and cautions against "alert fatigue." The article also recommends specialized tools for effective vulnerability management.
-
/articles/debugging-production-ebpf-chaos/en/smallimage/debugging-production-eBPF-chaos-small-1686746361099.jpg)
Debugging Production: eBPF Chaos
This article shares insights into learning eBPF as a new cloud-native technology which aims to improve Observability and Security workflows. You’ll learn how chaos engineering can help, and get an insight into eBPF based observability and security use cases. Breaking them in a professional way also inspires new ideas for chaos engineering itself.
-
/articles/learning-ebpf-observability/en/smallimage/learning-eBPF-for-better-observability-small-1684247266792.jpg)
Learning eBPF for Better Observability
This article shares insights into learning eBPF as a new cloud-native technology which aims to improve Observability and Security workflows. Learn how to practice using the tools, and dive into your own development. Iterate on your knowledge step-by-step, and follow-up with more advanced use cases later.
-
/articles/devops-security-best-practices/en/smallimage/when-DevOps-meets-security-to-protect-software-small-1680083278523.jpg)
When DevOps Meets Security to Protect Software
Security can no longer be an afterthought in the software development process. Collaboration between security and development needs to happen early to be effective.
-
/articles/secure-software-development-gitops/en/smallimage/accelerating-secure-software-delivery-lifecycle-with-GitOps-small-1679658720410.jpg)
Accelerating the Secure Software Delivery Lifecycle with GitOps
Building secure software can be complicated and time-consuming. By employing a GitOps model, security can be safely separated from development, simplifying the delivery process and increasing velocity.
-
/articles/creating-decentralized-apps/en/smallimage/LOGO-1676916574942.jpg)
The Process of Creating Decentralized Apps (dApps)
A decentralized application has a different architectural approach; they are working on distributed ledger technology called blockchain, where there is no central point of failure nor third parties involved. A revolutionary and attractive technology for new opportunities. This article covers creating such applications and why they are needed, as well as challenges during implementation.
-
/articles/secure-delivery-workflow/en/smallimage/logo-1675435091128.jpg)
Secure Delivery: Better Workflows for Secure Systems and Pain-Free Delivery
The software delivery process has been transformed in the last decade; we’ve adopted well-understood workflows around functions such as testing, release management and operational support. In this article we'll explore the impact that security workflows have on software delivery, explain the root causes and share battle-proven techniques to show how we can make delivering secure software easier.
-
/articles/data-protection-federal/en/smallimage/logo-1673874259012.jpg)
Data Protection Methods for Federal Organizations and beyond
The Federal Data Strategy describes a plan to “accelerate the use of data to deliver on mission, serve the public, and steward resources while protecting security, privacy, and confidentiality." This article covers what it is and how it can be applied to any organization.
-
/articles/pipeline-quality-gates/en/smallimage/importance-of-pipeline-quality-gates-and-how-to-implement-them-small-1671622799937.jpg)
The Importance of Pipeline Quality Gates and How to Implement Them
A quality gate is an enforced measure built into your pipeline that the software needs to meet before it can proceed. This article covers how to get the maximum benefit from quality gates. Making good use of quality gates not only can improve the quality of your software, but it can also improve your delivery speed.
-
/articles/api-security-zero-trust/en/smallimage/logo-1669651461014.jpg)
API Security: from Defense-in-Depth (DiD) to Zero Trust
Nearly all companies have experienced security incidents but few have an API security policy that includes dedicated API testing and protection. A defense-in-depth approach that includes boundary defense, observability, and authentication is recommended.
-
/articles/anatomy-code-obfuscation/en/smallimage/logo-1667849003893.jpg)
Who Moved My Code? An Anatomy of Code Obfuscation
In this article, we introduce the topic of code obfuscation, with emphasis on string obfuscation. Obfuscation is an important practice to protect source code by making it unintelligible. Obfuscation is often mistaken with encryption, but they are different concepts. In the article we will present a number of techniques and approaches used to obfuscate data in a program.