BT

Facilitating the Spread of Knowledge and Innovation in Professional Software Development

Write for InfoQ
News Articles Presentations Podcasts Guides

Topics

Choose your language

QCon San Francisco - image
QCon San Francisco

Level up your software skills by uncovering the emerging trends you should focus on. Register now.

 QCon London - image
QCon London

Discover emerging trends, insights, and real-world best practices in software development & tech leadership. Join now.

 QCon London - image
InfoQ Dev Summit Boston

Learn how senior software developers are solving the challenges you face. Register now with early bird tickets.

 The Software Architects Newsletter - image
The Software Architects' Newsletter

Your monthly guide to all the topics, technologies and techniques that every professional needs to know about. Subscribe for free.

InfoQ Homepage Security Content on InfoQ

Articles

RSS Feed
Newer Older

  • Regulatory Compliant Cloud Computing: Rethinking web application architectures for the cloud

    Not all data is sensitive and hence an equal and balanced investment in securing all data categories is not justified. This article presents an architecture that leverages cloud-computing, cloud-storage and enterprise key-management Infrastructure(EKMI) to lower costs while complying to data-security regulations.

    Arshad Noor
    on Dec 16, 2011

  • Introduction to Cloud Security Architecture from a Cloud Consumer's Perspective

    Security concerns are the number one barrier to cloud services adoption. How do we evaluate a vendor's solution? What is an optimal security architecture? What are consumer versus provider responsibilities? What are industry standard patterns in this regard? This article answers some of these questions based on first hand experience dealing with large scale cloud adoption.

    Subra Kumaraswamy
    on Dec 07, 2011

  • Comparison of Intrusion Tolerant System Architectures

    In this IEEE article, authors Quyen L. Nguyen and Arun Sood discuss three types of intrusion tolerant system (ITS) architectures and their efficiency for intrusion tolerance and survivability. For the ITS architectures, they propose a taxonomy with four categories: detection triggered, algorithm driven, recovery based, and hybrid.

    Quyen L. Nguyen Arun Sood
    on Nov 25, 2011

  • Virtual Panel: Security Considerations in Accessing NoSQL Databases

    NoSQL databases offer alternative data storage options for storing unstructured data compared to traditional relational databases. Though the NoSQL databases have been getting a lot of attention lately, the security aspects of storing and accessing NoSQL data haven't been given much emphasis. This article focuses on the security considerations and best practices in accessing the NoSQL databases.

    Srini Penchikala
    on Nov 15, 2011

  • Developer-Driven Threat Modeling

    Threat modeling is critical for assessing and mitigating the security risks in software systems. In this IEEE article, author Danny Dhillon discusses a developer-driven threat modeling approach to identify threats using the dataflow diagrams.

    Danny Dhillon
    on Nov 11, 2011

  • Mobile Attacks and Defense

    In this IEEE article, author Charlie Miller talks about the mobile security vulnerabilities. He explains how smart phones are becoming targets of attackers and discusses security models of two smart phone operating systems: Apple's iOS and Google's Android. The attackers can get remote code to run on a mobile device in two ways: mobile malware and drive-by downloads.

    Charlie Miller
    on Oct 17, 2011

  • Agile is at a crossroad: Scale or fail?

    Risk management is the hottest topic in IT. Processes for effective risk management and investment decision making will allow Agile techniques to scale beyond projects to the enterprise. Without them, Agile will be confined to the ghetto of development. In this article Chris and Olav present some tools and techniques to identify and manage risks on Agile projects.

    Olav Maassen Chris Matts
    on Oct 14, 2011

  • Resilient Security Architecture

    In this IEEE article, author John Diamant talks about how to improve security quality of software applications using a proactive approach with techniques like Security requirements gap analysis and Architectural threat analysis in the early phases of software development life cycle.

    John Diamant
    on Sep 27, 2011

  • Architecting a Cloud-Scale Identity Fabric

    In this IEEE article, author Eric Olden discusses an identity fabric that links multiple applications to a single identity to manage the volume of user identities that network administrators must secure and to enable a full-scale cloud adoption.

    Eric Olden
    on Jun 29, 2011

  • Interview and Book Excerpt: CERT Resilience Management Model

    CERT Resilience Management Model (CERT-RMM), developed at Software Engineering Institute (SEI), defines the processes for managing operational resilience in complex risk-evolving environments. InfoQ spoke with Rich Caralli, Technical Manager of the CERT Resilient Enterprise Management Team, about RMM framework and the book he co-authored.

    Srini Penchikala
    on May 30, 2011

  • A Process for Managing Risks in Distributed Teams

    In this IEEE article, John Stouby Persson and Lars Mathiassen discuss a process for managing risks associated in managing the distributed software projects. The process includes identifying and analyzing distributed-team risks in the areas of task distribution, geographical and cultural distribution, stakeholder relations and communication infrastructure.

    Lars Mathiassen John Stouby Persson
    on May 10, 2011

  • Threat Modeling Express

    In this article, authors Rohit Sethi and Sahba Kazerooni discuss an agile threat modeling approach called "Threat Modeling Express" that can be used to collaboratively define threats and countermeasures based on the business priorities.

    Rohit Sethi Sahba Kazerooni
    on May 09, 2011
Newer Articles
Older Articles
BT