InfoQ Homepage Security Content on InfoQ
-
Beyond the Breach: Proactive Defense in the Age of Advanced Threats
Michael Brunton-Spall discusses some of the most advanced attacks that are in the public domain, mostly attributed in public by commercial organizations.
/presentations/security-advanaced-threats/en/mediumimage/michael-medium-1726825001794.jpg)
-
Best Practices to Secure Web Applications
Loiane Groner discusses the best practices for secure coding, input validation techniques, the importance of strategic error handling and logging, and how to manage file uploads safely.
/presentations/practices-web-app-security/en/mediumimage/LoianeGroner-medium-1726126468139.jpg)
-
Risk and Failure on the Path to Staff Engineer
Caleb Hyde discusses their career progression and regressions, as well the context they used to figure out what to work on and whom to work with, distilling a framework to utilize in one’s own work.
/presentations/risk-failure-staff/en/mediumimage/CalebHyde-medium-1719490511687.jpg)
-
Defensible Moats: Unlocking Enterprise Value with Large Language Models
Nischal HP discusses risk mitigation, environmental, social, and governance (ESG) framework implementation to achieve sustainability goals, strategic procurement, spend analytics, data compliance.
/presentations/risk-mitigation-llm/en/mediumimage/NischalHP-medium-1718109596117.jpg)
-
NIST 800-207A: Implementing Zero Trust Architecture
Zack Butcher discusses the forthcoming Special Publication 800-207A on a Zero Trust Architecture (ZTA) model for access control in cloud native applications in multi-location environments.
/presentations/nist-800-207a/en/mediumimage/ZackButcher-medium-1708505687503.jpg)
-
How DoorDash Ensures Velocity and Reliability through Policy Automation
Lin Du discusses the details of their approach at DoorDash; how they enabled their engineers to self-serve infrastructure through policy automation while ensuring both reliability and high velocity.
/presentations/policy-automation-velocity-reliability/en/mediumimage/LinDu-medium-1706689451713.jpg)
-
Sustainable Security Requirements with the ASVS
Josh Grossman provides a brief overview of what the ASVS is, but takes a closer look at balancing trade-offs and prioritizing different security requirements.
/presentations/sustainable-security-requirements-asvs/en/mediumimage/JoshGrossman-medium-1702972626824.jpg)
-
Implementing OSSF Scorecards across an Organization
Chris Swan provides a walkthrough of the steps involved in securing a first repository, and then what it takes to repeat that process across an organization with multiple repos.
/presentations/ossf-scorecard/en/mediumimage/ChrisSwan-medium-1701941256196.jpg)
-
Securing the Software Supply Chain: How in-toto and TUF Work Together to Combat Supply Chain Attacks
Marina Moore covers the fundamentals of both in-toto and TUF, and discusses how to combine them with a real world case study where Datadog has been using two technologies together.
/presentations/software-supply-chain-security/en/mediumimage/Marina-Moore-medium-1700649886194.jpg)
-
The Many Facets of “Identity”
Radia Perlman describes what aspects of identity and authentication blockchain might address, and compares a “blockchain“ approach with what is deployed today.
/presentations/identity-blockchain/en/mediumimage/Radia-Perlman-medium-1700038377021.jpg)
-
Security Checks Simplified: How to Implement Best Practices with Ease
Varun Sharma, CEO of StepSecurity, talks about OpenSSF Scorecard, a tool that assesses how well a code repository follows security best practices.
/presentations/openssf-scorecard/en/mediumimage/Varun-Sharma-medium-1699526223372.jpeg)
-
Celebrity Vulnerabilities: Effective Response to Critical Production Threats
Alyssa Miller dives into the lessons learned from three major open source security events, the Equifax breach via Struts, the Log4j vulnerabilities and the Spring4Shell exploit.
/presentations/security-equifax-log4j-sprin4shell/en/mediumimage/AlyssaMiller-medium-1695196099256.jpg)