InfoQ Homepage Security Content on InfoQ
-
Security Checks Simplified: How to Implement Best Practices with Ease
Varun Sharma, CEO of StepSecurity, talks about OpenSSF Scorecard, a tool that assesses how well a code repository follows security best practices.
/presentations/openssf-scorecard/en/mediumimage/Varun-Sharma-medium-1699526223372.jpeg)
-
Celebrity Vulnerabilities: Effective Response to Critical Production Threats
Alyssa Miller dives into the lessons learned from three major open source security events, the Equifax breach via Struts, the Log4j vulnerabilities and the Spring4Shell exploit.
/presentations/security-equifax-log4j-sprin4shell/en/mediumimage/AlyssaMiller-medium-1695196099256.jpg)
-
A Big Dashboard of Problems: Creating Preventative Security Strategies
Travis McPeak explores the forefront of simple and effective preventative security strategies.
/presentations/security-strategies/en/mediumimage/TravisMcPeak-medium-1694080110711.jpeg)
-
Programming Your Policies: Exploring Open Policy Agent and More
Justin Cormack discusses how to deal with policies, what the business drivers are, how it affects developers, compliance and security departments, and the cultural and communication changes there.
/presentations/policy-dealing-with/en/mediumimage/Justin-Cormack-medium-1691573825461.jpg)
-
Beyond Default Settings: Evaluating the Security of Kubernetes and Cloud Native Environments
The panelists discuss default configurations, authentication, and access control mechanisms in the context of what Kubernetes brings to the table in terms of security.
/presentations/kubernetes-security-cloud-native/en/mediumimage/infoq-live-logo-medium-1689140474654.jpg)
-
Log4Shell Response Patterns & Learnings from Them
Tapabrata Pal describes three broad categories of enterprises based on their responses to Log4Shell and identifies the key characteristics of each of these patterns.
/presentations/log4shell-security-response-patterns/en/mediumimage/tapabrata-pal-medium-1683102660516.jpg)
-
Securing Microservices: Preventing Vulnerability Traversal
Stefania Chaplin is looking at OWASP recommendations and Kubernetes best practices to find out more about how to secure microservices and reduce vulnerability traversal.
/presentations/secure-microservices/en/mediumimage/Stefania Chaplin-m-1674204811056.jpg)
-
Best Practices for API Quality and Security
The panelists discuss how to improve quality and security in API design and management, what the biggest challenges are and how to address them.
/presentations/api-design-quality-security/en/mediumimage/infoq-live-logo-m-1671624167850.jpg)
-
Vulnerability Inbox Zero
Alex Smolen discusses dealing with security vulnerabilities both in the main product and the security scanner used to analyze it.
/presentations/analyze-vulnerabilities-scanner/en/mediumimage/alex-smolen-m-1670589517338.jpg)
-
Slack’s DNSSEC Rollout: Third Time’s the Outage
Rafael de Elvira Tellez discusses a case study of what happened when a large SaaS company enabled DNSSEC.
/presentations/slack-dnssec/en/mediumimage/qcon-plus-m-1667821196539.jpeg)
-
Securing APIs and Microservices in the Cloud
Stefania Chaplin discusses how to secure APIs and microservices in the cloud based on OWASP recommendations.
/presentations/owasp-secure-api-cloud/en/mediumimage/Stefania Chaplin-m-1667476193319.jpg)
-
Implementing Passwordless Logins with WebAuthn Protocol
Adib Saikali overviews the Web Authentication protocol which enables secure user-friendly authentication processes. He is using a sample Spring Security-based application.
/presentations/webauthn/en/mediumimage/Adib-Saikali-medium-1666879315923.jpg)