 Cloud and AWS Security Special Report |
| Sponsored by |  |
|
|
| |
| |
| |
| |
| Assuring Crypto-code with Automated Reasoning (presentations, Apr 13, 2017) | | AWS Organizations Offers Centralized Policy-Based Account Management (news, Mar 31, 2017) | | Public Docker Image Vulnerability Research Findings Released (news, Mar 30, 2017) | | Security War Stories: The Battle for the Internet of Things (presentations, Mar 22, 2017) | | A Security Approach for a Cloudy World: An Interview with Pete Cheslock (articles, Mar 17, 2017) |
|
| This eBook provides advice from 10 SecDevOps leaders on how to bake security into DevOps practices rather than treating it as an afterthought. Download Now. Sponsored content |
| |
|
| Top Viewed Content on InfoQ |
|
| Running Docker Containers Securely in Production (news, Dec 17, 2016) | | An Authentication and Authorization Architecture for a Microservices World (presentations, Oct 19, 2016) | | Apache Eagle, Originally from eBay, Graduates to top-level project (news, Jan 24, 2017) | | Apache Ranger Graduates to Top-Level Project (news, Mar 14, 2017) | | A Human Error Took Down AWS S3 US-EAST-1 (news, Mar 03, 2017) |
|
| |
| A recent study has found that 37% of Alexa top 75K websites has at least one vulnerability and almost 10% at least two. Maybe even more shockingly, 26% of Alexa top 500 websites use vulnerable libraries. | | Atlassian has announced two new features aimed to make Bitbucket more secure: IP whitelisting and required two-factor verification. |
|
| Here are the top 10 risks that show up in AWS. Are you making those same mistakes? We bet you are. Download now. Sponsored content |
| |
|
| A buffer overflow bug has caused a small number of requests to Cloudflare proxies to leak data from unrelated requests, including potentially sensitive data such as passwords and other secrets. The issue, which has been named ‘Cloudbleed’, was discovered by Google Project Zero vulnerability researcher Tavis Ormandy. | | HashiCorp have released Terraform 0.9., which includes: significant improvements to how remote state is managed, including state locking, ‘state environments’ and a new centralised initialisation command ‘terraform init’; destroy provisioners that can be configured run before a resource is destroyed; and resource interrupts, allowing the immediate interrupts to be handled with custom logic. | | At QCon London, Matt Long, QA Consultant at OpenCredo presented “Testing Programmable Infrastructure with Ruby”. Key takeaways included: it is possible to test programmable infrastructure at the unit, integration, and acceptance level; Ruby provides the power of a full programming language for integration and acceptance tests, and is often understood by both testers and sysadmins. |
|
| |
| Do enterprise architects still matter? Has a cloud-native development model fundamentally changed how we think about enterprise architecture? In this roundtable with architects, we discuss. |
| |
|
| The orchestration of containers is key for success, and various technologies are competing for market share. This article examines the current tooling and how this relates to deploying microservices. |
| |
|
| HashiCorp's Million Container Challenge is a test for how efficiently its scheduler, Nomad, can schedule one million containers across 5,000 hosts. This post outlines the lessons learned. |
| |
|
| Amazon's AWS Lambda service is a serverless offering that lets us run code without provisioning servers. This article compares the tradeoffs of serverless models with VM/Container based models. |
| |
|
| Here are the 10 best practices you should follow for better cloud security and success in AWS. Download Now. Sponsored content |
| |
|
| |
| Mark Paluch discusses keeping the security bar high while running services that require secrets, securely sharing and managing secrets (certificates, passwords, keys) using Vault and Spring Boot. |
| |
|
| Albert Yu presents a few viable, usable and effective defensive techniques that developers have often overlooked. |
| |
|
| Sergii Khomenko introduces best practices in development, covers production deployments to the AWS stack, and using the serverless architecture for data applications. |
| |
|
| Agim Emruli presents common patterns and best-practices to run the application on the AWS cloud and how to use the platform provided services efficiently. |
| |
|
| Mario Aquino demonstrates deploying services to the AWS Lambda platform, configuring these services, and interacting with them through logging and monitoring. |
| |
|
| |
