Security Special NewsletterIn this special newsletter we bring you up to date on all the new content and news related to Security on InfoQ. We are also maintaining a portal page for all this content on InfoQ at: http://www.infoq.com/security.
Latest Security Content on InfoQ
#1 All Android Versions May Be Affected by Dirty COW Linux Vulnerability (news, Oct 26, 2016)
#2 An Authentication and Authorization Architecture for a Microservices World (presentations, Oct 19, 2016)
#3 What I Learned from Four Years of Science-ing the Crap out of DevOps (presentations, Sep 22, 2016)
#4 Ethereum Security Alert Issued, Ethereum Foundation Responds with "From Shanghai, With Love" (news, Sep 19, 2016)
#5 Banking from the Future: Cryptocurrency Key Storage (presentations, Sep 11, 2016)
Top Viewed Security Content on InfoQ
#1 A Reference Architecture for the Internet of Things (articles, Jan 29, 2016)
#2 Ways to Make Code Reviews More Effective (articles, Oct 01, 2016)
#3 Docker and High Security Microservices: A Summary of Aaron Grattafiori's DockerCon 2016 Talk (news, Aug 14, 2016)
#4 .NET 4.6.2 Preview Brings Security and WPF Features (news, Apr 05, 2016)
Top News
Box Introduces Four New Security and Governance APIs
The content management company Box recently announced the arrival of four security and governance APIs. These APIs are aimed at helping companies handle legal, security, and compliance needs better.
Stormpath's Java SDK 1.0 Released
This week Stormpath released version 1.0 of their user management and authentication Java SDK. Stormpath generally provides APIs for implementing authentication, authorization and user management in web and mobile applications, including open source implementations, targeting a range of languages and frameworks.
Mozilla's Observatory Website Security Analysis Tool Available
Mozilla has launched their website security analysis tool. Dubbed Observatory, the tool helps to spread information on best security practices to developers and sys admins in need of guidance.
Modern iOS Application Security
At QCon New York 2016, Trail of Bits CEO and security expert Dan Guido explained how to keep iOS apps secure. This includes correctly using all iOS security provisions, without forgetting that your app might be running on a jailbroken phone.
Microsoft Launches Azure Information Protection for Documents
Microsoft launched Azure Information Protection (AIP) in early June 2016. The service aims to enable easy classification of documents both for security and taxonomy.
Top Articles
The InfoQ Podcast: Shuman Ghosemajumder on Security and Cyber-Crime
In this week's podcast, professor Barry Burd talks to Shuman Ghosemajumder VP of product management at Shape Security on Security and Cyber-Crime at QCon New York 2016.
A Reference Architecture for the Internet of Things (Part 2)
This is the second article of a two article series in which we try to work from an abstract level of IoT reference architectures towards a concrete architecture for actual use cases.
Article Series: Containers in the Real World - Stepping Off the Hype Curve
This article series explains how containers are actually being used within the enterprise.
Is HyperContainer the Answer for Cloud Native Applications?
Xu Wang introduces HyperContainer, a runtime for running Docker images on any hypervisor, providing hardware-enforced isolation for multi-tenant environments.
Securing the Modern Software Delivery Lifecycle
Security has evolved to be pretty good at granting and managing access to confidential information - by people. But automation is taking over, requiring a shift in how we secure our infrastructure.
Top Presentations
Real-Time Fraud Detection with Graphs
Jim Webber talks about several kinds of fraud common in financial services and how each decomposes into a straightforward graph use-case. He explores them using Neo4j and Cypher query language.
The Nihilist's Guide to Wrecking Humans & Systems
Christina Camilleri talks about how social engineering can be used in conjunction with technical attacks to create sophisticated and destructive attack chains and shares some real world war stories.
Scala, ECS, and Docker: Delayed Execution @Coursera
Brennan Saeta talks about aspects of Coursera's architecture that enable them to rapidly build sophisticated features for their learning platform, the use of containers and security-related issues.
Automating Security at Slack
Ryan Huber talks about some of the ways Slack approaches collecting, inspecting, and communicating security information to the security team and to the individuals in their organization.
Hands on Spring Security
Rob Winch discusses how to rapidly and correctly apply Spring Security to an existing application. Rob demos security exploits and shows how to mitigate them, answers frequently asked questions.
| CONTENT IN THIS BOX PROVIDED BY OUR SPONSOR |  |
Increase security on compromised platforms with Intel® SGX.
An Intel technology for application developers who are seeking to protect select code and data from disclosure or modification.
A Developer’s Perspective.
Developers have long been constrained by the security capabilities that major platform providers have exposed for application development. How Bromium and wolfSSL employ Intel® SGX to create more secure, next-generation solutions.
Protect Application Code, Data, & Secrets from Attack.
Developers can partition their application into CPU hardened “enclaves†or protected areas of execution that increase security even on compromised platforms.
Intel Software Guard Extensions (SGX) for Dummies.
At its root, Intel® SGX is a set of new CPU instructions that can be used by applications to set aside private regions of code and data.
Follow Intel on:
