Tag: Infosec

• Best practices for Node.js security

  Posted on May 15, 2021, Level beginner Resource Length medium

  Like any other programming language or framework, Node.js is susceptible to every type of web app exposure. Although the basis of Node.js is secure, third-party packages may need more security standards to safeguard your web app. The study says that 14% of the NPM (Node Package Manager) ecosystem is impacted and 54% of the NPM ecosystem is about to be impacted indirectly. By Kiran Malvi.

  ---

  Tags infosec web-development nodejs javascript

• Defenseless: UVA engineering computer scientists discover vulnerability affecting computers globally

  Posted on May 7, 2021, Level beginner Resource Length medium

  In 2018, industry and academic researchers revealed a potentially devastating hardware flaw that made computers and other devices worldwide vulnerable to attack. Since Spectre was discovered, the world's most talented computer scientists from industry and academia have worked on software patches and hardware defenses, confident they've been able to protect the most vulnerable points in the speculative execution process without slowing down computing speeds too much. By Audra Book @virginia.edu.

  ---

  Tags infosec management cio miscellaneous software linux servers crypto

• How to establish a DevSecOps organization

  Posted on April 29, 2021, Level intermediate Resource Length long

  DevSecOps integrates automated security checks and hardening into every stage of the software development and deployment process. Practitioners aim to have risk-checked applications fully developed and into production at the speed the business needs, making continuous incremental improvements. By Chris Buijs.

  ---

  Tags infosec devops management cio kubernetes

• Worst nightmare cyberattack: The untold story of the SolarWinds hack

  Posted on April 16, 2021, Level beginner Resource Length long

  The routine software update may be one of the most familiar and least understood parts of our digital lives. By Dina Temple Raston.

  ---

  Tags infosec cio management software crypto servers

• Malicious PDFs: Revealing the techniques behind the attacks

  Posted on April 9, 2021, Level beginner Resource Length medium

  Most of us are no strangers to phishing attempts, and over the years we've kept you informed about the latest tricks used by attackers in the epidemic of phishing and spear-phishing campaigns that plague, in particular, email users. This is an older but useful article by Phil Stokes.

  ---

  Tags infosec cio cloud learning

• In-depth dive into security features of Intel/Windows platform secure boot process

  Posted on April 7, 2021, Level advanced Resource Length long

  This blog post is an in-depth dive into the security features of the Intel/Windows platform boot process. In this post I'll explain the startup process through security focused lenses, next post we'll dive into several known attacks and how they were handled by Intel and Microsoft. By Igor Bogdanov.

  ---

  Tags infosec cio cloud miscellaneous learning performance

• Study reveals the state of mobile application security

  Posted on March 28, 2021, Level beginner Resource Length medium

  The Synopsys Cybersecurity Research Center (CyRC) analyzed more than 3,000 popular Android applications to assess the state of mobile app security during the COVID-19 pandemic. By @securitymagazine.com.

  ---

  Tags infosec ios android software-architecture cloud cio app-development

• How to mitigate Low-Code security risks

  Posted on March 25, 2021, Level beginner Resource Length long

  Gartner predicts that by the end of 2025, over 65% of development projects will use low-code builders. The field of low-code continues to expand. But what security implications does low-code introduce? By Bill Doerrfel.

  ---

  Tags infosec cloud cio software software-architecture cicd

• Browser attack allows tracking users online with JavaScript disabled

  Posted on March 11, 2021, Level beginner Resource Length short

  Researchers have discovered a new side-channel that they say can be reliably exploited to leak information from web browsers that could then be leveraged to track users even when JavaScript is completely disabled. By Ravie Lakshmanan.

  ---

  Tags infosec javascript browsers web-development

• How to build a serverless real-time credit card fraud detection solution

  Posted on March 7, 2021, Level intermediate Resource Length medium

  As businesses continue to shift toward online credit card payments, there is a rising need to have an effective fraud detection solution capable of real-time, actionable alerts. By Polong Lin and Pavan Kattamuri.

  ---

  Tags serverless gcp infosec cloud

• How to protect sensitive data for its entire lifecycle in AWS

  Posted on February 28, 2021, Level intermediate Resource Length long

  Many Amazon Web Services (AWS) customer workflows require ingesting sensitive and regulated data such as Payments Card Industry (PCI) data, personally identifiable information (PII), and protected health information (PHI). In this post, I'll show you a method designed to protect sensitive data for its entire lifecycle in AWS. By Raj Jain.

  ---

  Tags infosec web-development cio app-development apis

• Security logging in cloud environments - AWS

  Posted on February 26, 2021, Level intermediate Resource Length long

  If you had to architect a multi-account security logging strategy, where should you start? This blog, part of the "Continuous Visibility into Ephemeral Cloud Environments" series, will describe a design for a state of the art multi-account security-related logging platform in AWS. By Marco Lancini.

  ---

  Tags cloud infosec monitoring aws

• ← Newer Posts
• Older Posts →